<div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Frédéric<div><br></div><div>After some adjustments in the settings in midpoint (default security policy), idp okta and midpoint restart, I finally managed to authenticate to midpoint using saml 2.0.<br></div><div><br></div><div>In okta idp I added a new attribute "uid" and mapped it to contain the user login.<br></div><div><br></div><div>Best Regards</div><div><br></div><div>Gus</div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em seg., 26 de jul. de 2021 às 12:30, Frédéric Lohier <<a href="mailto:frederic@lohier.org">frederic@lohier.org</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hello Gus,<div dir="auto"><br></div><div dir="auto">Maybe you can try with a user which <name> is not an email, for example <name>testuser</name> ?</div><div dir="auto">In my case, it is working with user's login which are not email addresses.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jul 26, 2021, 15:59 Gus Lou via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Santiago</div><div>Thanks for your answer.</div><div dir="ltr"><br><div>Yes, I have two users in Midpoint and Okta IdP:</div><div><a href="mailto:joana.midpoint@xyz.net" rel="noreferrer" target="_blank">joana.midpoint@xyz.net</a></div><div><a href="mailto:denis.midpoint@xyz.net" rel="noreferrer" target="_blank">denis.midpoint@xyz.net</a></div><div><br></div><div>Both users have Midpoint Role: End Users assigned and Okta IdP Midpoint Applications Integrations assigned too.</div><div><br></div><div><div>I am using a tool to debug Saml Trace. Saml request and response are done successfully from midpoint to idp okta. But for some reason I couldn't understand midpoint doesn't recognize the user in the saml response, despite being exactly as registered.</div><div>I recreated the midpoint policy settings and the integration in IdP Okta but to no avail.</div></div><div><br></div><div>I don't know what else to check.<br></div><div><br></div><div>I have attached my settings, prints and logs in case anyone else can help.<br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Em seg., 26 de jul. de 2021 às 04:40, Sanudo Martinez, Santiago <<a href="mailto:Santiago.SanudoMartinez@ingrammicro.com" rel="noreferrer" target="_blank">Santiago.SanudoMartinez@ingrammicro.com</a>> escreveu:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div>
<p class="MsoNormal">Hi, <br>
<br>
Have you ensure you have any existing User inside midpoint platform with the name matching the mail that you are trying to retrieve?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Regards,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b><span style="font-size:10pt;font-family:Arial,sans-serif">Santiago Sañudo Martínez<u></u><u></u></span></b></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif;color:rgb(38,38,38)">Cloud Security Operations
<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="ES" style="font-size:10pt;font-family:Arial,sans-serif;color:rgb(64,64,64)">Plaza de Manuel Llano, Santander, Spain, 39011<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="ES" style="font-size:10pt;font-family:Arial,sans-serif;color:rgb(64,64,64)"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:10pt;font-family:Arial,sans-serif"><img width="144" height="31" style="width: 1.5in; height: 0.3229in;" id="gmail-m_-8608960186932936412m_2606644326055768529gmail-m_8697864641718092885Picture_x0020_2" src="cid:17ae2e50fc84ce8e91"></span><span style="font-size:10pt;font-family:Arial,sans-serif"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif;color:black"><a href="http://bit.ly/IngramTwitter" rel="noreferrer" target="_blank">Twitter</a> | <a href="http://bit.ly/IngramLinkedIN" rel="noreferrer" target="_blank">LinkedIn</a> |</span><span style="font-size:10pt;font-family:Arial,sans-serif;color:rgb(24,55,106)"> <a href="http://bit.ly/IngramFacebook" rel="noreferrer" target="_blank">Facebook</a> </span><span style="font-size:10pt;font-family:Arial,sans-serif;color:black">|</span><span style="font-size:10pt;font-family:Arial,sans-serif;color:rgb(24,55,106)"> <a href="http://bit.ly/IngramYouTube" rel="noreferrer" target="_blank">YouTube</a> <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:Arial,sans-serif;color:rgb(64,64,64)">This email may contain material that is confidential, and proprietary to Ingram Micro and subsidiaries, for the sole use of the intended recipient. Any review,
reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(225,225,225);padding:3pt 0in 0in">
<p class="MsoNormal"><b>From:</b> Gus Lou <<a href="mailto:gugalou38@gmail.com" rel="noreferrer" target="_blank">gugalou38@gmail.com</a>> <br>
<b>Sent:</b> Saturday, July 24, 2021 9:44 PM<br>
<b>To:</b> midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com" rel="noreferrer" target="_blank">midpoint@lists.evolveum.com</a>><br>
<b>Cc:</b> Pálos Gustáv <<a href="mailto:gustav.palos@gmail.com" rel="noreferrer" target="_blank">gustav.palos@gmail.com</a>>; Sanudo Martinez, Santiago <<a href="mailto:Santiago.SanudoMartinez@ingrammicro.com" rel="noreferrer" target="_blank">Santiago.SanudoMartinez@ingrammicro.com</a>><br>
<b>Subject:</b> Re: [midPoint] [EXTERNAL] Re: Flexible Authentication SAML2 - Azure Active Directory<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">Hi Guys<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Sending (metadata SP and IdP) attachments as they were dropped in the previous message.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">I'm investigating whether the information is correct:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><nameOfUsernameAttribute>uid</nameOfUsernameAttribute><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I've already tried other settings for example:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><nameOfUsernameAttribute>mail</nameOfUsernameAttribute><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><nameOfUsernameAttribute>username</nameOfUsernameAttribute><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><nameOfUsernameAttribute>email</nameOfUsernameAttribute><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><nameOfUsernameAttribute>emailAdress</nameOfUsernameAttribute><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">But after Midpoint's request and IdP's response, it keeps showing error: username/password invalid.<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Regards<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Gus<u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Em sex., 23 de jul. de 2021 às 15:16, Gus Lou <<a href="mailto:gugalou38@gmail.com" rel="noreferrer" target="_blank">gugalou38@gmail.com</a>> escreveu:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<div>
<p class="MsoNormal">Hi Santiago<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">Did your SAML 2.0 Midpont and AzureAD authentication test work completely?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I'm trying to do Midpoint integration with IdP Okta, but I get an error where it says the username or password is incorrect.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I've already made several configurations and checked the Midpoint (SP) and Okta (IdP) metadata (attached), in both the emailAddress is configured as login.<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal">But I have not been successful so far. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Regards <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Gus<u></u><u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">Em qui., 22 de jul. de 2021 às 13:07, Sanudo Martinez, Santiago via midPoint <<a href="mailto:midpoint@lists.evolveum.com" rel="noreferrer" target="_blank">midpoint@lists.evolveum.com</a>> escreveu:<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:rgb(33,33,33)">Hi,<u></u><u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:rgb(33,33,33)"><u></u> <u></u></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="color:rgb(33,33,33)">It works great. Thanks a lot.<u></u><u></u></span></p>
</div>
<div id="gmail-m_-8608960186932936412m_2606644326055768529gmail-m_8697864641718092885gmail-m_3005535019855422873gmail-m_-2301247909793135642gmail-m_-2722050461242696302ms-outlook-mobile-signature">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">Get <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__aka.ms_AAb9ysg&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=ClKq7o94Dox3tyHgnpq_A5GkIMyPwCfRTBF8CJTWjPs&s=TTJRhjcHri9rj3yNqvTPC7UkDeTMZhochzHWhLRb0Ys&e=" rel="noreferrer" target="_blank">
Outlook for Android</a><u></u><u></u></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="gmail-m_-8608960186932936412m_2606644326055768529gmail-m_8697864641718092885gmail-m_3005535019855422873gmail-m_-2301247909793135642gmail-m_-2722050461242696302divRplyFwdMsg">
<p class="MsoNormal"><b><span style="color:black">From:</span></b><span style="color:black"> Pálos Gustáv <<a href="mailto:gustav.palos@gmail.com" rel="noreferrer" target="_blank">gustav.palos@gmail.com</a>><br>
<b>Sent:</b> Thursday, July 22, 2021 2:05:22 PM<br>
<b>To:</b> midPoint General Discussion <<a href="mailto:midpoint@lists.evolveum.com" rel="noreferrer" target="_blank">midpoint@lists.evolveum.com</a>><br>
<b>Cc:</b> Sanudo Martinez, Santiago <<a href="mailto:Santiago.SanudoMartinez@ingrammicro.com" rel="noreferrer" target="_blank">Santiago.SanudoMartinez@ingrammicro.com</a>><br>
<b>Subject:</b> [EXTERNAL] Re: [midPoint] Flexible Authentication SAML2 - Azure Active Directory</span>
<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal">Hi, <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">try to set up in systemConfiguration:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <infrastructure><br>
<publicHttpUrlPattern><a href="https://host:port/midpoint%3c/publicHttpUrlPattern" rel="noreferrer" target="_blank">https://host:port/midpoint</publicHttpUrlPattern</a>><br>
</infrastructure><u></u><u></u></p>
</div>
</div>
<p class="MsoNormal">best regards <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Gustav<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">št 22. 7. 2021 o 14:01 Sanudo Martinez, Santiago via midPoint <<a href="mailto:midpoint@lists.evolveum.com" rel="noreferrer" target="_blank">midpoint@lists.evolveum.com</a>> napísal(a):<u></u><u></u></p>
</div>
<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p style="margin-bottom:12pt">Hi,<br>
<br>
We are encountering a problem where we aren’t able to establish login using SAML authentication via Azure AD. We have a midpoint instance running in a VM with a Nginx proxy which currently redirects everything from http to https:<br>
<br>
<u></u><u></u></p>
<p># If the user access through the 80 port (default HTTP port), NGINX will redirect him to the 443 (HTTPS)<u></u><u></u></p>
<p>server {<u></u><u></u></p>
<p> listen 80;<u></u><u></u></p>
<p> listen [::]:80;<u></u><u></u></p>
<p> return 301 <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__10.19.5.4&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=dQ4Zm5nfHPLnJWmYMW1UOBS6DTkLMSCqoNa8BTcVMck&e=" rel="noreferrer" target="_blank">
https://10.19.5.4</a>;<u></u><u></u></p>
<p>}<u></u><u></u></p>
<p> <u></u><u></u></p>
<p> <u></u><u></u></p>
<p> <u></u><u></u></p>
<p># If the user access through the 443 port, NGINX will redirect him to <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__localhost-3A&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=1u3KlJNdYBRcKfKkYEm4UNFmmbyRwCtvjE92_LAjmtc&e=" rel="noreferrer" target="_blank">
https://localhost:</a>8080 where Kibana is running<u></u><u></u></p>
<p>server {<u></u><u></u></p>
<p> listen 443 default_server;<u></u><u></u></p>
<p> listen [::]:443;<u></u><u></u></p>
<p> ssl on;<u></u><u></u></p>
<p> ssl_certificate /etc/pki/tls/certs/midpoint.pem;<u></u><u></u></p>
<p> ssl_certificate_key /etc/pki/tls/private/midpoint.key;<u></u><u></u></p>
<p> access_log /var/log/nginx/nginx.access.log;<u></u><u></u></p>
<p> <span lang="ES">error_log /var/log/nginx/nginx.error.log;</span><u></u><u></u></p>
<p><span lang="ES"> </span>location / {<u></u><u></u></p>
<p> proxy_pass <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=EZj1wIuc0WtF3lg5gL1JIywEuRd3PNnpmB6Ae-49U6U&e=" rel="noreferrer" target="_blank">
http://localhost:8080/</a>;<u></u><u></u></p>
<p> }<u></u><u></u></p>
<p>}<u></u><u></u></p>
<p> <u></u><u></u></p>
<p>The Midpoint application is deployed at localhost as described in application.yml:<br>
<br>
spring:<u></u><u></u></p>
<p> application:<u></u><u></u></p>
<p> name: MidPoint<u></u><u></u></p>
<p> main:<u></u><u></u></p>
<p> # needed to override springSecurityFilterChain from Spring Security<u></u><u></u></p>
<p> allow-bean-definition-overriding: true<u></u><u></u></p>
<p> servlet:<u></u><u></u></p>
<p> multipart:<u></u><u></u></p>
<p> max-file-size: 100MB<u></u><u></u></p>
<p> max-request-size: 100MB<u></u><u></u></p>
<p> file-size-threshold: 256KB<u></u><u></u></p>
<p> thymeleaf:<u></u><u></u></p>
<p> cache: false<u></u><u></u></p>
<p>server:<u></u><u></u></p>
<p> address: localhost<u></u><u></u></p>
<p> port: 8080<u></u><u></u></p>
<p> tomcat:<u></u><u></u></p>
<p> basedir: ${midpoint.home}<u></u><u></u></p>
