Skip to content

Instantly share code, notes, and snippets.

@grahamb
Created January 12, 2024 20:29
Show Gist options
  • Save grahamb/3b28efad1a2ca9dd8502d8061ada2f1e to your computer and use it in GitHub Desktop.
Save grahamb/3b28efad1a2ca9dd8502d8061ada2f1e to your computer and use it in GitHub Desktop.
<securityPolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="00000000-0000-0000-0000-000000000120" version="1" >
<name>Default Security Policy</name>
<metadata>
<requestTimestamp>2024-01-03T11:43:44.368-08:00</requestTimestamp>
<createTimestamp>2024-01-03T11:43:44.384-08:00</createTimestamp>
<createChannel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</createChannel>
</metadata>
<operationExecution>
<recordType>simple</recordType>
<timestamp>2024-01-03T11:43:44.412-08:00</timestamp>
<operation>
<objectDelta>
<t:changeType>add</t:changeType>
<t:objectType>c:SecurityPolicyType</t:objectType>
</objectDelta>
<executionResult>
<operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
<status>success</status>
<importance>normal</importance>
<token>1000000000000000016</token>
</executionResult>
<objectName>Default Security Policy</objectName>
</operation>
<status>success</status>
<channel>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#init</channel>
</operationExecution>
<iteration>0</iteration>
<iterationToken/>
<authentication>
<modules>
<loginForm>
<identifier>loginForm</identifier>
</loginForm>
<httpBasic>
<identifier>httpBasic</identifier>
</httpBasic>
<saml2>
<identifier>saml2</identifier>
<description>SFU Shibboleth SSO</description>
<serviceProvider>
<entityId>midpoint_test_sp</entityId>
<signRequests>true</signRequests>
<keys>
<activeKeyStoreKey>
<keyStorePath>/opt/midpoint/midpoint_home/saml2/saml2-keys.jks</keyStorePath>
<keyStorePassword>
<t:clearValue>$(saml2KeystorePassword)</t:clearValue>
</keyStorePassword>
<keyAlias>midpoint-test-sp-signing</keyAlias>
<keyPassword>
<t:clearValue>$(saml2signingKeyPassword)</t:clearValue>
</keyPassword>
</activeKeyStoreKey>
</keys>
<identityProvider>
<entityId>https://idp-stage.its.sfu.ca/idp/shibboleth</entityId>
<metadata>
<pathToFile>/opt/midpoint/midpoint_home/saml2/idp-stage.xml</pathToFile>
</metadata>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
<linkText>SFU CAS</linkText>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
</identityProvider>
</serviceProvider>
</saml2>
</modules>
<sequence>
<identifier>admin-gui-saml2</identifier>
<displayName>SAML2 GUI authentication sequence</displayName>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
<default>true</default>
<urlSuffix>gui-saml2</urlSuffix>
</channel>
<module>
<identifier>saml2</identifier>
<order>30</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence>
<identifier>admin-gui-emergency</identifier>
<displayName>Emergency GUI authentication sequence using internal accounts</displayName>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
<urlSuffix>emergency</urlSuffix>
<default>false</default>
</channel>
<requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType" />
<module>
<identifier>loginForm</identifier>
<order>30</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence>
<identifier>admin-gui-default</identifier>
<displayName>Default gui sequence</displayName>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
<default>false</default>
<urlSuffix>gui-default</urlSuffix>
</channel>
<module>
<identifier>loginForm</identifier>
<order>1</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence>
<identifier>rest-default</identifier>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
<default>true</default>
<urlSuffix>rest-default</urlSuffix>
</channel>
<module>
<identifier>httpBasic</identifier>
<order>1</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence>
<identifier>actuator-default</identifier>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId>
<default>true</default>
<urlSuffix>actuator-default</urlSuffix>
</channel>
<module>
<identifier>httpBasic</identifier>
<order>1</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<ignoredLocalPath>/actuator/health</ignoredLocalPath>
</authentication>
<credentials>
<password>
<minOccurs>0</minOccurs>
<lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
<lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
<lockoutDuration>PT15M</lockoutDuration>
<valuePolicyRef oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="c:ValuePolicyType"/>
</password>
</credentials>
</securityPolicy>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment