Configurar o Portal do Patrocinador do ISE 3.0 com o Azure AD SAML SSO

Opções de download

PDF (3.1 MB)
Ver no Adobe Reader em vários dispositivos
ePub (2.9 MB)
Ver em vários aplicativos no iPhone, iPad, Android, Sony Reader ou Windows Phone
Mobi (Kindle) (2.7 MB)
Ver no dispositivo Kindle ou no aplicativo Kindle em vários dispositivos

Atualizado:19 de outubro de 2020

ID do documento:216129

Linguagem imparcial

O conjunto de documentação deste produto faz o possível para usar uma linguagem imparcial. Para os fins deste conjunto de documentação, a imparcialidade é definida como uma linguagem que não implica em discriminação baseada em idade, deficiência, gênero, identidade racial, identidade étnica, orientação sexual, status socioeconômico e interseccionalidade. Pode haver exceções na documentação devido à linguagem codificada nas interfaces de usuário do software do produto, linguagem usada com base na documentação de RFP ou linguagem usada por um produto de terceiros referenciado. Saiba mais sobre como a Cisco está usando a linguagem inclusiva.

Sobre esta tradução

A Cisco traduziu este documento com a ajuda de tecnologias de tradução automática e humana para oferecer conteúdo de suporte aos seus usuários no seu próprio idioma, independentemente da localização. Observe que mesmo a melhor tradução automática não será tão precisa quanto as realizadas por um tradutor profissional. A Cisco Systems, Inc. não se responsabiliza pela precisão destas traduções e recomenda que o documento original em inglês (link fornecido) seja sempre consultado.

Introduction

Prerequisites

Requirements

Componentes Utilizados

Diagrama de fluxo de alto nível

Configurar

Etapa 1. Configurar o provedor de identidade e o portal do patrocinador do SAML no ISE

1. Configurar o Azure AD como Origem de Identidade SAML Externa

2. Configurar o Portal do Patrocinador para usar o Azure AD

3. Exportar informações do provedor de serviços

Etapa 2. Definir as Configurações do IdP do Azure AD

1. Criar um Usuário do Azure AD

2. Criar um Grupo AD do Azure

3. Atribuir Usuário do Azure AD ao Grupo

4. Criar um Aplicativo Azure AD Enterprise

5. Adicionar grupo ao aplicativo

6. Configurar um Aplicativo Azure AD Enterprise

7. Configurar Atributo de Grupo do Ative Diretory

8. Baixar Arquivo XML de Metadados de Federação do Azure

Etapa 3. Carregar Metadados do Azure Ative Diretory para o ISE

Etapa 4. Configurar grupos SAML no ISE

Etapa 5. Configurar o mapeamento de grupo de patrocinadores no ISE

Verificar

Troubleshoot

Problemas comuns

Solução de problemas do cliente

Troubleshooting do ISE

Introduction

Este documento descreve como configurar um servidor SAML do Azure Ative Diretory (AD) com o Cisco Identity Services Engine (ISE) 3.0 para fornecer recursos de Logon Único (SSO) para usuários Patrocinadores.

Prerequisites

Requirements

A Cisco recomenda que você tenha conhecimento destes tópicos:

Cisco ISE 3.0
Conhecimento básico sobre implantações de SSO SAML
Azure AD

Componentes Utilizados

Cisco ISE 3.0
Azure AD

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. Se a rede estiver ativa, certifique-se de que você entenda o impacto potencial de qualquer comando.

Diagrama de fluxo de alto nível

Configurar

Etapa 1. Configurar o provedor de identidade e o portal do patrocinador do SAML no ISE

1. Configurar o Azure AD como Origem de Identidade SAML Externa

No ISE, navegue para Administration > Identity Management > External Identity Sources > SAML Id Providers e clique no botão Add.

Insira o ID do provedor e clique em Enviar para salvá-lo. O nome do provedor de ID é significativo somente para o ISE, como mostrado na imagem.

2. Configurar o Portal do Patrocinador para usar o Azure AD

Navegue até Centros de trabalho > Acesso de convidados > Portais e componentes > Portais de patrocinadores e selecione seu Portal de patrocinadores. Neste exemplo, o Portal do Patrocinador (padrão) é usado.

Expanda o painel Configurações do portal e selecione seu novo IDP SAML na sequência de origem da identidade. Configure o Nome de domínio totalmente qualificado (FQDN) para o portal do patrocinador. Neste exemplo, é esponsor30.example.com. Clique em Salvar como mostrado na imagem.

3. Exportar informações do provedor de serviços

Navegue até Administration > Identity Management > External Identity Sources > SAML Id Providers > [Your SAML Provider].

Mude para a guia Informações do provedor de serviços. e clique no botão Exportar conforme mostrado na imagem.