<pre style="background:rgb(43,43,43)"><span style="color:white"> max-http-post-size: 104857600 # in bytes<br><br><br>With this, all the communication done to the Midpoint environment is done with port 443(HTTPS). We have created an app Enterpise at Azure Active Directory and we are configuring the SAML in order to login. To do so we have also establish the following securityPolicy:<br><br></span><span style="color:rgb(232,191,106)"><securityPolicy </span><span style="color:rgb(186,186,186)">xmlns</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_common-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=pKCiD3roafM1o6Z24y5lXNst9GrPlGgFExTNk4oJ140&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a> </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">c</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_common-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=pKCiD3roafM1o6Z24y5lXNst9GrPlGgFExTNk4oJ140&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a> </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">icfs</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_connector_icf-2D1_resource-2Dschema-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=9vsQyAOprOQ7x1gXIMNF8yL_rdrhOFsO4pOqtBXsHPo&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a> </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">org</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_org-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=0azoD7_FWtExRkcsW7xdXOhaXFMQsVD2LVCrZL_69yo&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a> </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">q</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__prism.evolveum.com_xml_ns_public_query-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=TtGgGgXn8I-d0wiDPUsOvL61VrhEH_bdM0t_TIjAcSk&e=" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a> </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">ri</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_resource_instance-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=c-NcpWqKsyaRYhTafumQZOSp43gyYnY_ocr6YasDcas&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a> </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">t</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__prism.evolveum.com_xml_ns_public_types-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=Vqet4MGMIEOxjZVQZa2da5hpExcxZZdkK0OReNV1wMw&e=" rel="noreferrer" target="_blank">http://prism.evolveum.com/xml/ns/public/types-3</a> </span><span style="color:rgb(186,186,186)">oid</span><span style="color:rgb(106,135,89)">="00000000-0000-0000-0000-000000000120" </span><span style="color:rgb(186,186,186)">version</span><span style="color:rgb(106,135,89)">="18"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">Default Security Policy</span><span style="color:rgb(232,191,106)"></name><br> <metadata><br> <requestTimestamp></span><span style="color:rgb(169,183,198)">2020-12-01T12:00:15.108Z</span><span style="color:rgb(232,191,106)"></requestTimestamp><br> <createTimestamp></span><span style="color:rgb(169,183,198)">2020-12-01T12:00:15.137Z</span><span style="color:rgb(232,191,106)"></createTimestamp><br> <createChannel></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23init-253C_createChannel&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=7qKrVHD_DRAdtT327mzxDaDF6DO6RFkIUz-QvryaCZs&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</createChannel</a></span><span style="color:rgb(232,191,106)">><br> </metadata><br> <operationExecution </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="1"</span><span style="color:rgb(232,191,106)">><br> <timestamp></span><span style="color:rgb(169,183,198)">2020-12-01T12:00:15.179Z</span><span style="color:rgb(232,191,106)"></timestamp><br> <operation><br> <objectDelta><br> <</span><span style="color:rgb(152,118,170)">t</span><span style="color:rgb(232,191,106)">:changeType></span><span style="color:rgb(169,183,198)">add</span><span style="color:rgb(232,191,106)"></</span><span style="color:rgb(152,118,170)">t</span><span style="color:rgb(232,191,106)">:changeType><br> <</span><span style="color:rgb(152,118,170)">t</span><span style="color:rgb(232,191,106)">:objectType></span><span style="color:rgb(169,183,198)">c:SecurityPolicyType</span><span style="color:rgb(232,191,106)"></</span><span style="color:rgb(152,118,170)">t</span><span style="color:rgb(232,191,106)">:objectType><br> </objectDelta><br> <executionResult><br> <operation></span><span style="color:rgb(169,183,198)">com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</span><span style="color:rgb(232,191,106)"></operation><br> <status></span><span style="color:rgb(169,183,198)">success</span><span style="color:rgb(232,191,106)"></status><br> <importance></span><span style="color:rgb(169,183,198)">normal</span><span style="color:rgb(232,191,106)"></importance><br> <token></span><span