<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Guys<br><div><br></div><div><div>I configured Midpoint to use Flex Authentication.</div><div>In my configuration, I used the SAML2 module, when I try to authenticate to Midpoint I get the information</div><div><b>"List of Identity Providers is empty"</b></div><div><b>"Select an Identity Provider"</b></div><div>I enabled debug to try to understand what might be wrong but I couldn't identify relevant information. </div></div><div><br></div><div><b>Midpoint Version:</b> 4.3.1<br></div><div><br></div><div><b>My Default Security Policy:</b></div><div><div><br></div><div><securityPolicy</div><div>xmlns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div><div>xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>"</div><div>xmlns:icfs="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"</div><div>xmlns:org="<a href="http://midpoint.evolveum.com/xml/ns/public/common/org-3">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a>"</div><div>xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3">http://prism.evolveum.com/xml/ns/public/query-3</a>"</div><div>xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>"</div><div>xmlns:t="<a href="http://prism.evolveum.com/xml/ns/public/types-3">http://prism.evolveum.com/xml/ns/public/types-3</a>" oid="00000000-0000-0000-0000-000000000120" version="36"></div><div>    <name>Default Security Policy</name></div><div>    <authentication></div><div>        <modules></div><div>            <loginForm id="20"></div><div>                <name>internalLoginForm</name></div><div>                <description>Internal username/password authentication, default user password, login form</description></div><div>            </loginForm></div><div>            <saml2 id="21"></div><div>                <name>mysamlsso</name></div><div>                <description>My internal enterprise SAML-based SSO system.</description></div><div>                <serviceProvider></div><div>                    <entityId>sp_midpoint</entityId></div><div>                    <signRequests>false</signRequests></div><div>                    <wantAssertionsSigned>false</wantAssertionsSigned></div><div>                    <singleLogoutEnabled>true</singleLogoutEnabled></div><div>                    <provider id="22"></div><div>                        <entityId><a href="https://www.okta.com/d721K5vASKoJ4x6exko4">https://www.okta.com/d721K5vASKoJ4x6exko4</a></entityId></div><div>                        <alias>okta</alias></div><div>                        <metadata></div><div>                            <metadataUrl><a href="https://dev-99301.okta.com/app/d721K5vASKoJ4x6exko4/sso/saml/metadata">https://dev-99301.okta.com/app/d721K5vASKoJ4x6exko4/sso/saml/metadata</a></metadataUrl></div><div>                        </metadata></div><div>                        <skipSslValidation>false</skipSslValidation></div><div>                        <linkText>oktapreview</linkText></div><div>                        <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding></div><div>                        <nameOfUsernameAttribute>uid</nameOfUsernameAttribute></div><div>                    </provider></div><div>                </serviceProvider></div><div>            </saml2></div><div>        </modules></div><div>        <sequence id="23"></div><div>            <name>admin-gui-default</name></div><div>            <description></div><div>                Default GUI authentication sequence.</div><div>                We want to try company SSO, federation and internal. In that order.</div><div>                Just one of then need to be successful to let user in.</div><div>            </description></div><div>            <channel></div><div>                <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</a></channelId></div><div>                <default>true</default></div><div>                <urlSuffix>default</urlSuffix></div><div>            </channel></div><div>            <module id="25"></div><div>                <name>mysamlsso</name></div><div>                <order>30</order></div><div>                <necessity>sufficient</necessity></div><div>            </module></div><div>        </sequence></div><div>        <sequence id="24"></div><div>            <name>admin-gui-emergency</name></div><div>            <description></div><div>                Special GUI authentication sequence that is using just the internal user password.</div><div>                It is used only in emergency. It allows to skip SAML authentication cycles, e.g. in case</div><div>                that the SAML authentication is redirecting the browser incorrectly.</div><div>            </description></div><div>            <channel></div><div>                <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</a></channelId></div><div>                <default>false</default></div><div>                <urlSuffix>emergency</urlSuffix></div><div>            </channel></div><div>            <requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType"></div><div>                <!-- Superuser --></div><div>            </requireAssignmentTarget></div><div>            <module id="27"></div><div>                <name>internalLoginForm</name></div><div>                <order>10</order></div><div>                <necessity>sufficient</necessity></div><div>            </module></div><div>        </sequence></div><div>        <ignoredLocalPath>/actuator</ignoredLocalPath></div><div>        <ignoredLocalPath>/actuator/health</ignoredLocalPath></div><div>    </authentication></div><div>    <credentials></div><div>        <password></div><div>            <minOccurs>0</minOccurs></div><div>            <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts></div><div>            <lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration></div><div>            <lockoutDuration>PT15M</lockoutDuration></div><div>            <valuePolicyRef xmlns:tns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType"></div><div>                <!-- Default Password Policy --></div><div>            </valuePolicyRef></div><div>        </password></div><div>    </credentials></div><div></securityPolicy></div></div><div><br></div><div><br></div><div><b>Midpoint.log:</b></div><div><br></div><div><div>2021-07-11 23:01:27,323 [] [http-nio-8080-exec-10] INFO (org.opensaml.core.config.InitializationService): Initializing OpenSAML using the Java Services API</div><div>2021-07-11 23:01:27,323 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.soap.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,340 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.JavaCryptoValidationInitializer</div><div>2021-07-11 23:01:27,340 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,349 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.ApacheXMLSecurityInitializer</div><div>2021-07-11 23:01:27,349 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.GlobalSecurityConfigurationInitializer</div><div>2021-07-11 23:01:27,349 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.security.config.ClientTLSValidationConfiguratonInitializer</div><div>2021-07-11 23:01:27,350 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xacml.profile.saml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,360 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.core.xml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,365 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.core.xml.config.GlobalParserPoolInitializer</div><div>2021-07-11 23:01:27,367 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.core.metrics.impl.MetricRegistryInitializer</div><div>2021-07-11 23:01:27,367 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xacml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,380 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.saml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,416 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.saml.config.SAMLConfigurationInitializer</div><div>2021-07-11 23:01:27,416 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer</div><div>2021-07-11 23:01:27,427 [] [http-nio-8080-exec-10] INFO (org.opensaml.core.config.InitializationService): Initializing OpenSAML using the Java Services API</div><div>2021-07-11 23:01:27,427 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.soap.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,442 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.JavaCryptoValidationInitializer</div><div>2021-07-11 23:01:27,442 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.ApacheXMLSecurityInitializer</div><div>2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.GlobalSecurityConfigurationInitializer</div><div>2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.security.config.ClientTLSValidationConfiguratonInitializer</div><div>2021-07-11 23:01:27,452 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xacml.profile.saml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,462 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.core.xml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,468 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.core.xml.config.GlobalParserPoolInitializer</div><div>2021-07-11 23:01:27,469 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.core.metrics.impl.MetricRegistryInitializer</div><div>2021-07-11 23:01:27,469 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xacml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,480 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.saml.config.XMLObjectProviderInitializer</div><div>2021-07-11 23:01:27,513 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.saml.config.SAMLConfigurationInitializer</div><div>2021-07-11 23:01:27,513 [] [http-nio-8080-exec-10] DEBUG (org.opensaml.core.config.InitializationService): Initializing module initializer implementation: org.opensaml.xmlsec.config.GlobalAlgorithmRegistryInitializer</div></div><div><br></div><div>Regards</div><div><br></div><div>Gus</div><div><br></div><div><br></div><div><br></div></div></div></div></div></div>