2021-05-07 07:02:12,762 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://teenslabs-newprod.internal.hottemax.org/schuelerlabore/admin/login.php
2021-05-07 07:02:12,762 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:02:12,762 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:02:12,762 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_2704038ee29c914ff6bec46b12c11ffd81af348fe5"
    IssueInstant="2021-05-07T07:02:12Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-05-07 07:02:12,771 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp' from origin source
2021-05-07 07:02:12,771 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:02:12,771 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:02:12,771 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:02:12,771 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:02:12,771 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:02:12,771 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:02:12,771 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:02:12,771 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:02:12,772 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:02:12,772 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:02:12,772 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:02:12,772 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:02:12,772 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:02:12,772 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_2704038ee29c914ff6bec46b12c11ffd81af348fe5', issue instant '2021-05-07T07:02:12.000Z', entityID 'https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-05-07 07:02:12,772 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp' does not require AuthnRequests to be signed
2021-05-07 07:02:12,773 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:02:12,773 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:02:12,773 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:02:12,773 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:02:12,773 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:02:12,773 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:02:12,773 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:02:12,773 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:02:12,773 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:02:12,773 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:02:12,773 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:02:12,774 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:02:12,774 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:02:12,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:02:12,774 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:02:12,774 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:02:12,775 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:02:12,775 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:02:12,775 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:02:12,779 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:02:12,780 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:02:12.780Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:02:12,780 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:02:12,780 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:02:12,780 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:02:12,781 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:02:12,781 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:02:12,781 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:02:12,781 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:02:12,781 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:02:12,781 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:02:12,781 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:02:12,984 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'teenslabs-newprod.internal.hottemax.org'
2021-05-07 07:02:12,984 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:02:12,984 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:02:30,451 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'sheldon'
2021-05-07 07:02:30,451 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user sheldon
2021-05-07 07:02:30,451 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1665265634::identifier=sheldon, context=org.apache.velocity.VelocityContext@21ee9651]
2021-05-07 07:02:30,462 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=sheldon,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1665265634::identifier=sheldon, context=org.apache.velocity.VelocityContext@21ee9651]
2021-05-07 07:02:30,463 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'sheldon' succeeded
2021-05-07 07:02:30,463 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:02:30,463 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:02:30,463 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'sheldon'
2021-05-07 07:02:30,464 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'sheldon'
2021-05-07 07:02:30,464 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:02:30,464 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal sheldon
2021-05-07 07:02:30,464 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 85ebd10acf097ea05e2ee654f5f2a89edf8cafa6a9c4451c7d0a27b482eb34de for principal sheldon
2021-05-07 07:02:30,464 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 85ebd10acf097ea05e2ee654f5f2a89edf8cafa6a9c4451c7d0a27b482eb34de
2021-05-07 07:02:30,464 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2021-05-07 07:02:30,465 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:02:30,465 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName, eduPersonUniqueId]
2021-05-07 07:02:30,465 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:02:30,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:02:30,467 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:02:30,467 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:02:30,467 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2e21ee29'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:02:30,468 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-05-07 07:02:30,669 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'teenslabs-newprod.internal.hottemax.org'
2021-05-07 07:02:30,669 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:02:30,669 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-05-07 07:02:30,669 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-05-07 07:02:30,669 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:02:30,669 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-05-07 07:02:33,464 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210507T070233Z|https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp|AttributeReleaseConsent|sheldon|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:_key_idx'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1651906953464}'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp]' as '["sheldon:https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp"]'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2e21ee29'
