<div dir="auto">Hello,<div dir="auto"><br></div><div dir="auto">It looks like your "anonymous user" does not has any GUI authorization. Did you make sure that your anonymous user already exists in Midpoint and has a role with some GUI authorizations?</div><div dir="auto"><br></div><div dir="auto">By the way, if you manage to make the SAML SP signing work, please let me know, this is still a blocker for me.</div><div dir="auto"><br></div><div dir="auto">-Frederic</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 25, 2021, 20:43 Tomáš via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank" rel="noreferrer">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span style="font-size:10pt;font-family:sans-serif">Hallo I would like
to inform if somebody did not strugle with simmilar trouble.</span>
<br>
<br><span style="font-size:10pt;font-family:sans-serif">I am trying toi
work with midPoint as Service Procider and RH SSo as Identity provider,<br>
<br>
I succesfuly did folowing:</span>
<ol>
<li value="1">
<li value="1"><span style="font-size:10pt;font-family:sans-serif">apply
saml2 modul and sequence </span>
<ol>
<li value="1"><span style="font-size:10pt;font-family:sans-serif">json.securityPolicy.authentication.sequence[0].<a href="http://module.name" rel="noreferrer noreferrer" target="_blank">module.name</a>
= "<b>rhSamlSso300</b>";</span>
<li value="2"><span style="font-size:10pt;font-family:sans-serif">json.securityPolicy.authentication.modules.saml2[1].name
=<b> "rhSamlSso300";</b></span></li></li></ol>
<li value="2"><span style="font-size:10pt;font-family:sans-serif">exchanged
metadata between midPoint and Rh SSO</span>
<li value="3"><span style="font-size:10pt;font-family:sans-serif">midPoint
sent request to Rh SSO</span>
<li value="4"><span style="font-size:10pt;font-family:sans-serif">RH SSO
displayed loginForm,</span>
<li value="5"><span style="font-size:10pt;font-family:sans-serif">RH sent
response to midPoint</span>
<ol>
<li value="1"><span style="font-size:10pt;font-family:sans-serif">with expected
username <i>(</i></span><span style="font-size:12pt;color:#4f4f4f;font-family:Consolas"><i>AttributeStatement:
* username = thus</i></span><span style="font-size:12pt"><i> </i></span><span style="font-size:10pt;font-family:sans-serif"><i>)</i></span>
<li value="2"></li></li></ol></li></li></li></li></li></li></ol><span style="font-size:10pt;font-family:sans-serif">But
midpoint is unable to to make authorisation decison with following stack.</span>
<br><span style="font-size:10pt;font-family:sans-serif"><b>com.evolveum.midpoint.web.security.MidPointGuiAuthorizationEvaluator.decide</b><br>
<br>
<br>
</span><img src="cid:_1_0E4109080E41066C0066D14DC12586E0" style="border:0px solid">
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" rel="noreferrer noreferrer" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>