Baixe o arquivo zip e salve-o. Nele, você pode encontrar 2 arquivos. Você precisa do arquivo XML chamado de Portal do Patrocinador.

Anote o Location da Resposta de Ligações de SingleLogoutService, o valor de EntityID e os valores de Location de AssertionConsumerService Binding.

<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIIFZjCCA06gAwIBAgIQX1oAvwAAAAChgVd9cEEWOzANBgkqhkiG9w0BAQwFADAlMSMwIQYDVQQD
ExpTQU1MX0lTRTMwLTFlay5leGFtcGxlLmNvbTAeFw0yMDA5MTAxMDMyMzFaFw0yNTA5MDkxMDMy
MzFaMCUxIzAhBgNVBAMTGlNBTUxfSVNFMzAtMWVrLmV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAt+MixKfuZvg/oAWGEs6zrUYL3H2JwvZw9yJs6sJ8/BpP6Sw027wh
FXnESXpqmmoSVrVEcQIrDdk3l8UYNn/+98PPkIi/4ftyFjZK9YdeverD6nrA2MeoLCzGlkWq/y4i
vvVcYuW344pySm65awVvro3q84x9esHqyLahExs9guiLJryD497XmNP4Z8eTHCctu777PuI1wLO4
QOYUs2sozXvR98D9Jok/+PjH3bjmVKapqAcNEFvk8Ez9x1sMBUgFwP4YdZzQB9IRVkQdIJGvqMyf
a6gn+KaddJnmIbXKFbrTaFii2IvRs3qHJ0mMVfYRnYeMql9/PhzvSFtjRe32x/aQh23j9dCsVXmQ
ZmXpZyxxJ8p4RqyM0YgkfxnQXXtV9K0sRZPFn6O+iszUw2hARRG/tE0hTuVXpbonG2dT109JeeEe
S1E5uxenJvYkU7mMamvBjYQN6qVyyogf8FOlHTSfd6TDsK3QhmzOjg50PrBvvg5qE6OrxxNvqSVZ
1dhx/iHZAZ1yYSVdwizsZMCw0PjSwrRPx/h8l03djeW0aL5R1AF1qTFHVHSNvigzh6FyjdkUJH66
JAygPe0PKJFRgYzh5vWoJ41qvdQjlGk3c/zYi57MR1Bs0mkSvkOGbmjSsb+EehnYyLLB8FG3De2V
ZaXaHZ37gmoCNNmZHrn+GB0CAwEAAaOBkTCBjjAgBgNVHREEGTAXghVJU0UzMC0xZWsuZXhhbXBs
ZS5jb20wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAuwwHQYDVR0OBBYEFPT/6jpfyugxRolbjzWJ
858WfTP1MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjARBglghkgBhvhCAQEEBAMCBkAw
DQYJKoZIhvcNAQEMBQADggIBABGyWZbLajM2LyLASg//4N6mL+xu/9IMdVvNWBQodF+j0WusW15a
VPSQU2t3Ckd/I1anvpK+cp77NMjo9V9oWI3/ZnjZHGoFAIcHnlGCoEjmC1TvLau7ZzhCCII37DFA
yMKDrXLi3pR+ONlXlTIvjpHTTzrKm1NHhkxkx/Js5Iuz+MyRKP8FNmWT0q4XGejyKzJWrqEu+bc1
idCl/gBNuCHgqmFeM82IGQ7jVOm1kBjLb4pTDbYk4fMIbJVh4V2Pgi++6MIfXAYEwL+LHjSGHCQT
PSM3+kpv1wHHpGWzQSmcJ4tXVXV95W0NC+LxQZLBPNMUZorhuYCILXZxvXH1HGJJ0YKx9lk9Ubd2
s5JaD+GN8jqm5XXAau7S4BawfvCo3boOiXnSvgcIuH9YFiR2lp2n/2X0VVbdPHYZtqGieqBWebHr
4I1z18FXblYyMzpIkhtOOvkP5mAlR92VXBkvx2WPjtzQrvOtSXgvTCOKErYCBM/jnuwsztV7FVTV
JNdFwOsnXC70YngZeujZyjPoUbfRKZI34VKZp4iO5bZsGlbWE9Skdquv0PaQ8ecXTv8OCVBYUegl
vt0pdel8h/9jImdLG8dF0rbADGHiieTcntSDdw3E7JFmS/oHw7FsA5GI8IxXfcOWUx/L0Dx3jTNd
ZlAXp4juySODIx9yDyM4yV0f
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://sponsor30.example.com:8445/sponsorportal/SSOLogoutRequest.action?portal=bd48c1a1-9477-4746-8e40-e43d20c9f429" ResponseLocation="https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</md:NameIDFormat>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action" index="0"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.48.23.86:8445/sponsorportal/SSOLoginResponse.action" index="1"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.48.26.63:8445/sponsorportal/SSOLoginResponse.action" index="2"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://10.48.26.60:8445/sponsorportal/SSOLoginResponse.action" index="3"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ise30-1ek.example.com:8445/sponsorportal/SSOLoginResponse.action" index="4"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ise30-2ek.example.com:8445/sponsorportal/SSOLoginResponse.action" index="5"/>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://ise30-3ek.example.com:8445/sponsorportal/SSOLoginResponse.action" index="6"/>