2021-05-07 07:02:33,464 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:02:33,465 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:02:33,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:02:33,474 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:02:33,474 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _833234a332a7e31a7f4b2f59af177c76
2021-05-07 07:02:33,474 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _833234a332a7e31a7f4b2f59af177c76 to Response _5041d09a61d5282ffd0cd5c22ac4d59c
2021-05-07 07:02:33,474 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _833234a332a7e31a7f4b2f59af177c76
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2021-05-07 07:02:33,475 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxxex32WURmXiq1229+Trx5b86iaqIN0/KeVVJKSjEWJ4ERMGpux0vSBkvR6W0LgfZjgSWtom8xK+6kvY6PMmSAQbceBMw+Mwj8c570+1+6DluoUqzOotjAOZADI19iQRY/q+KKjPqzNcH2VvKFv+jAaMdlw8VmfZbgHPmJASibMwceDhQ2LQ3ZNizO5WW1FwTYBfyOe34 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 94.134.181.143
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _2704038ee29c914ff6bec46b12c11ffd81af348fe5
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _833234a332a7e31a7f4b2f59af177c76
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _833234a332a7e31a7f4b2f59af177c76 did not already contain Conditions, one was added
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:07:33.465Z, to Assertion _833234a332a7e31a7f4b2f59af177c76
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _833234a332a7e31a7f4b2f59af177c76 already contained Conditions, nothing was done
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _833234a332a7e31a7f4b2f59af177c76 already contained Conditions, nothing was done
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp as an Audience of the AudienceRestriction
2021-05-07 07:02:33,476 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _833234a332a7e31a7f4b2f59af177c76
2021-05-07 07:02:33,477 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp to existing session 85ebd10acf097ea05e2ee654f5f2a89edf8cafa6a9c4451c7d0a27b482eb34de
2021-05-07 07:02:33,477 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp in session 85ebd10acf097ea05e2ee654f5f2a89edf8cafa6a9c4451c7d0a27b482eb34de
2021-05-07 07:02:33,477 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:02:33,477 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp and key AAdzZWNyZXQxxex32WURmXiq1229+Trx5b86iaqIN0/KeVVJKSjEWJ4ERMGpux0vSBkvR6W0LgfZjgSWtom8xK+6kvY6PMmSAQbceBMw+Mwj8c570+1+6DluoUqzOotjAOZADI19iQRY/q+KKjPqzNcH2VvKFv+jAaMdlw8VmfZbgHPmJASibMwceDhQ2LQ3ZNizO5WW1FwTYBfyOe34
2021-05-07 07:02:33,477 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:02:33,477 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:02:33,477 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-05-07 07:02:33,478 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5041d09a61d5282ffd0cd5c22ac4d59c"
    InResponseTo="_2704038ee29c914ff6bec46b12c11ffd81af348fe5"
    IssueInstant="2021-05-07T07:02:33.465Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_833234a332a7e31a7f4b2f59af177c76"
        IssueInstant="2021-05-07T07:02:33.465Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxxex32WURmXiq1229+Trx5b86iaqIN0/KeVVJKSjEWJ4ERMGpux0vSBkvR6W0LgfZjgSWtom8xK+6kvY6PMmSAQbceBMw+Mwj8c570+1+6DluoUqzOotjAOZADI19iQRY/q+KKjPqzNcH2VvKFv+jAaMdlw8VmfZbgHPmJASibMwceDhQ2LQ3ZNizO5WW1FwTYBfyOe34</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="94.134.181.143"
                    InResponseTo="_2704038ee29c914ff6bec46b12c11ffd81af348fe5"
                    NotOnOrAfter="2021-05-07T07:07:33.476Z" Recipient="https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:02:33.465Z" NotOnOrAfter="2021-05-07T07:07:33.465Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:02:30.463Z" SessionIndex="_dc51ccd2064f4c0479ea994fa1172cba">
            <saml2:SubjectLocality Address="94.134.181.143"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:02:33,486 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
2021-05-07 07:02:33,486 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
2021-05-07 07:02:33,486 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5041d09a61d5282ffd0cd5c22ac4d59c"
2021-05-07 07:02:33,486 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5041d09a61d5282ffd0cd5c22ac4d59c and Element was [saml2p:Response: null]
2021-05-07 07:02:33,486 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5041d09a61d5282ffd0cd5c22ac4d59c"
2021-05-07 07:02:33,486 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5041d09a61d5282ffd0cd5c22ac4d59c and Element was [saml2p:Response: null]
2021-05-07 07:02:33,488 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:02:33,488 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp' with encoded value 'https&#x3a;&#x2f;&#x2f;teenslabs-newprod.internal.hottemax.org&#x2f;simplesaml&#x2f;module.php&#x2f;saml&#x2f;sp&#x2f;saml2-acs.php&#x2f;default-sp'
2021-05-07 07:02:33,488 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:02:33,489 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://teenslabs-newprod.internal.hottemax.org/schuelerlabore/admin/login.php', encoded as 'https&#x3a;&#x2f;&#x2f;teenslabs-newprod.internal.hottemax.org&#x2f;schuelerlabore&#x2f;admin&#x2f;login.php'
2021-05-07 07:02:33,491 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    ID="_5041d09a61d5282ffd0cd5c22ac4d59c"
    InResponseTo="_2704038ee29c914ff6bec46b12c11ffd81af348fe5"
    IssueInstant="2021-05-07T07:02:33.465Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5041d09a61d5282ffd0cd5c22ac4d59c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>n86/Ka3DdJBQBqGtYmz/ckAvipOkesNZ6rIKSxeTPQY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>aqmENex/22C2QfUHmwFm4NaqM+ES7Asr3A7ju1+NF6wpZy3cCKbeGMug/+TnxzXH3nuFsmvt5BQpZaxqe/ZdIEIuh72T0fbz4mTPg7pBBO2zjCmf52VBLFE/yNmCIaBjf+vdw3MFHzTz5NEWU8mWaI/F3GifrmTjaAfXV8EM95uGKtc6JIFgTUjibBmV+I5Jkn1eCouSZmY3CU0cofl8DY90eochXF8mxXNW3XxryrTd+6qVRLyreemS0hMU+w2IORVd2/pLH5QYaH8csbF0KfKX1hDMnFmkjXEVqN4KjQdJP30xVGt529SPiaXFssHT4V8sIwD91d4hbsbv/PwfxQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_711ea567cf66ebfecc86499a49a6868a"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_c7e09eec408100227fd4b319e1d70f90"
                    Recipient="https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFazCCA9OgAwIBAgIUFDw+wMp7Cd1zzu2/4YGXnUYl++owDQYJKoZIhvcNAQELBQAwgcQxCzAJ
BgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxETAPBgNVBAcMCE11ZW5zdGVyMR0wGwYDVQQKDBRDb2xs
YXBzIGdvZXMgV2VzdGVybjEeMBwGA1UECwwVQnVzaW5lc3MgSW50ZWxsaWdlbmNlMTAwLgYDVQQD
DCd0ZWVuc2xhYnMtbmV3cHJvZC5pbnRlcm5hbC5ob3R0ZW1heC5vcmcxIzAhBgkqhkiG9w0BCQEW