style="color:rgb(169,183,198)">1000000000000000015</span><span style="color:rgb(232,191,106)"></token><br> </executionResult><br> <objectName></span><span style="color:rgb(169,183,198)">Default Security Policy</span><span style="color:rgb(232,191,106)"></objectName><br> </operation><br> <status></span><span style="color:rgb(169,183,198)">success</span><span style="color:rgb(232,191,106)"></status><br> <channel></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23init-253C_channel&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=nnVR8BlwATkGJ8kHbXODbKcgV3ycXZiwl92nnNS1xwQ&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</channel</a></span><span style="color:rgb(232,191,106)">><br> </operationExecution><br> <iteration></span><span style="color:rgb(169,183,198)">0</span><span style="color:rgb(232,191,106)"></iteration><br> <iterationToken/><br> <authentication><br> <modules><br> <loginForm ><br> <name></span><span style="color:rgb(169,183,198)">internalLoginForm</span><span style="color:rgb(232,191,106)"></name><br> <description></span><span style="color:rgb(169,183,198)">Internal username/password authentication, default user password, login form</span><span style="color:rgb(232,191,106)"></description><br> </loginForm><br> <httpBasic ><br> <name></span><span style="color:rgb(169,183,198)">internalBasic</span><span style="color:rgb(232,191,106)"></name><br> <description></span><span style="color:rgb(169,183,198)">Internal username/password authentication, using HTTP basic auth</span><span style="color:rgb(232,191,106)"></description><br> </httpBasic><br><br> <saml2 ><br> <name></span><span style="color:rgb(169,183,198)">azureSsoSaml</span><span style="color:rgb(232,191,106)"></name><br> <description></span><span style="color:rgb(169,183,198)">My internal enterprise SAML-based SSO system.</span><span style="color:rgb(232,191,106)"></description><br> <network><br> <readTimeout></span><span style="color:rgb(169,183,198)">10000</span><span style="color:rgb(232,191,106)"></readTimeout><br> <connectTimeout></span><span style="color:rgb(169,183,198)">5000</span><span style="color:rgb(232,191,106)"></connectTimeout><br> </network><br><br> <serviceProvider><br> <entityId></span><span style="color:rgb(169,183,198)">sp_midpoint</span><span style="color:rgb(232,191,106)"></entityId><br> <aliasForPath></span><span style="color:rgb(169,183,198)">sp_midpoint</span><span style="color:rgb(232,191,106)"></aliasForPath><br><br> <provider><br> <entityId></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__sts.windows.net_484fa682-2D02f6-2D4ffa-2D8cea-2Df72692457936_-253c_entityId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=-PcY9PmvgaaVT-1PYbR84LBQb_tahv5hX4YNrkvxwvA&e=" rel="noreferrer" target="_blank">https://sts.windows.net/484fa682-02f6-4ffa-8cea-f72692457936/</entityId</a></span><span style="color:rgb(232,191,106)">><br> <linkText></span><span style="color:rgb(169,183,198)">ssoazure</span><span style="color:rgb(232,191,106)"></linkText><br> <alias></span><span style="color:rgb(169,183,198)">ssoazure</span><span style="color:rgb(232,191,106)"></alias><br> <metadata><br> <metadataUrl></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__login.microsoftonline.com_484fa682-2D02f6-2D4ffa-2D8cea-2Df72692457936_federationmetadata_2007-2D06_federationmetadata.xml-3Fappid-3Dc1bacfd5-2D5041-2D4b02-2Daac3-2Dfa76e0a3560e-253c_metadataUrl&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=4_TOIfHvsl30m6gL1oODBhLdwPMpNVuE2qSxOeRQH7A&e=" rel="noreferrer" target="_blank">https://login.microsoftonline.com/484fa682-02f6-4ffa-8cea-f72692457936/federationmetadata/2007-06/federationmetadata.xml?appid=c1bacfd5-5041-4b02-aac3-fa76e0a3560e</metadataUrl</a></span><span style="color:rgb(232,191,106)">><br> </metadata><br> <skipSslValidation></span><span style="color:rgb(169,183,198)">true</span><span style="color:rgb(232,191,106)"></skipSslValidation><br> <authenticationRequestBinding></span><span style="color:rgb(169,183,198)">urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</span><span style="color:rgb(232,191,106)"></authenticationRequestBinding><br> <nameOfUsernameAttribute></span><span style="color:rgb(169,183,198)">uid</span><span style="color:rgb(232,191,106)"></nameOfUsernameAttribute><br> </provider><br> </serviceProvider><br> </saml2><br> </modules><br> <sequence </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="8"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">admin-gui-default</span><span style="color:rgb(232,191,106)"></name><br> <description><br> </span><span style="color:rgb(169,183,198)">Default GUI authentication sequence.<br> We want to try company SSO, federation and internal. In that order.<br> Just one of then need to be successful to let user in.<br> </span><span style="color:rgb(232,191,106)"></description><br> <channel><br> <channelId></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23user-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=wXlujTt8k1qD0npPFbvW5kc8FRG19gIhj3l9PVKgp4I&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId</a></span><span style="color:rgb(232,191,106)">><br> <default></span><span style="color:rgb(169,183,198)">true</span><span style="color:rgb(232,191,106)"></default><br> <urlSuffix></span><span style="color:rgb(169,183,198)">default</span><span style="color:rgb(232,191,106)"></urlSuffix><br> </channel><br> <module><br> <name></span><span style="color:rgb(169,183,198)">azureSsoSaml</span><span style="color:rgb(232,191,106)"></name><br> <order></span><span style="color:rgb(169,183,198)">30</span><span style="color:rgb(232,191,106)"></order><br> <necessity></span><span style="color:rgb(169,183,198)">sufficient</span><span style="color:rgb(232,191,106)"></necessity><br> </module><br><br><br> </sequence><br> <sequence </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="9"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">admin-gui-emergency</span><span style="color:rgb(232,191,106)"></name><br> <description><br> </span><span style="color:rgb(169,183,198)">Special GUI authentication sequence that is using just the internal user password.<br> It is used only in emergency. It allows to skip SAML authentication cycles, e.g. in case<br> that the SAML authentication is redirecting the browser incorrectly.<br> </span><span style="color:rgb(232,191,106)"></description><br> <channel><br> <channelId></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23user-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=wXlujTt8k1qD0npPFbvW5kc8FRG19gIhj3l9PVKgp4I&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId</a></span><span style="color:rgb(232,191,106)">><br> <default></span><span style="color:rgb(169,183,198)">false</span><span style="color:rgb(232,191,106)"></default><br> <urlSuffix></span><span style="color:rgb(169,183,198)">emergency</span><span style="color:rgb(232,191,106)"></urlSuffix><br> </channel><br> <requireAssignmentTarget </span><span style="color:rgb(186,186,186)">oid</span><span style="color:rgb(106,135,89)">="00000000-0000-0000-0000-000000000004" </span><span style="color:rgb(186,186,186)">relation</span><span style="color:rgb(106,135,89)">="org:default" </span><span style="color:rgb(186,186,186)">type</span><span style="color:rgb(106,135,89)">="c:RoleType"</span><span style="color:rgb(232,191,106)">/><br> <module </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="14"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">internalLoginForm</span><span style="color:rgb(232,191,106)"></name><br> <order></span><span style="color:rgb(169,183,198)">30</span><span style="color:rgb(232,191,106)"></order><br> <necessity></span><span style="color:rgb(169,183,198)">sufficient</span><span style="color:rgb(232,191,106)"></necessity><br> </module><br> </sequence><br> <sequence </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="16"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">rest</span><span style="color:rgb(232,191,106)"></name><br> <description><br> </span><span style="color:rgb(169,183,198)">Authentication sequence for REST service.<br> </span><span style="color:rgb(232,191,106)"></description><br> <channel><br> <channelId></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23rest-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=KvSgCH-OU7gkTStlJ86pRViHie1Md8XUuQgPfr9tpFM&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId</a></span><span style="color:rgb(232,191,106)">><br> <default></span><span style="color:rgb(169,183,198)">true</span><span style="color:rgb(232,191,106)"></default><br> <urlSuffix></span><span style="color:rgb(169,183,198)">rest-default</span><span style="color:rgb(232,191,106)"></urlSuffix><br> </channel><br> <module </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="18"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">internalBasic</span><span style="color:rgb(232,191,106)"></name><br> <order></span><span style="color:rgb(169,183,198)">10</span><span style="color:rgb(232,191,106)"></order><br> <necessity></span><span style="color:rgb(169,183,198)">sufficient</span><span style="color:rgb(232,191,106)"></necessity><br> </module><br> </sequence><br> <sequence </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="17"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">actuator</span><span style="color:rgb(232,191,106)"></name><br> <description><br> </span><span style="color:rgb(169,183,198)">Authentication sequence for actuator.