</md:SPSSODescriptor>
</md:EntityDescriptor>

De acordo com o arquivo XML:

SingleLogoutService ResponseLocation="https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action"

IDdaentidade="http://CiscoISE/100d02da-9457-41e8-87d7-0965b0714db2"

AssertionConsumerService Location="https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action"

AssertionConsumerService Location="https://10.48.23.86:8445/sponsorportal/SSOLoginResponse.action"

AssertionConsumerService Location="https://10.48.23.63:8445/sponsorportal/SSOLoginResponse.action"

AssertionConsumerService Location="https://10.48.26.60:8445/sponsorportal/SSOLoginResponse.action"

AssertionConsumerService Location="https://ise30-1ek.example.com:8445/sponsorportal/SSOLoginResponse.action"

AssertionConsumerService Location="https://ise30-2ek.example.com:8445/sponsorportal/SSOLoginResponse.action"

AssertionConsumerService Location="https://ise30-3ek.example.com:8445/sponsorportal/SSOLoginResponse.action"

Etapa 2. Definir as Configurações do IdP do Azure AD

1. Criar um Usuário do Azure AD

Faça login no Painel do Centro de Administração do Azure Ative Diretory e selecione seu AD como mostrado na imagem.

Selecione Users, clique em New User, configure User name, Name e Initial Password. Clique em Criar como mostrado na imagem.

2. Criar um Grupo AD do Azure

Selecione Grupos. Clique em Novo grupo conforme mostrado na imagem.

Mantenha o tipo de grupo como Segurança. Configure o nome do grupo conforme mostrado na imagem.

3. Atribuir Usuário do Azure AD ao Grupo

Clique em Nenhum membro selecionado. Escolha o usuário e clique em Selecionar. Clique em Criar para criar o grupo com um Usuário atribuído a ele.

Anote a ID do objeto de grupo, nesta tela, ela é f626733b-eb37-4cf2-b2a6-c2895fd5f4d3 para o grupo de patrocinadores.

4. Criar um Aplicativo Azure AD Enterprise

Em AD, selecione Enterprise Applications e clique em New application conforme mostrado na imagem.

Selecione o aplicativo Não é galeria como mostrado na imagem.

Digite o nome do aplicativo e clique em Adicionar.

5. Adicionar grupo ao aplicativo

Selecione Atribuir usuários e grupos.

Clique em Adicionar usuário.

Clique em Usuários e grupos.

Escolha o Grupo configurado anteriormente e clique em Selecionar.

Note: Cabe a você selecionar o conjunto certo de usuários ou grupos que devem obter acesso.

Quando o grupo for selecionado, clique em Atribuir conforme mostrado na imagem.

Como resultado, o menu Usuários e grupos de seu aplicativo deve ser preenchido com o grupo selecionado.

6. Configurar um Aplicativo Azure AD Enterprise

Volte para o Aplicativo e clique em Configurar logon único conforme mostrado na imagem.

Selecione SAML na próxima tela.

Clique em Editar ao lado de Configuração SAML básica.

Preencha o Identificador (ID da entidade) com o valor de ID da entidade do arquivo XML da etapa Exportar informações do provedor de serviços. Preencha a URL de resposta (URL de serviço do consumidor de asserção) com o valor de Locais do AssertionConsumerService. Preencha o valor de Url de Logoff com ResponseLocation do SingleLogoutService. Clique em Salvar.

Note: A URL de resposta atua como uma lista de aprovação, o que permite que determinados URLs atuem como origem quando redirecionados para a página IdP.

7. Configurar Atributo de Grupo do Ative Diretory

Para retornar o valor do atributo do grupo configurado anteriormente, clique em Editar ao lado de Atributos e reivindicações do usuário.

Clique em Adicionar uma reivindicação de grupo.

Selecione Grupos de segurança e clique em Salvar. O atributo de origem retornado na asserção é um ID de grupo, que é um ID de objeto de grupo capturado anteriormente.

Anote o nome da Reivindicação para o grupo. Nesse caso, é o http://schemas.microsoft.com/ws/2008/06/identity/claims/groups.

8. Baixar Arquivo XML de Metadados de Federação do Azure

Clique em Download em XML de metadados de federação em SAML Signing Certificate.