FHJvY2hvbGxAaG90dGVtYXgub3JnMB4XDTIxMDMzMDE4MjUyMVoXDTMxMDMzMDE4MjUyMVowgcQx
CzAJBgNVBAYTAkRFMQwwCgYDVQQIDANOUlcxETAPBgNVBAcMCE11ZW5zdGVyMR0wGwYDVQQKDBRD
b2xsYXBzIGdvZXMgV2VzdGVybjEeMBwGA1UECwwVQnVzaW5lc3MgSW50ZWxsaWdlbmNlMTAwLgYD
VQQDDCd0ZWVuc2xhYnMtbmV3cHJvZC5pbnRlcm5hbC5ob3R0ZW1heC5vcmcxIzAhBgkqhkiG9w0B
CQEWFHJvY2hvbGxAaG90dGVtYXgub3JnMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA
pcNpB7ou6tm1/LnS4G4fyjKukPRxOB9A9tvoJKSzlzxm35Cg7Giw6N0n/G8aY2y8taSFu1HVU0bo
LJVzPucNQXV8uO0//1Lg/WnJ4fpcQmu72W6XmiUNPdw24J5BqSosixr/hBL+11tbgGL5gHe9pbEp
yXIpe7HA9cl5sPw0H8tUMVdI6x3YMUV7cALC+bB6x1MPcnvat6+Kc1ruwQjLTbWkFYqQhsiD94Zc
K6rH7jOVW4HGWhZy0wLht42K6Sd2NjShhaBSg7d0TOKu3TQ2u/l4V/x5dDtwI5+VzzUmmLIaxGzm
fKGk03F59lAGd9bPGR4H+U6eO0qwYZkZv+b9KtuMwtK4mSJyJ5jAwGn1xW9pLlHvXEx/QurWAPTG
9d3PdHXfO8/ICCBjrpNLlO0PBmBzZfENH6BFXOD5E+ywkhdEHnYtAKc9RipUlLdiN9VHgDDciE1P
6xs4MBOJvH+86iPrlJaqQdIQze/wZKvoYOpo3ToZxJWN4XGOZXqFAnG/AgMBAAGjUzBRMB0GA1Ud
DgQWBBQw6VZ6SOdjJirsD7ZszZYhx6G4dzAfBgNVHSMEGDAWgBQw6VZ6SOdjJirsD7ZszZYhx6G4
dzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBgQAY6l8WNeDAlKhLIuHK84HpWixO
NAC8bUc769E0ts6QgLjnFXjlpauc28gFweWjgQvNOVdambgFdc0WoDrcZVL7BE0zCTGTtVjaBO+p
XOM2WrCWeGJ1DwaY83dvH1eJQmbz0l8mwczOrTrKwDh+k8v6Cgdoh9+QUlnkS4n2RD0Q/4mNc+Xo
5Kb/0kGwby42fcXhvbyMPu5nmvKipLx7gZ+PvUHfuA3KEMJ8HAwR60lLJA/6iKeDj6c6qR8NzEyN
f9WgZk5gbZnvDeYIXgABIYVGilaTAfbDlPiGzwDN5Eh5ivWPgHZU/KdI/wRBzkkgpGW83ExnT9e8
l75NnKJS7jUMInFrKgKu1S5OHg+ZmZUtKNoaJ1APwLMIbXfXl1UPtCtQoQ4LaewHJW2TrgNPaJXv
hZS3GNiz8iMvpnccScsXzH6L4JaLUjjNiQqqKZxX6RK5aXAdiSYtH9L8lH/Gpgkq8zNWldQMBMWF
eTq5py3q1T3RYqH+v0kP2CDPlvL0HDM=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>L1W5eTUHu3f22tF5ATtvl1NRDiWUvTIWrb42L8cJ7qg9h/XneMY3ASTOVdJYupPbQqHdJTEH97xTL8bWdsAzbvHp2MveBEpl30Zlt61kobXjAcbjub864pltSLEgwR6VCJB22+zJlm7/j5/K0eFJegX8hK/oUbcthNGsNIvfaRs3JQcf8+kKuoLrhfSdYZbPFYd6ZH/xPMdIuCxP6I1ZIbQkcIMuh90/D3lySCXr6pS3sqd5eyHzK9rhFHEizDscgLMkBSLhgCwWPL3hNWwebCTqp+tm8jL/efvdW9St3MwY4fYU+X/FHHMAgrerTzTkJQNwSi6i+utHDAy78I2miPBzHbK7lkej1XSN1PH+NN1KzZy9kUN5qqXYZHvAybrBjeVJY2tHxNlzGp4EYu9PUtV96TyesnHYYxE28Hxn8k2t6+24k0IVZuq21WAz57tYYhLItjge1P0QTiEH2hYnTZq9rAXfwT9ZIIl64CEKWIOl0H+xr4rlZVjNUDhjK95m</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>k8v7v5mJnHlQCSDPt9WQc73hhNCW84LFDz88pGkwukRr1wYJg1NWSMYRkOIWQafY1xm/VnvbW0aE4atoMNc/UIaGGjR9xoKTCHq/igszwUmwtzhbqzSfOau2Y24QUoC01UYi0ep+KBzKAg/fGGP+zxajl3r7+x7G5PewFQGrI5CauMjo/6/vkt62jeTxOx6Ae+uR8A6uo6yNo9+QlkvjGL9yxKD7giOlixiRLf7ejGthu/vDx051/RpQxQ33iXCd5cv9nJT0AeGaSNQNSGfsEryUc2T1Mpphhn6IgxZN7BxssNWVtUvt5QeozfVU3rVoTCukr10auOH2ILHrMinXTyAf0AbwH/Kq4w5s19ztMZOjWvYOXkMsuQE9gWX7yU8+kK1DUvQ2gZIQppHkU4Rj2BqJRxPnHuxnXXplEeQkW/W8Uq37Rf/kUzqX76qRdZmN8fHwBq7J/OwaGXRb/CbbSD64X+l3mqh1PFD8O+IX7UqaZtteihDupEw1X8C6VIAEvdv5AQ2MytBwD3l//Je8T4evcI0aItEVd8CypR7yiB5YPsaq0GTP/PuV7PR0lkN1vIjr+bFMagQUWVOmItFt0hLTHOMsVo9lQ6CLdTT6aZXgT/DlYsC6vFLtLsz5dBWTYaPjS+lSx3R5gXG4k1qRMGB/QZXQO8Y/eQQ/1S1IgdYzg1FLOrlXSe3UCq5aeGzeLkyaHnAKsOFssNly2LZ21n0eguI1aq+uR3ogXIpTNogDoe0Jxq0nCMQ7DIoiHudh/kK7PXgtf835JW8EECPpcizH8fVkFdzvW+Hb/uoRfZXqjBY+oaKTHd4k+YlhyuemVRYRYhYCzun3WcyeMkB7fHGz/+Dwtx23lWqS0PB3D4dkJnMN/KFbDma+MtKjkHE9Uq8JB+rjMHjdyYgWYzF3JLL/Cypy1H8LStIhuLnHIBDVqTXlbvwFfcG9oYCC3pDNYwP87eLj88R1+fCY2VnlZQEPf8I7STv/eiYjgIRLimat15wB+l1finm2Is4Qht/T08n+4tUSQAryuAhBnilEKjeSjp+TOXarKGzz7teQ4dQmO8NZ9OpBGLi7CLVd5Ypsz7FWchb0kKUybh9mOcwG+xZ8ANryZ2PEDzQgz6vkyJDLZwMviYR2tuMb5u6XRZ28aY+olR5K49aBO7yhYyHLYZnbZnPfC7oxJeNxG9ogCC1DgnA6APrShOTpalYKbDfeohvzGvM4BlmzsjEWeiIZDP6wIaD17Nsu7ilLcxKWzimPsb2qu9Dbgms925y56PwbinJ4nAroijFscb7cHWpUQNOaSTxYGD8OjqoZmUf25zkfW4kNPXXasGljvcVQTuxk0BYAPTSfW6X7hN6Ca09ueT6QB40/GLmTcy/eP6V3rubvytMrc0gFsJhDPwK3zZ5lbBw+Sotu6HkmF9dh+vhNQ3WSu7jAwKvd5+B4T4gWOXAxpugXE5wnW4BD9niuu2fO4xwe7yTQy2VUyC3FNTENAkx5B134FHyGXEiO2UuARNgnSEQcNTO5CHiZv+6w7cdOniaYZTCQYxzPkLiQr68fbJMXvPUQgoFb3UFcYeVXCUBdrQE8oFhCF9MJw/8IO5/JQVPvpMGJqMP3D9/vd7dWOffBkfP80/0sw81d0LQ35wpWqxtbTxBW9LJQEikZkELhpHqdF5rn2g0/6VktXwucpkBILySctKJOjkvbyNhQiIIcYWJ2Zy68ROrOalPFpo0bl400zkeVpEYCrct+L5duxVUOvvEn84/gZObLC9x3EVeH96U+cMO5s7F/S/oKa/g46dtS9TgiEGW9C678AZGduLNPv1C8ip4MAOi82yR53bpPUmW2UF5ErsADd1eMO26ZqhXSvDeGHCoTWd3L0Y6r5ZqoktcAmNSSQnRD1vXcpuCEGM4fEf+IaOUyrJFdcLPeAGzhxtceTbie9N0pHA0ZBxCTT6Pxt8Qq3rVYWYEE1b1CZdlx/V2nK1BNjriow1TFLHoE6FC9RTmHw6uA5RWQKjqOzSvQOwN3Aqd9u5kFSQrLlimvxw6tUw74Le9yA0gCKXuM/7mq4eKBLgdJT+SCdtQHH+YDXBbT9Mm9mhMi7EKPbJXhUPpaNrA18JUhQw9hbG1j02EvYb2BDHcik5FqqsKXa520Z/fVdn3Pli2UDT/n0KZ/7Zlz7W48SxZ3vBojfERLF0zi5bOtK7rIliibDYArGIxM7UwBSmg8k1Rj1TznMOdtwgSs7t5NITRrYgG4ZAwwX/iq3nwo6s9uZETwAAVQrssnHR86VAlMXx1jZuTOthR7LnsI9psrdDnICqVq2ke85KuLoTHHsXKV7noREbgh9Xp8xXSJc0xMifAJWmGHnLQVuJ/DQXdR9KqYCYg+bmw8xraDcKHQon/JEHIHS987/qGXI+EdSRB1CdGhhIKXg8hg/Qb72+k4r3dkEegajiQ/eDxYmaOL0R3Kf+hfYb2hSW1LaQoXiJ8hNJrh/I/sJolVQg3alesOAdjXYvyDH9AVPXRta8sPzu9IulHjoS+HKLeUmTqpd9mpH7F57Yu8cEwxMSzpR3+rZ/t0RdnjeGGNm6Ikjvq/QKKJ1G6fX2Kd7o+NiZabIjJ8ZOQD6iwNMv/05wUI4NAPLVAQt3pgTqgDQxFBNRG9AXeJ7sRj017LrzaFAZzr+9aMOBoOeU5ngWaFUk33gLolw8SxqjzykRsE9CN5ZYWHy6VejFnBafP4oxcZYdUsXWmNyKFIq93+LiVNG73pN2AILZkC4zSaSPZz5+WIUzitn3EP2psm1pkWMno7ETgDWJp4+zNRKwWMbKVSIQRtkjsEGp+Ih6DSvLcACWuXRrqe4PpG/fP05Fvx1+gf6X0FMmaxUus3lBiIbupFuO76l5tjSzvvFgXgqUf7Aor2lGVHdp2rddzQfQl+4qzgfxfszsHT4oPU8FsRWjMV0UcbQ66rX4mIa3hKRsSDNcvI+WtDwLwkwZ0LMCfxJWqyEdY4NkCGwcobm/aWvB4WQ0hnQ9NCC4hS4UjVyYv9szG/1hHIs5+gqaYJwr968TGH6wmKLK1UQCGflvcc2nA9zKQIw2qa7QsBvh54nQZrXwYmHa6SrXB8gQGaryDZXebYFGiCoYge+/W6/Oc+6e3gG8v/+6+sA2jUVpZbeeSgiHri5wzfJ8hKAl+l2ejhbtjVr7XJDzogu7Fd0OPBDgh6w30Y4zrtXhm6T2mCy98x/U2hP9tOvF+wQq00TdQbsr817DLnWSsDGIE6bk1Tc6ik7f42XKApcph9lxzq8tSsDE2eJua7putlS/9mZwS+9v2cQ0bqnhuXfwF/pZmZV0rRgGXTYVPRaeeNXfyV/xlCe0K8e28O0kYyJUPY3DZOhydzBdY9+6r3yZgUdkmoA7LTR5OEvfWq17g86oEa64cAH5haees4i6d6XJXWdjfOPuXIni376KBpvlnKzYT3WIzVgLmvYI/abkPeiTENwTgg6FLgTRwvsqPASVP9WQ7Ko8U+HqbqvDFjInHJ7LmOFp2eRIEBHH/YsuUJSLAzwqZE9Aw2T5UWihL2QiXz6dvDxcokCoKh8pFqOZ6h1OhxeI/i4I6q8P2Y1KM+zLISB4Mf9v3fdqR9sqNPSM7fqyn+8D+JaW4fgvi6lrB7f8SXayvu+EV7gObA3/rhRk109eDsKn/KxDUYClNJzoLND4iCcdGf8frmpmiNMPNCO+RotuSsf9twOCB+TaF9TGZmrz+fcSWqG7tZJrDMctcCqpwSz5XKkGb441Kj2ypdwN0SawJRwx4eqVap4QzeJte14cuiFJy7VlTNI7P6H0wBk573axu2k6y3WAM/fdsjb1CvcVjkLup2e3OMjefMvE0a9xzITC4dFMUHPHBoRyLQsuieCU5urWkP2ysuPNWF+bjp6I5RyvmvTCyKHd4MO/vchm50JtujGm61Jtchw17ycUiK+FrWAvH1RoHWD9I1OlToQrb4V46txehNgzwFD2/hftI/cfjntiaOPUDz16pIET7+AgSaRi+5L32AYuN7QxiXgO/4KJhfVYCfJ8cNA/iyWCQAdhcKvwFDQd5/IoJ0UaT6mnizC3y5NqorzPbcz+kKGvlZXKO/hGRPT8awokiNCCptcBxWVfU5Ypc6mImK77IZhiXfs0kutpxCrdJXIN18xlXD/grjHrQ0IuPzcgGWBakEeCBvNnIYIkv+q0DQqOrQQkQx8wm8fve6VX+CBPDYZqlzq4HPBqVEfVjTBsh6TwnbZrWcjuW8hiUGNIx3fHU/uRG48XYsTTRglYvpMnqI5xq4TY/S0SJnx3eh2APT03i8Q1TZXSZuX8RGxkh0CwYblqhpJiGOBVrNuGn7kwXd9y2dnV/Rst1/ZwcObCD5HY1hYjtwBxJC8W4wrHRpGjoJzwhaWS6vDDlRLTuqlL09vG5aLGFtF4Tazd9D+2+3+Zk9p66SjnuIz4417b1BZwTmlvb8WrltJT6hOj9TShJg2XDuR6Lu1CZTJcEOBZwyNZe7Cc01T7MgWIy0kQSqGV2aSlB8sWFFL95oFnlTYj3JW2sCZZ5rePRgKx40LoCi03pYPoJmIwK2otQQxjUG1pSpKJsqsxg1RxapdAj/vSloDOOZuqtELIg9G27tSBlbELL476auwslUlRZPr4h+8HqxlMg0wlX7+7bX3YQD74qynI6Bvm44HEv6+hakyTlaNvyX3KhMSZVBbrij+kS42ipdLjdK8TYAZQpFD73atQhxxh9cO9ffVuN+C6EZaa9Nn9S4X/fb1Tv8UJjiXccD3CrPTJUtPXj/sKeQ4Tnw3NcUEFL5szzohLsQa2e5fVhRKPJeMYKdRYfCSt/xMHibwt19yeMMpPj5k0hYzQVBS0Vvl0WKAgKaM9bDyt/mHJMjJMbdMPhrwHfs3iQ+6obbUMjOIVCXptddJ8UttUC7IXh65SnNl05acRPRpTzV/J52Q6CAS6AwPeZJH2/eFJZ4jPUclvXNZqMo18XocfuJ4nuE/cKvb/nfSAuI+KDGBW8oe1feq3BX3nb/EJcqz7gRvJKtnzkxc4+zhBkb2Es7rzNaPK4VMChBeXwftmbXPBj4OwIrfvLl0nZkTUU26cP+xBeK55oRWrLssGKUXhiAfUKv20B2ZjjVEDgLztp8kMBl3OxqbSRUbkbrLeWRoFohnA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:02:33,491 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:02:33,491 - INFO [Shibboleth-Audit.SSO:?] - 20210507T070233Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_2704038ee29c914ff6bec46b12c11ffd81af348fe5|https://teenslabs-newprod.internal.hottemax.org/simplesaml/module.php/saml/sp/metadata.php/default-sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5041d09a61d5282ffd0cd5c22ac4d59c|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|AAdzZWNyZXQxxex32WURmXiq1229+Trx5b86iaqIN0/KeVVJKSjEWJ4ERMGpux0vSBkvR6W0LgfZjgSWtom8xK+6kvY6PMmSAQbceBMw+Mwj8c570+1+6DluoUqzOotjAOZADI19iQRY/q+KKjPqzNcH2VvKFv+jAaMdlw8VmfZbgHPmJASibMwceDhQ2LQ3ZNizO5WW1FwTYBfyOe34|_833234a332a7e31a7f4b2f59af177c76|
2021-05-07 07:04:22,390 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:f97f8ea264be82dab2e3ad6f6f779d4d3565ff843a429ced4eb86a8afa22a04d
2021-05-07 07:04:22,390 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:04:22,390 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:04:22,390 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test.loanertrac.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_f241736ddc176aa9aff88de0b57424ec"
    IssueInstant="2021-05-07T07:04:17Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.loanertrac.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-05-07 07:04:22,396 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test.loanertrac.com/shibboleth' from origin source
2021-05-07 07:04:22,396 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:04:22,396 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:04:22,396 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:04:22,396 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:04:22,396 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:04:22,396 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:04:22,396 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:04:22,396 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test.loanertrac.com/shibboleth
2021-05-07 07:04:22,397 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:04:22,397 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:04:22,397 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:04:22,397 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:04:22,397 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:04:22,397 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_f241736ddc176aa9aff88de0b57424ec', issue instant '2021-05-07T07:04:17.000Z', entityID 'https://test.loanertrac.com/shibboleth'
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test.loanertrac.com/shibboleth' does not require AuthnRequests to be signed
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test.loanertrac.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:04:22,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:04:22,398 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:04:22,399 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-05-07 07:04:22,399 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-05-07 07:04:22,399 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-05-07 07:04:22,399 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:04:22,399 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:04:22,399 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:04:22,399 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:04:22,399 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test.loanertrac.com/shibboleth
2021-05-07 07:04:22,399 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:04:22,399 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-05-07 07:04:22,399 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-05-07 07:04:22,399 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:04:22,403 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:04:22,403 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:04:22.403Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:04:22,403 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:04:22,403 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:04:22,403 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:04:22,404 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:04:22,404 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:04:22,404 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:04:22,404 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:04:22,404 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:04:22,404 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:04:22,404 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:04:22,584 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test.loanertrac.com'
2021-05-07 07:04:22,584 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:04:22,584 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:9cb70a7d3af9b23187790032475913ff8e66536395ec157c2f4b9f3b5829f008
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:04:24,029 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test.loanertrac.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_021b84ec599e9f94ec2a94a80effa6e9"
    IssueInstant="2021-05-07T07:04:19Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.loanertrac.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:04:24,029 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:04:24,030 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test.loanertrac.com/shibboleth
2021-05-07 07:04:24,030 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:04:24,030 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:04:24,030 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:04:24,030 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:04:24,030 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:04:24,030 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_021b84ec599e9f94ec2a94a80effa6e9', issue instant '2021-05-07T07:04:19.000Z', entityID 'https://test.loanertrac.com/shibboleth'
2021-05-07 07:04:24,030 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test.loanertrac.com/shibboleth' does not require AuthnRequests to be signed