<br> </span><span style="color:rgb(232,191,106)"></description><br> <channel><br> <channelId></span><span style="color:rgb(169,183,198)"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_channels-2D3-23actuator-253C_channelId&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=KlXh3Dbt_WQcv5Bm9__qXj5rv_-TdbZfGkgmObsguJo&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId</a></span><span style="color:rgb(232,191,106)">><br> <default></span><span style="color:rgb(169,183,198)">true</span><span style="color:rgb(232,191,106)"></default><br> <urlSuffix></span><span style="color:rgb(169,183,198)">actuator-default</span><span style="color:rgb(232,191,106)"></urlSuffix><br> </channel><br> <module </span><span style="color:rgb(186,186,186)">id</span><span style="color:rgb(106,135,89)">="19"</span><span style="color:rgb(232,191,106)">><br> <name></span><span style="color:rgb(169,183,198)">internalBasic</span><span style="color:rgb(232,191,106)"></name><br> <order></span><span style="color:rgb(169,183,198)">10</span><span style="color:rgb(232,191,106)"></order><br> <necessity></span><span style="color:rgb(169,183,198)">sufficient</span><span style="color:rgb(232,191,106)"></necessity><br> </module><br> </sequence><br> <ignoredLocalPath></span><span style="color:rgb(169,183,198)">/actuator</span><span style="color:rgb(232,191,106)"></ignoredLocalPath><br> <ignoredLocalPath></span><span style="color:rgb(169,183,198)">/actuator/health</span><span style="color:rgb(232,191,106)"></ignoredLocalPath><br> </authentication><br> <credentials><br> <password><br> <minOccurs></span><span style="color:rgb(169,183,198)">0</span><span style="color:rgb(232,191,106)"></minOccurs><br> <lockoutMaxFailedAttempts></span><span style="color:rgb(169,183,198)">3</span><span style="color:rgb(232,191,106)"></lockoutMaxFailedAttempts><br> <lockoutFailedAttemptsDuration></span><span style="color:rgb(169,183,198)">PT3M</span><span style="color:rgb(232,191,106)"></lockoutFailedAttemptsDuration><br> <lockoutDuration></span><span style="color:rgb(169,183,198)">PT15M</span><span style="color:rgb(232,191,106)"></lockoutDuration><br> <valuePolicyRef </span><span style="color:rgb(186,186,186)">xmlns:</span><span style="color:rgb(152,118,170)">tns</span><span style="color:rgb(106,135,89)">=<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__midpoint.evolveum.com_xml_ns_public_common_common-2D3&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=pKCiD3roafM1o6Z24y5lXNst9GrPlGgFExTNk4oJ140&e=" rel="noreferrer" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a> </span><span style="color:rgb(186,186,186)">oid</span><span style="color:rgb(106,135,89)">="00000000-0000-0000-0000-000000000003" </span><span style="color:rgb(186,186,186)">relation</span><span style="color:rgb(106,135,89)">="org:default" </span><span style="color:rgb(186,186,186)">type</span><span style="color:rgb(106,135,89)">="tns:ValuePolicyType"</span><span style="color:rgb(232,191,106)">/><br> </password><br> </credentials><br></securityPolicy></span><u></u><u></u></pre>
<p style="margin-bottom:12pt"><br>
<br>
Regarding the Azure enterprise application saml config:<br>
<br>
<img border="0" width="805" height="305" style="width: 8.3854in; height: 3.177in;" id="gmail-m_-8608960186932936412m_2606644326055768529gmail-m_8697864641718092885gmail-m_3005535019855422873gmail-m_-2301247909793135642gmail-m_-2722050461242696302x_gmail-m_2995833997530199396Picture_x0020_5" src="cid:17ae2e50fc85b16b22"><br>
Being the midpoint resource IP: 10.19.5.4. <u></u><u></u></p>
<p style="margin-bottom:12pt"><br>
After I start I get the following error display:<br>
<br>
<img border="0" width="1915" height="488" style="width: 19.9479in; height: 5.0833in;" id="gmail-m_-8608960186932936412m_2606644326055768529gmail-m_8697864641718092885gmail-m_3005535019855422873gmail-m_-2301247909793135642gmail-m_-2722050461242696302x_gmail-m_2995833997530199396Picture_x0020_6" src="cid:17ae2e50fc8692e333"><br>
<br>
And if I select the identity provider it redirects me to:<br>
<br>