Etapa 3. Carregar Metadados do Azure Ative Diretory para o ISE

Navegue até Administration > Identity Management > External Identity Sources > SAML Id Providers > [Your SAML Provider].

Mude para a guia Config. provedor de identidade. e clique no botão Procurar. Selecione o ficheiro XML de Metadados de Federação na etapa Transferir XML de Metadados de Federação do Azure e clique em Guardar.

Note: A falha da interface do usuário com a configuração do provedor de identidade deve ser tratada em CSCvv74517.

Etapa 4. Configurar grupos SAML no ISE

Mude para a guia Grupos e cole o valor do Nome da reivindicação do atributo Configurar Grupo do Ative Diretory no Atributo de Associação do Grupo.

Clique em Adicionar. Preencha o Nome na Asserção com o valor da ID do Objeto do Grupo Patrocinador capturado em Atribuir Usuário do Azure Ative Diretory ao Grupo. Configure o Nome no ISE com o valor significativo nesse caso, é o Grupo de Patrocinadores do Azure. Click OK. Clique em Save.

Isso cria um mapeamento entre o Grupo no Azure e o nome do Grupo que pode ser usado no ISE.

Etapa 5. Configurar o mapeamento de grupo de patrocinadores no ISE

Navegue até Centros de Trabalho > Acesso de Convidado > Portais e Componentes > Grupos de Patrocinadores e selecione Grupo de Patrocinadores que deseja mapear para o Grupo AD do Azure. Neste exemplo, ALL_ACCOUNTS (padrão) foi usado.

Clique em Membros... e adicione Azure_SAML:Azure Sponsor Group a Seleted User Groups. Isso mapeia o Grupo de Patrocinadores no Azure para o Grupo de Patrocinadores ALL_ACCOUNTS. Clique em OK. Clique em Salvar.

Verificar

Use esta seção para confirmar se a sua configuração funciona corretamente.

Note: O novo usuário é forçado a alterar a senha do usuário no primeiro login. E aceite que as etapas de verificação AUP não cobrem isso. A verificação abrange o cenário, em que os usuários fazem login não pela primeira vez, e a AUP já foi aceita uma vez pelo Patrocinador (alice).

Agora, se você abrir o Portal do Patrocinador (na URL do teste, por exemplo), será redirecionado para o Azure para entrar e, em seguida, voltar para o Portal do Patrocinador.

1. Inicie o Portal do Patrocinador com seu FQDN no link do URL do Teste do Portal. O ISE deve redirecioná-lo para a página de entrada do Azure. Insira o nome de usuário criado anteriormente e clique em Avançar.

2. Digite a senha e clique em Entrar. A tela de login do IdP redireciona o usuário para o Portal do Patrocinador do ISE inicial.

3. Aceite o AUP.

4. Neste ponto, o usuário do patrocinador deve ter acesso total ao portal com permissões de grupo de patrocinadores ALL_ACCOUNTS.

5. Clique em Sair no menu suspenso Welcome (Bem-vindo).

6. O usuário deve ser desconectado com êxito e redirecionado para a tela de login novamente.

Troubleshoot

Esta seção fornece informações que podem ser usadas para o troubleshooting da sua configuração.

Problemas comuns

É vital entender que a autenticação SAML é tratada entre o navegador e o Azure Ative Diretory. Assim, você pode obter erros relacionados à autenticação diretamente do provedor de identidade (Azure), onde o comprometimento do ISE ainda não foi iniciado.

Problema 1. O usuário digita a senha errada, nenhum processamento de dados do usuário foi feito no ISE, o problema vem diretamente do IdP (Azure). Para corrigir: Redefina a senha ou forneça os dados de senha corretos.

Problema 2. O usuário não faz parte do grupo que deveria ter permissão para acessar SAML SSO, novamente nesse caso, nenhum processamento de dados do usuário foi feito no ISE, o problema vem diretamente do IdP (Azure). Para corrigir: Verifique se o grupo Add (Adicionar) à etapa de configuração do aplicativo foi executado corretamente.

3. O Sing Out não funciona como esperado, esse erro é visto - "Falha no Logout SSO. Ocorreu um problema ao encerrar a sessão SSO. Entre em contato com o help desk para obter assistência." Ele pode ser visto quando a URL de logoff não está configurada corretamente no IdP de SAML. Nesse caso, este URL foi usado como "https://sponsor30.example.com:8445/sponsorportal/SSOLogoutRequest.action?portal=100d02da-9457-41e8-87d7-0965b0714db2" enquanto deveria ser "https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action" Para corrigir: digite a URL correta na URL de Logoff no IdP do Azure.

Solução de problemas do cliente

Para verificar se o payload SAML é recebido, você pode usar as ferramentas de desenvolvedor da Web. Navegue até Ferramentas > Web Developer > Rede se você fizer uso do Firefox e efetuar login com credenciais do Azure no Portal. Você pode ver a resposta SAML criptografada na guia Params:

Troubleshooting do ISE

O nível de log dos componentes aqui deve ser alterado no ISE. Navegue até Operations > Troubleshoot > Debug Wizard > Debug Log Configuration.

Nome do componente	Nível de log	Nome do arquivo de log
acesso de convidado	DEBUG	guest.log
portal-web-ação	DEBUG	guest.log
opensamol	DEBUG	ise-psc.log
amostra	DEBUG	ise-psc.log

Conjunto de depurações em funcionamento no momento da execução correta do fluxo (ise-psc.log):

1. O usuário é redirecionado para a URL do IdP no portal do patrocinador.

2020-09-16 10:43:59,207 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: 
https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SPProviderId for Azure_SAML is: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML request - providerId (as should be found in IdP configuration):
http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML request - returnToId (relay state):
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId_EQUALSbd48c1a1-9477-4746-8e40-e43d20c9f429_SEMIportalSessionId_EQUALS8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_SEMItoken_EQUALSOA6CZJQD7X67TLYHE4Y3EM3EY097E2J_SEMI_DELIMITERsponsor30.example.com
2020-09-16 10:43:59,211 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML request - spUrlToReturnTo:
https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action

2. A resposta SAML é recebida do navegador.

2020-09-16 10:44:11,122 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,126 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
2020-09-16 10:44:11,126 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State
:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,126 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
2020-09-16 10:44:11,129 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,129 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
2020-09-16 10:44:11,133 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
2020-09-16 10:44:11,134 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Is redirect requiered: InitiatorPSN:sponsor30.example.com 
This node's host name:ISE30-1ek LB:null request Server Name:sponsor30.example.com
2020-09-16 10:44:11,182 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- This node is the initiator (sponsor30.example.com) this node host name is:sponsor30.example.com
2020-09-16 10:44:11,184 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://javax.xml.XMLConstants/feature/secure-processing'
2020-09-16 10:44:11,187 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://apache.org/xml/features/disallow-doctype-decl'
2020-09-16 10:44:11,190 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Beginning to decode message from inbound transport of type: org.opensaml.ws.transport.http.HttpServletRequestAdapter
2020-09-16 10:44:11,190 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.HTTPPostDecoder -::::- Decoded SAML relay state of: 
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId_EQUALSbd48c1a1-9477-4746-8e40-e43d20c9f429_SEMIportalSessionId_EQUALS8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_SEMItoken_EQUALSOA6CZJQD7X67TLYHE4Y3EM3EY097E2J_SEMI_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,190 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.HTTPPostDecoder -::::- Getting Base64 encoded message from request
2020-09-16 10:44:11,191 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Parsing message stream into DOM document
2020-09-16 10:44:11,193 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Unmarshalling message DOM
2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Starting to unmarshall Apache XML-Security-based SignatureImpl element
2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Constructing Apache XMLSignature object
2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Adding canonicalization and signing algorithms, and HMAC output length to Signature
2020-09-16 10:44:11,195 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.xml.signature.impl.SignatureUnmarshaller -::::- Adding KeyInfo to Signature
2020-09-16 10:44:11,197 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Message succesfully unmarshalled
2020-09-16 10:44:11,197 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.HTTPPostDecoder -::::- Decoded SAML message
2020-09-16 10:44:11,197 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder -::::- Extracting ID, issuer and issue instant from status response
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- No security policy resolver attached to this message context, no security policy evaluation attempted
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Successfully decoded message.
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Checking SAML message intended destination endpoint against receiver endpoint
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Intended message destination endpoint: 
https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Actual message receiver endpoint: 
https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- 
SAML decoder's URIComparator - [https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action] vs. [https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action]
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- 
SAML message intended destination endpoint matched recipient endpoint
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: statusCode:urn:oasis:names:tc:SAML:2.0:status:Success

3. A análise de atributo (asserção) foi iniciada.

2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
http://schemas.microsoft.com/identity/claims/tenantid
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
Attribute=<http://schemas.microsoft.com/identity/claims/tenantid> add value=<64ace648-115d-4ad9-a3bf-76601b0f8d5c>
2020-09-16 10:44:11,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - 
attribute<http://schemas.microsoft.com/identity/claims/tenantid> value=<64ace648-115d-4ad9-a3bf-76601b0f8d5c>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
http://schemas.microsoft.com/identity/claims/objectidentifier
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
Attribute=<http://schemas.microsoft.com/identity/claims/objectidentifier> add value=<50ba7e39-e7fb-4cb1-8256-0537e8a09146>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - 
attribute<http://schemas.microsoft.com/identity/claims/objectidentifier> value=<50ba7e39-e7fb-4cb1-8256-0537e8a09146>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
http://schemas.microsoft.com/identity/claims/displayname
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
Attribute=<http://schemas.microsoft.com/identity/claims/displayname> add value=<Alice>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - 
attribute<http://schemas.microsoft.com/identity/claims/displayname> value=<Alice>