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test.loanertrac.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:04:24,031 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-05-07 07:04:24,031 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-05-07 07:04:24,032 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-05-07 07:04:24,032 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:04:24,032 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:04:24,032 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:04:24,032 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:04:24,032 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test.loanertrac.com/shibboleth
2021-05-07 07:04:24,032 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:04:24,032 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-05-07 07:04:24,032 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-05-07 07:04:24,032 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:04:24,033 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:04:24,033 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:04:24.033Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:04:24,033 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:04:24,033 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:04:24,033 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:04:24,034 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:04:24,034 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:04:24,034 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:04:24,034 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:04:24,034 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:04:24,034 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:04:24,034 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:04:24,217 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test.loanertrac.com'
2021-05-07 07:04:24,217 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:04:24,217 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:04:31,227 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: ULJoeVcI2OmSmRDskyKRAQJrmYCSDqoX-nooM1OOZ4A.yI4xHMgRxXk.qa-frontend
2021-05-07 07:04:31,227 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:04:31,227 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:04:31,227 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://phoenix-frontend-e2e-flaky-detector-820-k.dev.starmind.io/auth/realms/starmind-sut/broker/samltest/endpoint"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ID_59d8bfa6-5001-42de-aedf-6b9a28a54c98"
    IssueInstant="2021-05-07T07:04:30.141Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://phoenix-frontend-e2e-flaky-detector-820-k.dev.starmind.io/auth/realms/starmind-sut</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</samlp:AuthnRequest>

2021-05-07 07:04:31,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://phoenix-frontend-e2e-flaky-detector-820-k.dev.starmind.io/auth/realms/starmind-sut]
2021-05-07 07:04:31,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:04:31,228 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://phoenix-frontend-e2e-flaky-detector-820-k.dev.starmind.io/auth/realms/starmind-sut in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:04:31,228 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:04:31,228 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://phoenix-frontend-e2e-flaky-detector-820-k.dev.starmind.io/auth/realms/starmind-sut
2021-05-07 07:04:31,228 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://phoenix-frontend-e2e-flaky-detector-820-k.dev.starmind.io/auth/realms/starmind-sut)
2021-05-07 07:04:31,228 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:04:31,229 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:04:58,267 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:04:58,268 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_fspdo59jle9i1i3yjxepjv45anljftbto74a" IsPassive="false"
            IssueInstant="2021-05-07T07:04:57.592Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_fspdo59jle9i1i3yjxepjv45anljftbto74a">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>rcValRPlVFl0ztJnyuqsHOmIXP8=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>V8kQI2fXXkrGxwAxOijePe0FcVuPRvPQgMoIHH/MOsudChGOxGe35X4q9qh7RhLndiFmRaMhg4pfirHGc/pqXB3kZq54+WswvFG2S2WXzAT89eicG7WDyIZXD2ih70x7jJTHxElBMqfarvCNH6iezvD3gWEA0wLzLdmO8sOCIcw=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-05-07 07:04:58,273 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2021-05-07 07:04:58,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:04:58,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:04:58,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:04:58,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:04:58,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:04:58,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:04:58,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:04:58,274 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:04:58,274 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-05-07 07:04:58,274 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-05-07 07:04:58,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:04:58,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-05-07 07:04:58,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-05-07 07:04:58,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:04:58,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_fspdo59jle9i1i3yjxepjv45anljftbto74a', issue instant '2021-05-07T07:04:57.592Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fspdo59jle9i1i3yjxepjv45anljftbto74a"
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fspdo59jle9i1i3yjxepjv45anljftbto74a and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fspdo59jle9i1i3yjxepjv45anljftbto74a"
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fspdo59jle9i1i3yjxepjv45anljftbto74a and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_fspdo59jle9i1i3yjxepjv45anljftbto74a"
2021-05-07 07:04:58,275 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:04:58,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:04:58,276 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-05-07 07:04:58,276 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:04:58,276 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:04:58,276 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:04:58,276 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:04:58,276 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:04:58,276 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:04:58,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:04:58,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:04:58,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:04:58,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:04:58,277 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:04:58,277 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:04:58,277 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:04:58,277 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:04:58,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:04:58,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:04:58,280 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-05-07 07:04:58,280 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-05-07 07:04:58,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:04:58.280Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:04:58,281 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@503509752::identifier=rick, context=org.apache.velocity.VelocityContext@2877624e]
2021-05-07 07:04:58,282 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@503509752::identifier=rick, context=org.apache.velocity.VelocityContext@2877624e]
2021-05-07 07:04:58,284 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:04:58,284 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:04:58,285 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:04:58,285 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:04:58,285 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:04:58,285 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:04:58,285 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-05-07 07:04:58,285 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session eb4e4f95130e138c11374ee0930e6ee2161b28f621d8839451a1cb412b2a0ecc for principal rick
2021-05-07 07:04:58,285 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session eb4e4f95130e138c11374ee0930e6ee2161b28f621d8839451a1cb412b2a0ecc
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:04:58,286 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:04:58,287 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:04:58,287 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:04:58,288 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:04:58,288 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _bde097de6f9588e6d910c86ed1173f6d
2021-05-07 07:04:58,288 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _bde097de6f9588e6d910c86ed1173f6d to Response _40a59cda076b9480981d9b79037dec92
2021-05-07 07:04:58,288 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _bde097de6f9588e6d910c86ed1173f6d
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:04:58,289 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxVwzZdKxX4tfUTc/NYGZpbh//D6mafWqg4o8ARA+/iw86AzbCqmKbNW6Ah+y+f9BWVTsI0DYK2seeuAmw3mQfZAEy8BGPWjiN1I/1jjjninT3KqAz9KO6X79P301nm3F8jwZSVpViLV6oZDZx with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _fspdo59jle9i1i3yjxepjv45anljftbto74a
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _bde097de6f9588e6d910c86ed1173f6d
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _bde097de6f9588e6d910c86ed1173f6d did not already contain Conditions, one was added
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:09:58.287Z, to Assertion _bde097de6f9588e6d910c86ed1173f6d
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _bde097de6f9588e6d910c86ed1173f6d already contained Conditions, nothing was done
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _bde097de6f9588e6d910c86ed1173f6d already contained Conditions, nothing was done
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-05-07 07:04:58,290 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _bde097de6f9588e6d910c86ed1173f6d
2021-05-07 07:04:58,291 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _bde097de6f9588e6d910c86ed1173f6d did not already contain Advice, one was added
2021-05-07 07:04:58,291 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session eb4e4f95130e138c11374ee0930e6ee2161b28f621d8839451a1cb412b2a0ecc
2021-05-07 07:04:58,291 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session eb4e4f95130e138c11374ee0930e6ee2161b28f621d8839451a1cb412b2a0ecc
2021-05-07 07:04:58,291 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:04:58,291 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxVwzZdKxX4tfUTc/NYGZpbh//D6mafWqg4o8ARA+/iw86AzbCqmKbNW6Ah+y+f9BWVTsI0DYK2seeuAmw3mQfZAEy8BGPWjiN1I/1jjjninT3KqAz9KO6X79P301nm3F8jwZSVpViLV6oZDZx
2021-05-07 07:04:58,292 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:04:58,292 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:04:58,292 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bde097de6f9588e6d910c86ed1173f6d"
2021-05-07 07:04:58,292 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bde097de6f9588e6d910c86ed1173f6d and Element was [saml2:Assertion: null]
2021-05-07 07:04:58,292 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bde097de6f9588e6d910c86ed1173f6d"
2021-05-07 07:04:58,292 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bde097de6f9588e6d910c86ed1173f6d and Element was [saml2:Assertion: null]
2021-05-07 07:04:58,295 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_40a59cda076b9480981d9b79037dec92"
    InResponseTo="_fspdo59jle9i1i3yjxepjv45anljftbto74a"
    IssueInstant="2021-05-07T07:04:58.287Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_bde097de6f9588e6d910c86ed1173f6d"
        IssueInstant="2021-05-07T07:04:58.287Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_bde097de6f9588e6d910c86ed1173f6d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>1bVx+znBNsEdXWV/UqqDK030iNAOQJ/ku1t+htmoFfk=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>iYnR8dB5xpt1HNMSu9/bTZCf3Enlxu7t2+f/h718oNRnSmnqd6uMJYEmpdJ6XPGEFsLoY9IiZ+tfhJ4Bx236DbSFwqXPE5oMceoLBTsIKQkvxPlH6XJ0M0F3zhtupBcVT6ukYI/PMHKpLn52+IE8EFfxdBDGtjBPo/V+7RLwL7t2pWyUQssOA9Ewersya6BpitZovDKKMO82s/RqCXKexx24BKTve7NqJzqcZpfqrkzllYoA5blhHh7HpYXcJhNBFktufcmg51dP9ppNP+/l+3h2X6ybH5OmL/dXFjMyW1+6bfIx9tAGZ5yDKqRxTySHKQ4kYaUP+lPllLXitssx4A==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxVwzZdKxX4tfUTc/NYGZpbh//D6mafWqg4o8ARA+/iw86AzbCqmKbNW6Ah+y+f9BWVTsI0DYK2seeuAmw3mQfZAEy8BGPWjiN1I/1jjjninT3KqAz9KO6X79P301nm3F8jwZSVpViLV6oZDZx</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_fspdo59jle9i1i3yjxepjv45anljftbto74a"
                    NotOnOrAfter="2021-05-07T07:09:58.290Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:04:58.287Z" NotOnOrAfter="2021-05-07T07:09:58.287Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">w+JkD/wVvaZlVpix712AfMOoRw01mt33FAsp3Ln9Wc0=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:04:58.284Z" SessionIndex="_984154eb76fab3ee1f32b23258b94218">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:04:58,296 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-05-07 07:04:58,296 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-05-07 07:04:58,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_40a59cda076b9480981d9b79037dec92"
2021-05-07 07:04:58,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _40a59cda076b9480981d9b79037dec92 and Element was [saml2p:Response: null]
2021-05-07 07:04:58,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_40a59cda076b9480981d9b79037dec92"
2021-05-07 07:04:58,297 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _40a59cda076b9480981d9b79037dec92 and Element was [saml2p:Response: null]