<img border="0" width="1003" height="42" style="width: 10.4479in; height: 0.4375in;" id="gmail-m_-8608960186932936412m_2606644326055768529gmail-m_8697864641718092885gmail-m_3005535019855422873gmail-m_-2301247909793135642gmail-m_-2722050461242696302x_gmail-m_2995833997530199396Picture_x0020_7" src="cid:17ae2e50fc87745b44"><br>
<br>
Any ideas?<u></u><u></u></p>
<p>Regards,<u></u><u></u></p>
<p> <u></u><u></u></p>
<p><b><span style="font-size:10pt;font-family:Arial,sans-serif">Santiago Sañudo Martínez</span></b><u></u><u></u></p>
</div>
<p><span style="font-size:7.5pt"><br>
La información contenida en este mensaje es confidencial. En caso de que reciba este mensaje por error le rogamos lo comunique a la mayor brevedad al emisor y proceda a su eliminación definitiva, absteniéndose de copiar, almacenar o difundir su contenido. De
acuerdo con lo establecido en la Ley Orgánica 15/1999, de Protección de Datos de Carácter Personal y en el Reglamento de Desarrollo 1720/2007, los datos personales que facilite a través de la dirección de correo indicada serán incorporados a un fichero titularidad
de INGRAM MICRO, S.L.U., con domicilio en C/ Antonio Machado, 78-80 1ª y 2ª pl. Business Park ( 08840-Viladecans). Mediante el envío de sus datos, Ud. otorga su consentimiento expreso a INGRAM MICRO, S.L.U, para el tratamiento de sus datos, con la finalidad
de atender a su consulta y/o mantener la relación profesional, comercial, y/o contractual que en su caso establezca con INGRAM MICRO, S.L.U. Puede ejercitar sus derechos de acceso, rectificación, cancelación y oposición notificándolo por escrito a la dirección
del remitente, o a la siguiente dirección de correo <a href="mailto:nuevascuentas@ingrammicro.es" rel="noreferrer" target="_blank">
nuevascuentas@ingrammicro.es</a>. De acuerdo con la Ley 34/2002, de Servicios de la Sociedad de la Información y de Comercio Electrónico, Vd. podrá oponerse en cualquier momento al tratamiento de sus datos con fines promocionales notificándonoslo por escrito
a la dirección de correo mencionada.<br>
.................................................................................................................................................................................................................................................<br>
The information contained in this message is confidential. If you receive this message by error please notify it as soon as possible to the sender and proceed to their final elimination by not copy, store or distribute its content. In accordance of what is
stated in the Law 15/1999, of Data Personal Protection and Regulation Rule 1720/2007, the personal data provided through the email address you entered will be included in a file owned by INGRAM MICRO, SLU, located at C/ Antonio Machado, 78-80 1ª y 2ª pl. Business
Park ( 08840-Viladecans). By submitting your data, you expressly give your consent to INGRAM MICRO, SLU, to the treatment of your data, in order to answer to your questions and / or keep the professional, commercial relationship and / or contractual set with
INGRAM MICRO, SLU You can exercise your rights of access, rectification, cancellation and opposition by giving written notification to the sender address or to the following email:
<a href="mailto:nuevascuentas@ingrammicro.es" rel="noreferrer" target="_blank">nuevascuentas@ingrammicro.es</a>. According to Law 34/2002, of the Information Society and Electronic Commerce, you may object at any time to your data treatment for promotional purposes by notifying
us in writing to the email address above.<br>
<span style="color:white">[Ingram_2818e5de]</span></span><u></u><u></u></p>
</div>
<p class="MsoNormal">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" rel="noreferrer" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=wY8uDlYIFyen_JG8t9WJcfGH_-_rV6CB9IQqdaYLKS0&s=TRHFEc2tHt69L3kWUx8OBHrO6AxZt-o7vygCffCRdPk&e=" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">-- <u></u><u></u></p>
<div>
<p class="MsoNormal">s pozdravom <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Gustáv Pálos<u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" rel="noreferrer" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=DwMFaQ&c=--1RjWWBW4Kf6aBAaj53vPItwfT0BR1YjSDV46P5EvE&r=02nQn_XF01OYsg7KWPE9n6CNvfs_QyztKbAlcXkYqvqpvrlKyhGRLNIt3vGj5sdE&m=ClKq7o94Dox3tyHgnpq_A5GkIMyPwCfRTBF8CJTWjPs&s=4ZachGRGBwmpy3BkEe4Gi6kPYCFWODa9eg-LZqOWzj8&e=" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><u></u><u></u></p>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote></div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" rel="noreferrer" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>
</blockquote></div>