4. O atributo de grupo é recebido com o valor de f626733b-eb37-4cf2-b2a6-c2895fd5f4d3, validação de assinatura.

2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
Attribute=<http://schemas.microsoft.com/ws/2008/06/identity/claims/groups> add value=<f626733b-eb37-4cf2-b2a6-c2895fd5f4d3>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
<http://schemas.microsoft.com/ws/2008/06/identity/claims/groups> value=<f626733b-eb37-4cf2-b2a6-c2895fd5f4d3>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
http://schemas.microsoft.com/identity/claims/identityprovider
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
Attribute=<http://schemas.microsoft.com/identity/claims/identityprovider> add value=<https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
<http://schemas.microsoft.com/identity/claims/identityprovider> value=<https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
http://schemas.microsoft.com/claims/authnmethodsreferences
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
Attribute=<http://schemas.microsoft.com/claims/authnmethodsreferences> add value=<http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
<http://schemas.microsoft.com/claims/authnmethodsreferences> value=<http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Found attribute name : 
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Delimeter not configured, 
Attribute=<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name> add value=<alice@ekorneyccisco.onmicrosoft.com>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] Set on IdpResponse object - attribute
<http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name> value=<alice@ekorneyccisco.onmicrosoft.com>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::getUserNameFromAssertion: IdentityAttribute is set to Subject Name
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::getUserNameFromAssertion: username value from Subject is=[alice@ekorneyccisco.onmicrosoft.com]
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::getUserNameFromAssertion: username set to=[alice@ekorneyccisco.onmicrosoft.com]
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: Found value for 'username' attribute assertion: alice@ekorneyccisco.onmicrosoft.com
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.cfg.IdentityProviderMgr -::::- getDict: Azure_SAML
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:readDict]: read Dict attribute=<ExternalGroups>
2020-09-16 10:44:11,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
Attribute <http://schemas.microsoft.com/identity/claims/displayname> NOT configured in IdP dictionary, NOT caching
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [cacheGroupAttr] Adding to cache ExternalGroup values=<f626733b-eb37-4cf2-b2a6-c2895fd5f4d3>
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
Attribute <http://schemas.microsoft.com/identity/claims/tenantid> NOT configured in IdP dictionary, NOT caching
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
Attribute <http://schemas.microsoft.com/identity/claims/identityprovider> NOT configured in IdP dictionary, NOT caching
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
Attribute <http://schemas.microsoft.com/identity/claims/objectidentifier> NOT configured in IdP dictionary, NOT caching
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
Attribute <http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name> NOT configured in IdP dictionary, NOT caching
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [parseAttributes] 
Attribute <http://schemas.microsoft.com/claims/authnmethodsreferences> NOT configured in IdP dictionary, NOT caching
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [storeAttributesSessionData] idStore=<Azure_SAML> userName=alice@ekorneyccisco.onmicrosoft.com>
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLAttributesParser -::::- [SAMLAttributesParser:getEmail] The email attribute not configured on IdP
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: email attribute value: 
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal ID:bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:
portalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:
_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId=bd48c1a1-9477-4746-8e40-e43d20c9f429;portalSessionId=8fa19bf2-9fa6-4892-b082-5cdabfb5daa1;
token=OA6CZJQD7X67TLYHE4Y3EM3EY097E2J;_DELIMITERsponsor30.example.com
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. 
IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
2020-09-16 10:44:11,201 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SPProviderId for Azure_SAML is: 
http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- ResponseValidationContext:
IdP URI: https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/
SP URI: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
Assertion Consumer URL: https://sponsor30.example.com:8445/sponsorportal/SSOLoginResponse.action
Request Id: _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITERportalId_EQUALSbd48c1a1-9477-4746-8e40-e43d20c9f429_SEMIportalSessionId_EQUALS8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_SEMItoken_EQUALSOA6CZJQD7X67TLYHE4Y3EM3EY097E2J_SEMI_DELIMITERsponsor30.example.com
Client Address: 10.61.170.160
Load Balancer: null
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- no signature in response
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- Validating signature of assertion
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.BaseSignatureValidator -::::- Determine the signing certificate
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.BaseSignatureValidator -::::- Validate signature to SAML standard with cert:CN=Microsoft Azure Federated SSO Certificate serial:112959638548824708724869525057157788132
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.security.SAMLSignatureProfileValidator -::::- Saw Enveloped signature transform
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.security.SAMLSignatureProfileValidator -::::- Saw Exclusive C14N signature transform
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.BaseSignatureValidator -::::- Validate signature againsta signing certificate
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Attempting to validate signature using key from supplied credential
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Creating XMLSignature object
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Validating signature with signature algorithm URI: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-09-16 10:44:11,202 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] org.opensaml.xml.signature.SignatureValidator -::::- Signature validated with key from supplied credential
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- Assertion signature validated succesfully
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating response
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating assertion
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Assertion issuer succesfully validated
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Authentication statements succesfully validated
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Subject succesfully validated
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.validators.AssertionValidator -::::- Conditions succesfully validated
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: validation succeeded for alice@ekorneyccisco.onmicrosoft.com
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: found signature on the assertion
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Retrieve [CN=Microsoft Azure Federated SSO Certificate] as signing certificates
2020-09-16 10:44:11,204 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: loginInfo:SAMLLoginInfo: name=alice@ekorneyccisco.onmicrosoft.com, 
format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, sessionIndex=_4b798ec4-9aeb-40dc-8bed-6dd2fdd46800, time diff=26329
2020-09-16 10:44:11,292 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- AuthenticatePortalUser - Session:null IDPResponse:
IdP ID: Azure_SAML
Subject: alice@ekorneyccisco.onmicrosoft.com
SAML Status Code:urn:oasis:names:tc:SAML:2.0:status:Success
SAML Success:true
SAML Status Message:null
SAML email:
SAML Exception:nullUserRole : SPONSOR
2020-09-16 10:44:11,292 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- AuthenticatePortalUser - about to call authenticateSAMLUser messageCode:null subject:alice@ekorneyccisco.onmicrosoft.com
2020-09-16 10:44:11,306 INFO [RMI TCP Connection(346358)-127.0.0.1][] api.services.server.role.RoleImpl -::::- Fetched Role Information based on RoleID: 6dd3b090-8bff-11e6-996c-525400b48521
2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [SAMLSessionDataCache:getGroupsOnSession] idStore=<Azure_SAML> userName=<alice@ekorneyccisco.onmicrosoft.com>
2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cisco.cpm.saml.framework.SAMLSessionDataCache -::::- [getAttributeOnSession] idStore=<Azure_SAML> userName=<alice@ekorneyccisco.onmicrosoft.com> attributeName=<Azure_SAML.ExternalGroups>

