<div dir="ltr">What I can see is that you renamed default sequence and probably, in this way, removed default sequence for GUI<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 10 Mar 2023 at 11:38, Yakov Revyakin <<a href="mailto:yrevyakin@gmail.com">yrevyakin@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Ujjwal,<br><div>The best way to solve all problems of SAML-configuration is Java-debugger.</div><div>I spent last week trying to set up SAML and believe me - debugger was the only way to solve problems.</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, 9 Mar 2023 at 10:15, JOSHI Ujjwal via midPoint <<a href="mailto:midpoint@lists.evolveum.com" target="_blank">midpoint@lists.evolveum.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<div lang="EN-US">
<div>
<p class="MsoNormal">Hi Team, <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I’m trying to update default Security Policy to enable Single-Sign-On. Below is the updated Security Policy.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="background:silver"><securityPolicy xmlns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:c="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" xmlns:icfs="<a href="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3</a>"
xmlns:org="<a href="http://midpoint.evolveum.com/xml/ns/public/common/org-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/org-3</a>" xmlns:q="<a href="http://prism.evolveum.com/xml/ns/public/query-3" target="_blank">http://prism.evolveum.com/xml/ns/public/query-3</a>" xmlns:ri="<a href="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/resource/instance-3</a>" xmlns:t="<a href="http://prism.evolveum.com/xml/ns/public/types-3" target="_blank">http://prism.evolveum.com/xml/ns/public/types-3</a>"
xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>" oid="00000000-0000-0000-0000-000000000120" version="1"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <name>Default Security Policy</name><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <metadata><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <requestTimestamp>2023-02-15T12:51:37.349+05:30</requestTimestamp><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <createTimestamp>2023-02-15T12:51:37.359+05:30</createTimestamp><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <createChannel><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</a></createChannel><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </metadata><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <operationExecution id="1"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <recordType>simple</recordType><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <timestamp>2023-02-15T12:51:37.382+05:30</timestamp><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <operation><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <objectDelta><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver">
</span><span lang="FR" style="background:silver"><t:changeType>add</t:changeType><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="FR" style="background:silver"> <t:objectType>c:SecurityPolicyType</t:objectType><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="FR" style="background:silver">
</span><span style="background:silver"></objectDelta><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <executionResult><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <status>success</status><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <importance>normal</importance><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <token>1000000000000000015</token><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </executionResult><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <objectName>Default Security Policy</objectName><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </operation><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <status>success</status><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <channel><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</a></channel><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </operationExecution><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <iteration>0</iteration><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <iterationToken/><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <authentication><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <!-- Definition of AUTHENTICATION methods that midPoint supports.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> Credentials in this section are considered to be read-only. --><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <modules><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <!-- Definition and configuration of all authentication modules that can be used in the system --><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <saml2><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <name>mySamlSso</name><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <description>My internal enterprise SAML-based SSO system.</description><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <serviceProvider><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <entityId>midpoint</entityId><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <signRequests>false</signRequests><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <identityProvider><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <entityId><a href="https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA" target="_blank">https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA</a></entityId><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <metadata><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <metadataUrl><a href="https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA/protocol/saml/descriptor" target="_blank">https://spedemo-sasidp.stademo.com/auth/realms/M4RSUTEDKN-STA/protocol/saml/descriptor</a></metadataUrl><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </metadata><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <linkText>STA</linkText><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <nameOfUsernameAttribute>email</nameOfUsernameAttribute><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </identityProvider><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </serviceProvider><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <!-- ... other SAML configuration that the module needs --><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </saml2><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </modules><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <sequence><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <name>admin-gui-default-test1111</name><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <description><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> Default GUI authentication sequence.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> We want to try company SSO, federation and internal. In that order.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> Just one of then need to be successful to let user in.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </description><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <channel><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <channelId><a href="http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</a></channelId><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <default>true</default><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <urlSuffix>default</urlSuffix><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </channel><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <nodeGroup oid="05b6933a-b7fc-4543-b8fa-fd8b278ff9ee" relation="org:default" type="c:ArchetypeType"/><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <module><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <name>mySamlSso</name><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <order>30</order><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <necessity>sufficient</necessity><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </module><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </sequence><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </authentication><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <credentials><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <password><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <minOccurs>0</minOccurs><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <lockoutDuration>PT15M</lockoutDuration><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <valuePolicyRef xmlns:tns="<a href="http://midpoint.evolveum.com/xml/ns/public/common/common-3" target="_blank">http://midpoint.evolveum.com/xml/ns/public/common/common-3</a>" oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> <!-- Default Password Policy --><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </valuePolicyRef><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </password><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"> </credentials><u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:silver"></securityPolicy></span><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">But I’m getting below error in <b>midpoint.log<u></u><u></u></b></p>
<p class="MsoNormal"><b><span style="color:rgb(192,0,0)">Error: Couldn't find filters for sequence admin-gui-default<u></u><u></u></span></b></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Can you please suggest what could be the possible reason for this error.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks!<u></u><u></u></p>
<p class="MsoNormal">Best Regards,<u></u><u></u></p>
<p class="MsoNormal">Ujjwal<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</div></blockquote></div>
</blockquote></div>