<div dir="ltr">Hi,<div><br></div><div>Does anybody use midpoint Flexible authentication with saml2 protocol with midpoint 4.4?</div><div><br></div><div>What I've done:</div><div>- take the sample for flexible authentication from github (midpoint-sample/policy/security/...)</div><div>- enrich sample with my own certificates for signing</div><div>- change the IdP metadata + update the entityId based on my environment</div><div>- change the default login sequence to use only saml</div><div><br></div><div> --snip --</div><div><sequence><br>        <name>admin-gui-default</name>    <br>    <channel><br>               <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</a></channelId><br>          <default>true</default><br>       <urlSuffix>default</urlSuffix><br>    </channel><br>            <module><br>                <name>mySamlSso</name><br>                <order>30</order><br>             <necessity>sufficient</necessity><br>        </module><br></sequence><br></div><div>--snip--</div><div><br></div><div>Hopefully this is everything that needs to be done. After trying to login to midpoint, the redirect to my sso service was not done correctly and get the error message in log file:<br></div><div><span style="font-size:12.8px">Is there something that I've missed in my midpoint configuration? </span></div><div><br></div><div><span style="font-size:12.8px">Also I tried to configure the oidc configuration, but in midpoint 4.4 there is a missing schema for the <client> (maybe it will be available in the next release?)</span></div><div>Can anybody help with that, or what does this error exactly mean?</div><div><br></div><div>Here is a snippet from the log file.</div><div>--snip--<br></div><div>2022-02-24 11:36:45,020 [MODEL] [http-nio-18081-exec-5] ERROR (com.evolveum.midpoint.web.security.util.SecurityUtils): Couldn't build filter for module moduleFactory<br>java.lang.IllegalArgumentException: registrations cannot be empty<br>   at org.springframework.util.Assert.notEmpty(Assert.java:470)<br>  at org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository.<init>(InMemoryRelyingPartyRegistrationRepository.java:41)<br>       at com.evolveum.midpoint.web.security.module.configuration.SamlModuleWebSecurityConfiguration.buildInternal(SamlModuleWebSecurityConfiguration.java:118)<br>      at com.evolveum.midpoint.web.security.module.configuration.SamlModuleWebSecurityConfiguration.build(SamlModuleWebSecurityConfiguration.java:80)<br>       at com.evolveum.midpoint.web.security.factory.module.Saml2ModuleFactory.createModuleFilter(Saml2ModuleFactory.java:76)<br>        at com.evolveum.midpoint.web.security.util.SecurityUtils.lambda$buildModuleFilters$1(SecurityUtils.java:452)<br>  at java.base/java.util.ArrayList.forEach(ArrayList.java:1540)<br> at java.base/java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1083)<br>      at com.evolveum.midpoint.web.security.util.SecurityUtils.buildModuleFilters(SecurityUtils.java:448)<br>   at com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.createAuthenticationModuleBySequence(MidpointAuthFilter.java:288)<br>     at com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.doFilterInternal(MidpointAuthFilter.java:185)<br> at com.evolveum.midpoint.web.security.filter.MidpointAuthFilter.doFilter(MidpointAuthFilter.java:109)<br> at com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:169)<br>  at com.evolveum.midpoint.web.security.filter.TranslateExceptionFilter.doFilterInternal(TranslateExceptionFilter.java:32)<br>      at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>  at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:147)<br>        at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)<br>        at com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>  at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)<br>      at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)<br>       at com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>  at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)<br> at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy$VirtualFilterChain.doFilter(MidpointFilterChainProxy.java:171)<br>  at com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy.doFilterInternal(MidpointFilterChainProxy.java:95)<br>      at com.evolveum.midpoint.web.security.filter.MidpointFilterChainProxy.doFilter(MidpointFilterChainProxy.java:60)<br>      at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)<br>        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)<br>      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>  at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)<br>        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>  at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)<br>       at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>  at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)<br>     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>  at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126)<br>    at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64)<br>   at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101)<br>  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119)<br>    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>  at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)<br>  at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>  at com.evolveum.midpoint.web.boot.TrailingSlashRedirectingFilter.doFilterInternal(TrailingSlashRedirectingFilter.java:60)<br>     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)<br>        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)<br>  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)<br>  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)<br>        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)<br> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)<br>     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)<br>      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)<br>       at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)<br>  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)<br>   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)<br>        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)<br> at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)<br>   at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)<br>    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)<br>        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)<br>    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)<br>  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)<br>  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)<br> at java.base/java.lang.Thread.run(Thread.java:834)</div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style=""><span style="font-size:12.8px">--snip--</span></div><div style=""><span style="font-size:12.8px"><br></span></div><div style=""><br></div><div style=""><br></div></div></div></div></div></div></div>