5. O grupo de usuários é adicionado aos resultados da autenticação para que possa ser usado pelo Portal, a autenticação SAML é passada.

2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- AuthenticatePortalUser - added user groups from SAML response to AuthenticationResult, all retrieved groups:[f626733b-eb37-4cf2-b2a6-c2895fd5f4d3]
2020-09-16 10:44:11,320 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Authenticate SAML User - result:PASSED

6. Sair é acionado. O URL de Logout é recebido na Resposta SAML; https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action.

2020-09-16 10:44:51,462 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
2020-09-16 10:44:51,462 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- getLogoutMethod - method:REDIRECT_METHOD_LOGOUT
2020-09-16 10:44:51,462 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- getSignLogoutRequest - null
2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.MessageComposer -:::alice@ekorneyccisco.onmicrosoft.com:- buildLgoutRequest - loginInfo:SAMLLoginInfo: name=alice@ekorneyccisco.onmicrosoft.com, format=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress, sessionIndex=_4b798ec4-9aeb-40dc-8bed-6dd2fdd46800, time diff=26329
2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.SAMLFacadeImpl -:::alice@ekorneyccisco.onmicrosoft.com:- SPProviderId for Azure_SAML is: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.MessageComposer -:::alice@ekorneyccisco.onmicrosoft.com:- buildLgoutRequest - spProviderId:http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:44:51,463 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-8][] cpm.saml.framework.impl.MessageComposer -:::alice@ekorneyccisco.onmicrosoft.com:- buildLgoutRequest - logoutURL:https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
2020-09-16 10:44:53,199 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal ID:bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
2020-09-16 10:44:53,200 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- Is redirect requiered: InitiatorPSN:sponsor30.example.com This node's host name:ISE30-1ek LB:null request Server Name:sponsor30.example.com
2020-09-16 10:44:53,248 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- This node is the initiator (sponsor30.example.com) this node host name is:sponsor30.example.com
2020-09-16 10:44:53,249 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
2020-09-16 10:44:53,249 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:8fa19bf2-9fa6-4892-b082-5cdabfb5daa1
2020-09-16 10:44:53,250 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://javax.xml.XMLConstants/feature/secure-processing'
2020-09-16 10:44:53,251 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] org.opensaml.xml.parse.BasicParserPool -::::- Setting DocumentBuilderFactory attribute 'http://apache.org/xml/features/disallow-doctype-decl'
2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Beginning to decode message from inbound transport of type: org.opensaml.ws.transport.http.HttpServletRequestAdapter
2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder -::::- Decoded RelayState: _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder -::::- Base64 decoding and inflating SAML message
2020-09-16 10:44:53,253 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Parsing message stream into DOM document
2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Unmarshalling message DOM
2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Message succesfully unmarshalled
2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder -::::- Decoded SAML message
2020-09-16 10:44:53,256 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.saml2.binding.decoding.BaseSAML2MessageDecoder -::::- Extracting ID, issuer and issue instant from status response
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- No security policy resolver attached to this message context, no security policy evaluation attempted
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.ws.message.decoder.BaseMessageDecoder -::::- Successfully decoded message.
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Checking SAML message intended destination endpoint against receiver endpoint
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Intended message destination endpoint: https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- Actual message receiver endpoint: https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML decoder's URIComparator - [https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action] vs. [https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action]
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] opensaml.common.binding.decoding.BaseSAMLMessageDecoder -::::- SAML message intended destination endpoint matched recipient endpoint
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: statusCode:urn:oasis:names:tc:SAML:2.0:status:Success
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal ID:bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML HTTPRequest - Portal Session info:8fa19bf2-9fa6-4892-b082-5cdabfb5daa1
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML response - Relay State:_bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
2020-09-16 10:44:53,257 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML flow initiator PSN's Host name is:sponsor30.example.com
2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isLoadBalancerConfigured() - LB NOT configured for: Azure_SAML
2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAMLUtils::isOracle() - checking whether IDP URL indicates that its OAM. IDP URL: https://login.microsoftonline.com/64ace648-115d-4ad9-a3bf-76601b0f8d5c/saml2
2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SPProviderId for Azure_SAML is: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
2020-09-16 10:44:53,258 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- ResponseValidationContext:
IdP URI: https://sts.windows.net/64ace648-115d-4ad9-a3bf-76601b0f8d5c/
SP URI: http://CiscoISE/bd48c1a1-9477-4746-8e40-e43d20c9f429
Assertion Consumer URL: https://sponsor30.example.com:8445/sponsorportal/SSOLogoutResponse.action
Request Id: _bd48c1a1-9477-4746-8e40-e43d20c9f429_DELIMITER8fa19bf2-9fa6-4892-b082-5cdabfb5daa1_DELIMITERsponsor30.example.com
Client Address: 10.61.170.160
Load Balancer: null
2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- LogoutResponse signature validated succesfully
2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.SAMLSignatureValidator -::::- This is LogoutResponse (only REDIRECT is supported) no signature is on assertion, continue
2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating response
2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.validators.WebSSOResponseValidator -::::- Validating assertion
2020-09-16 10:44:53,259 DEBUG [https-jsse-nio-10.48.23.86-8445-exec-4][] cpm.saml.framework.impl.SAMLFacadeImpl -::::- SAML Response: validation succeeded for null

Colaborado por engenheiros da Cisco

Eugene Korneychuk
Cisco TAC Engineer

Configurar o Portal do Patrocinador do ISE 3.0 com o Azure AD SAML SSO

Opções de download

Linguagem imparcial

Sobre esta tradução

Contents

Introduction

Prerequisites

Requirements

Componentes Utilizados

Diagrama de fluxo de alto nível

Configurar

Etapa 1. Configurar o provedor de identidade e o portal do patrocinador do SAML no ISE

1. Configurar o Azure AD como Origem de Identidade SAML Externa

2. Configurar o Portal do Patrocinador para usar o Azure AD

3. Exportar informações do provedor de serviços

Etapa 2. Definir as Configurações do IdP do Azure AD

1. Criar um Usuário do Azure AD

2. Criar um Grupo AD do Azure

3. Atribuir Usuário do Azure AD ao Grupo

4. Criar um Aplicativo Azure AD Enterprise

5. Adicionar grupo ao aplicativo

6. Configurar um Aplicativo Azure AD Enterprise

7. Configurar Atributo de Grupo do Ative Diretory

8. Baixar Arquivo XML de Metadados de Federação do Azure

Etapa 3. Carregar Metadados do Azure Ative Diretory para o ISE

Etapa 4. Configurar grupos SAML no ISE

Etapa 5. Configurar o mapeamento de grupo de patrocinadores no ISE

Verificar

Troubleshoot

Problemas comuns

Solução de problemas do cliente

Troubleshooting do ISE

Colaborado por engenheiros da Cisco

Este documento lhe foi útil?

Contate a Cisco

Este documento se refere a estes produtos