2021-05-07 07:04:58,299 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-05-07 07:04:58,305 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">w+JkD/wVvaZlVpix712AfMOoRw01mt33FAsp3Ln9Wc0=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_40a59cda076b9480981d9b79037dec92"
            InResponseTo="_fspdo59jle9i1i3yjxepjv45anljftbto74a"
            IssueInstant="2021-05-07T07:04:58.287Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_40a59cda076b9480981d9b79037dec92">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>3zpWgOoVF4g4T9bKyLbqAqHV57UsMc7cauHNvrFos6U=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>KIRovuF7GQYdFA0aUMqrRGb4YMBtR2EeEz7CTPQeEQpakoM/9STjro6QqqrpsScf8ZIXLd+qBdewbTf1k63JzvJW+jOk+zlUmw5ioIr7wCNSOAviM0dcP5MbzeFtU/Cg7PGK1QqEy6jh5KXI/9pilctjLXscJ7ycU9P5gluqISPwvAm/YGRbwFjn2hU7OYPlTR8gREWRoYIifLzcSjkdR2YvRpE5nJ+HgyKcs4hkCrvAXuIXlA6mnPVzn9vPqDhPDdM3VJJD3rmYN3+81urzLBHCiL5QOL2LHYG2lhcoSSt8AznFF/SMXTkOPpTNz7f7DQhwwj+NvL38HA9+fltxqg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_70404d1cb56eb199d4bf4be0ce988940"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_bb0d60db7a8ab8722310cfbb64746844"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>BsKXAHtk8GZquGnYA7iGy8574VNCDe/Trll6NzhPqUmbqrScT1O6lllxOaWJZ5WQNAiY7RMLmN1hQJaXPHAQQRvdG336X+XndbQchbG4Ow0t0+lIHxdfcZtoYNle6BoiPiP0D0WqFHKd8ALEYeTMGc4bbltb1T3u1yIQ5j8CfDQ=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Ekzqf62vGWQ2vn0D6qdUG5eqTVxt/naOkG1pGU3t4AWB4C0xP+6N9S83W/e05it24h3m2rnspHb8XWVz0FoX/ZtSRVTHMbUN5e20mO09vMwocib74jvS6k30FrlD+ll2X0/oWk8DGS9Yn+IQWPTTBq63TJwjbIN/qmPa9pMJRylMuwtrTaLkpVwW8VDb1Iv9vLkoci/DvgQhppFuJGjAjXoWkGfuH24dkNaL4loazhWZ9jojMA7Y5dNhM+lKlpZQ3iL1C48UP54KItCEB0YWDoXecJYQUCgkAcrsmYF2JIW05FzfL7MtzU1Ewq42321PyLDoVu2VvRDIE/SjdC3wqyU3Ild7NrbqkEJwvVEjFWaaEqLxbZ0p0GIq0NybSO04aQk4rhNLmmv08IHkF5vL8lOsK0YlXOh1LVx83RRkjAwhvjZObND2BbbwlhA/WHevK/A2tEAJztYZhsVhg4P5lqk726iJhfSb0ScprNH3CgoAu6Ez9xqdlYShvcPnH/iaAD1ckrAHhqgtGMQefFgSIWP9SBpRSXp5VTxPhU6eOhsuTuNDmZLTjh4AwVDoZ3Qqz2ohuPfiCrourWnZDMtSKphXtd2XfsTB/Jm2GX9ZmBOUCGfttJvJjZTr/qrWigkRPnnrbjmRiFhkSq9qhgKq+DQUjm4RNge9ULquHGc61ewVW1ov0WiS8NGAiYkHy3gx2mLJYmUDqYJgGxnTM6eB+7LQiHa3eaTmhq4tb+9PObEcw+Ma72uu0boj3gXW6Zfa1B2ngmnZRWiOi/PlpYmjHmN8L0/IX2ROhcTRGSGcqMzLLQ27OG2J00vsxo4ziJ7ki6OIfuFKx8igJENP3qCi2LFYD3co6r6rtVabHLrax3iUgyvzfpd+k+aIDA13RkxFfqvcWjYfeLdlVHMKGSGE/2ddgZtyJaez4y/PiFDWI6HEK6FHEuFUevIsTWdzPd4+OZi2Mc8Q0ewE4C4ZCZ6Ji9M0KTd1BknGSedRwwvbpV+hVjIjeavuy4QnTTah50biNcnjLquN2K/H6OeC1F4HOr6PCtKt1KL9M+XH+7Xgf6PAcv7cCMLwnfiN0rqUVUYnuu38SxKXmLYbHEJehC8iUqtuJ4L4vE8XNn0Hk+EFKS9XbE7KWBasQFGW+JZQjxuf1tlKUyrlgr3/MTJNdjdRC3IMtIobJAuHmP4Ml3F3xo97nUc9xKFo+/dMfru0fIubGhNkF+TIiWydk4lWguYiU9ucyqleMYOWwbDc4WcIyd0Ch3vmhFGwtQMZjZ3V/Dfb3fo8Y6w0+4X9FRZxUgvTPvNwZJ5vjNNFGRvZLMWoeOauZ2NvXWa29jONOjy46YRbPLoU/2tOeQHoDUQSfmuzqnrx29CKQbsEj0twTtlD+l6LH0WZ1GVaZbcIpYVer4Lmqflitubgnn/xBlGGMY0okdkfMGB8uX0sFANotXUmGjOSBumagSQl7cuh8XRwqiQl6S1nKBzbNTpUJyufAxUtrIWKv2+32BrwUVkWOIesujKGwGn+Y9LtEFwbPqHMyK3dSdtxJED6mSLnWOuOB2OTfKMX3xTjhR2VKuh0OeSiduh4b9JAZX+ylHg/S3YxLwsIJ/S8A7skIUoCQ3VKOj93qw47Kh7cf3Y/mnxvxgfT+92cwGetE6aV3JKZXmT3cTY8nVmGWBRBU43Pro4c0IW9RDDvITkf0WL9x1UThovrP0Pnt0wCWWMl4kQNwZ/SN09eYrF6tU/HGcwLS1frolrK0fUPZTJi+hHgxaBAENdwqr4wIBkounZSixSp4D01/TGSNVRwvyJh8Tl7pCxLX3McXVGKMZmeN9lCqxVWnBTxiabE176zjEvWvJt/AMhXgTuZUiT9SfAARHn2N+WvPuCXw8gZc4GOZzat7UAxTcAe1BAMWRN+Qw2F7ENI1iX24A8nqqrdL18DNMMDkkl5UOGOpOrK8Rm/ya/gCUzAnwRidE9Uq8vpr/bGjM356Q7yh907YF1Vclub/D0OuXMvE3KWV2i9yP+11NbXlJHF8i5lLmJQZ06nQfBWGrrOO8pi3k3Q3z7YcJsgekfFIur659sRurPM+hUgB22ZFDcYOOJXeWneiGI7PaM79ATg2EfTdg493pL5p4vru9VWEzPLb2ZQ9KCcDh9cKD7Ga4zCvYvOA90suq0ONHutoVgXdro2p0Me/VVSysFJrrmCLHWfACdznabh8w/4ACIKMWOTw1z/nuYgeZ0Thk6TpxbN4tzSSRiQ43hsi76fuv12XKuGImv95J8WEC4QDv9/49ZSyM7PQCphRGBlXdXsVXOnqN+BIWGO1279A6bA/NLhMs8W+S/nlBEk6tYJqt5PkwP3D82f6QpKxrACHDY08kRTD81H3Kc1Nmx2vHQEUK7M49b0+MsVjYocEmx5d7dt76czViQ6t03ZCu9fbS0X30hbvFBbWpVHusFPQMBMQP6HO+cUNVWdsIui+sP6BGeiEO2xWEqh5QtP0aE2ilOlruZHd7yDsaswgDCy+nirNmR3uiQMsfdOn+3J7a0pF96JNR6mDMXZA7G3uldxBJ5MTkpPNY5RNM9zvnDfwX7rFXElrkx/vTacqih3jv/pqhLX5px0beE9sDnw65qXu8lw3sVid7C2h4e5dUokQrNTDg9QFQ337FN20+1kFUT2pYzGyQxehYkY7+sa/7ssWNGCtK5t3ZZtGLTWz4gXDVygXH8oQOl9yxBLEZ1qR6K3YO7W8WREVjALLlh/6DfgqGxyp2C0oqcWjDj1boOIxxH4yOzmAN0ptYSE9Fc9dapERuBpvWSZ+ttdASp/CQB83bP2+gKoEjGirTSQA0ZsJqrrZxXGSWV2BXoyVFEQaczrFCkBpiqDz4eiydI+t34V4+ps8389qnU8XjU53mHaR3nSpqwvHpFjBv0lYRMieD2Xmi/VA6JD6gKgvetjs48xQbTkuXQD/JvnBM6M2R3y244k6oXU6hltb9/+jPxc60730zX8g31VKTRzXAZfvBuO/lTxGwK45w1ldipL1sEpqUNxUuGhBmQiv59MQ+2UqEjt8WM3vk/IW82AgwkpN6a12QDfvqwK5Nx/OB0Ac6IJgjEAdZf23blBieVv9nK9TgXF35cw+GXCj4mVDACgloLzbG8+4H66CE07mAR7hh4vQsyTJwCIPliROC6W6PEWcDnBeYg+eRIq+XDH4okJyqLu+7UXSpl/z2WBZsZe6UtrcddAYUgXZclr6hKMMdrspZZvV1OW03IQkIvREHRqhF9CN68OutS53TXnW28O0/SUkJ9KpvF2F8NNVEmxXwYTuLmIRnLCNt9x7+z8osJJCPhx5h1cnrCfnyaV733TI5wpd8eXwyi+MmBVipU28/IlMNTzSW+DDqJ2Jdw/VV5NGmHXMRMoVbcCfTJCWdGSUX/m7vDqMAQ6vHrixGniK+HJJZMAxNp9A6jnaQkvyzr1CZt1m9c5TBHdeqddceuT7Cg6TLw+R+DqYEsnLKqXnCB5UUZcxPEsnEQFWpdmrjtYdEtxeGwia+Sw9Ne+Oz/tdjhIpKhM6kVzLwf11FmNRxX3UQ9SIhaR5uCpWgWyKnbBNgT5bkk8QPAM3e2N0ZjZWx02BPt6eHmsW0Vgw1ca6+4yDduTaCK5gVofcBpMTngaVIOMiHtxEhy1Uon7/xMs7TDC+Ts67He5qWk6BcZY08cXGOWVONkAZSEuL+TW2sFjGwFtFxugA3FucB+Tfr9z3a1BHOgG2/2H+t67GBeJKCfD8Q7QHJet9WF2Yj5QPE4H/u4xj3hNGVbw0Fte09pkTlQxE5NXoc3r0Ecb5kZXERfvHm1p1QntTKl+RTMe8FJJizrK14db6ii1s4THhVlPoKE80VDvt64D/dfWCtTRijsHc8Drnu9qePaR+cJIE5Tq2fsrTUvX0K6Y5zGJ+qR/cvR51aBQnzak0GBMggmBjDg9Bmsmi3/yX+U3keIBp1+4JoXvZ1dgcNjSn2mCLMatFQMclF3lB3hGPvbhg4n4IOFn6+0lnOzC4MUXbgRCE3YeE0bxZQDPIk9VAZFIGAuuLxgcoJO23MfnlHFZYWUA4AL2PALntNysQxSAP52uo6RjBCI+63nC8b5ombWCQNit4amWheaKmXQ9UdualOS2Qqd/Rurkwi3AKGwwgxxGyCKHM0gyb2LToVRGCl8iD1WCHJCGRYs0D+zmBYINeUGbrqTac4XMfMsPtTapJbwz+6wu86TgiSCqSOIDdAnOGWJqrzIz6irYMQnMEPxRdSIiX2Bm8jZ99n/cRvaw9Kj9uOIgHh6fDyWLaFUCEbFrjTRvXzrKrf3A/G+jYfxgmf8fGiW9gQ6QP5bjkRlt4IsWP7ggAUzjplszpX1y5LOWYFkQbU62z5DoPnBE5Qqvd/TruacLP1JZxdvd8oeX2/v9ksNsD70MXirh+VkGH9EtQ1QZDxxwmR9KxPShmgFT8eH7De386f/+uyKfeBWMW+9byxIBFCvjsX+G5KrB6G//u3ymZpymF5Xyu1FQtqu0SasFbDtw2AacKafAAiUGSZJGeId3+0OH6fCP6qxgLJxgG1KFd8lLnodlAMCmrC19jUGlAcZ0jb8+DVzyZ6MOgW26Sa/4x8bInWxYrHpswoNAwA0edDW2R6SNhfrgN5QGXpmW/YP2xmJiOL/rMzwMLnxw5ktbfpHUhJm5VH341eZqMMN7e/aD8b3MxVQqfcfuwB3UsC/p2fuZ+6zOQcyOXhk20xsqaae/xPm8R8dkby9S+RyZRGI//DHlWbvk1U++ZA8e/w3+2kL2HF4sj/hCHartegfDKHn3H9+8z/mFXHza1ywT8B2m/sV+xOSvbDRa8fIqXebi4MicnqwWU5IuALquo99NLTEWK5iIRFcATgayFRfDcqW8je2VAZTJ1vM7CN5t6xoLkX9ctH5Zma4wrf5RpCxDT4TyEfA+D37twg1xLlGDJJEPKQAtb9xPPP2MgL7YHKhMIyWpbKnwfyRedh2d+h40HXS1XmyPColqwOXryADf7+nK0dklGZa99FOdINtgq4wPrMXj6qY+YjJLmgSVfJ3Wf5Js90Cv8/Zm5TmpIns57dCAHo49E7mg0pj3srcqkMHhbSgyYt9kIWMxlsjMMJv+RvyOsmX3pGD865q7+Zy3kYlJXisC0K0y7c7gkf8uyohalbwr4EpqNsP2RhtmwvLZPtUYQp8Xbz7IuQpNSxDJhEffQgCkWIZUSmP8cxg9eeR975i3yZlkND3xLJmA+TzHmvtqMjYhV8I78/Ms35R9srRskXnp0U9eI0Xkkp7gWwQhujB5ezJKs1KYm9/SfYNJ0R8KiMjzcSUgLQU+K3ws+5OCZKxcpagtHt3YS7LouG3H87tgBkp6W5ABX6zgLcZhn82FGlTeJjLtJ6q/tvFe1Eks/1Pb9/5FbUw+jZyh1sqCAtRd2ChDuweiRiJBrVTqnum1Lg7fWRyEuUSg8YLmehreIh9drcbG1eL0HD1PTcP9qfsmyogVDPObvvnxwBjijBKXhHDozamP1So+p6/mlGnqpKUr6yifJhPzNPhegLRVoQ+1LV3i0d4e48nzKwnwL3SM5w0CQoKk7pM6aiZMPhgvpeEQ6rL7Kl9fUmfH3Tx4LRMDLHrX9QeP21iZ5e/LJYgMi0DrOBLaPXo068vRpELiKBHsTPtiORdWZRAape3CMlTtEPfmlFrhkycwotFQxXOjn7SIwcmpLdTd/w6d5HnfkvrJxmDYikiLcMUkPgsLDez6aZ8zUFvHK6aOxcOIfzCFnrjuG6HGIaa3FsnlF0Zl97QlJU18U2v0myffw5LR+lyD/QyEmK+HwKzL/iztqgvzj2k543k5p9EtOWyPxQB3imPP4E2Gqs67GIcK2UWBTXkwkk06rdg9cUfqjcIAH5aAhkeIbieQvnL6CmJ5+K2nZrm4oCgTFuWm9b+NCEiRoXNoC0Rw0hqLT6MSfIJA8yg5XAg23kJsCkIFKhdDiWlr0kVwLASa1QnyTxAbqE8WT/1L7FG7lSq3ryON+g/6UqaO58kOOpr/cM184rwxg6N18HGDIaL4ZVaJdOTEceWsBN+elQk/NBk2T0Ut0lBXN/3BhzVmvbBHT5hZN/iqHFPcyYHBpCorCXQxHLcjNkbuqfYFn9QZFLR0ObLwRRkvyVaYWv+UoKoAlR4iY3McTR7bJqQWWCyV0e6KII37SpJIArU2YOPfLdHvJp9DduN0/9PpPYblrmkKI5igmdRZpUwRWyPD4FiuCay6h8Fw8JwCZXY2F9Tjjd8o3plM52GHG6CVBbJZu51XgDZRYCF3lASQU3+Sru/ym9y+bpMY1lNZ7xPk6guMx4QnWeRYvCtJQV4z8ZxghN3tsoHeTgNXrLZaGjlwwoMH7cTf/1AGGV+9Anf/Rhxnpx5d/ktm819kv/deNPHpA43jobA0OWFcbmcrtR7gRgjYtKg43KkzYMgXcoddxKUZICVqq2bokpvCbOtoN3xA7wWBXiJoX3J/zaKFcwYqFP9ik0uZMOG+VxB/mrzz10poSC+OyX1nixcSOKAYw322Y+jT5nDFDDbMfuOAy/4ROksqolPicqQd7nemSAoc6rSOQ5EpDlMJhf4TMuNmatl1B/vQz3sdAXovLnWnfRHCAwRKL9u81P1iLpSRO7wJEx+7vDx6wHIez+CYJUtjBQmABurAgmuyqsaUjgbYYT+eiczPD0RATgQe1/Q0W9D9fjjRXv4VGUizGGE80hrArVnXAmawdqxCOC77MhX2Vgrg0DrYuCQd9exApxWHVXyFxjrBqNgTo3Q94k2S9PxXLmbYnhBVBKsxcsmCTbDsoqpfIT+MzLN9LTx41y4UrSWUkQ/IvSwhZcw7IqPsJXA2LY+hAtQQLb7TT72OCPmFb5qnTeLmXTF5py4MxGShBwlv5m/HNlpG6+MAqV4ZrNvK0F5LIqXZ/G0CgFSSdlTZ6dLiwrcAmIrVQZ/bii5wdvxQboM9K+lw6JHEUXuwXVi6kKyuUmkFqMWAxqt6AvbolIzfpzuu1ZzfhyxGT9imt33G686v7kCk72QEeWPtrX73YW1+nxwnU+fs0SsmzBs8ELsKBKw0lXB7WyootCI2erfFPhcX3ZPuHPNhxWlhTc9xVdB4BZpIqF5E1d1SCb1EZFLY9tWdQqpZs0pQl/L56vMYN2E9UizxStQQZH7qY2jNKd82G8glSCm8a0mg/QxDLPOaUFtTO2ECbytdnyFS3dzOY6AIYikCCkw05QSzWEShtYagWEiUmIUFKlob/eRzcKU+XearESZcWf1shv6SPZg1ZR2pT53xBmz3HeR9OxoFKxwOWhe7dELrr4pzgY7wqYmjlRLJ8yT47QGN/sju6Cg1tOZ8n9ZwvZYKsKTod2GoB0r+LxQkEHxY5j/Fo4BIMg+1U3jUZJzZ0RLUuqsijhUqac5kp/vu3FO/505Ju4GUUl/1IZr2s5IbTdMBtK2HFEPm0ayGQ0yEE66UGghE4cn2JYFxiROpqt6I2tsd4tLmPEFuiRIMeCw5L06n6iE6sGQXRfqUO+T8U2Ri5rmKxu5C8esCl8UB3TtjZfWqrUN3D7/gcS3s0cyZIOwsBt1waBHxmEQ8Ex0526q3pQct+u+rDDp7kNZl1NZefZHOqEQcqDuhj+WSdWkn/7qHxr9lzKzsJ54+r+Fc+nXftyYg7gNSSh4o9dTYZnV7WMBPdMfl68mH9DtjtoTOfoiGcaZyWsIWKEnzJvxxuuYw/Mv26pgrzh6EukxGxDR/Pz/ZpQjPdrj1ZSdzYhJz2ZytiqGJyVDs1oQVZCXN8eeyaEGFGBRRGs9czYJdBvksG14VM1+ntqZT3pR1zyFr9SIFuTASpgTKEmf5PF9RguTcwBsQ/BozftLsgDa6pQMte2qWLt/0Fw82+0lsNPeu6Typ+Cp6hI55XTPMbTymJE8moIeuxQQHVcjKbO0GwfM/glEBqUbNSGmu5EGpZl+3tn6eQliIX4hF+vJsNAs+vx1MrIIBg3SOYzmrKHKRHvQ/bdrzT/nHg9cAkfT6FU8pjaXS9DBS/H+xM9XekHAgJS81+MVwgNcPD5ZeN117y1F9phmJg1BM+fNmEmM8/lMUYK1xVVjyBRyhbDcojsf0Oonef4BH6hyHVdYBkBn6WQNCiCe1irfkXDEX22pZvYLmIs7SuJfZXp1T0CPhpwYQFxaaEdAg3Cbrdpc755DQsw7NvhdLQh4GnHqmshbUNYOW3fCh/M67UEESO8YG9WdPkPVohn3g0JAIr8GkL8tF00hUf9kZ81S49qxE42HF+sqr7DIKSGeh77KAraCHcKQjtcl855zq9vfpsywdJHlx8lW4J4pYVV9ra2ZTQmWPBUnCKBCDvtSqzwOpOVuWMaWHGCWgdRoj/I/DwwOL96S61qdiLnayGoF+uixGUiq+kF0NadHqedID48yMauuN0+/sRdRiQT+rnIyQxyAimBzQt23aKLHbE5kpDjG3a5QAlwqbUHvwSco1mhhAQXLR0r28reHgwewGySt3TXjuvqLc905Ix5otZa9OKFWeCwqyG0THN7JNKGkIMH3sHEVPBvTJx2Ztj5XQvTw5MTtzXpZZvZ7rBNdJz3ZiDrO+P+6F86VDgi1g/NShFFC/nN1ooNg9AMMVKQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-05-07 07:04:58,305 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:04:58,305 - INFO [Shibboleth-Audit.SSO:?] - 20210507T070458Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_fspdo59jle9i1i3yjxepjv45anljftbto74a|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_40a59cda076b9480981d9b79037dec92|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxVwzZdKxX4tfUTc/NYGZpbh//D6mafWqg4o8ARA+/iw86AzbCqmKbNW6Ah+y+f9BWVTsI0DYK2seeuAmw3mQfZAEy8BGPWjiN1I/1jjjninT3KqAz9KO6X79P301nm3F8jwZSVpViLV6oZDZx|_bde097de6f9588e6d910c86ed1173f6d|
2021-05-07 07:05:00,381 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:05:00,382 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v" IsPassive="false"
            IssueInstant="2021-05-07T07:04:59.707Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>QtuPdeinrHdO4Bp9I7RsH2Dsvuo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>b8TLShpL3BlqATFWOX7Nd7pocB40/lW9/esJK5MsvBAg+xfU+NpHQpo5YxM8W3I17qJWRMGQ1loJT73IQYvzSzB7kB2ejqRlLd2lPNa760/CsxFOrQ2guA0xb8v2BoJYeQLSMKv1zSx4VfQwFeULolerqHZJn9iUK+yhCM19k3o=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-05-07 07:05:00,382 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:05:00,382 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:05:00,382 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:05:00,382 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:05:00,382 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:05:00,382 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:05:00,382 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:05:00,382 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:00,383 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-05-07 07:05:00,385 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-05-07 07:05:00,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:05:00,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-05-07 07:05:00,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-05-07 07:05:00,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:05:00,385 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v', issue instant '2021-05-07T07:04:59.707Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:00,386 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v"
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v"
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v"
2021-05-07 07:05:00,387 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:05:00,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:00,388 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:05:00,388 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:05:00,388 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:05:00,388 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:05:00,389 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-05-07 07:05:00,389 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-05-07 07:05:00,389 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-05-07 07:05:00,389 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:05:00,390 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:05:00,390 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:05:00,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:05:00,390 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:05:00,391 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:05:00,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:05:00,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:05:00,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:05:00,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:05:00,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:00,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:05:00,391 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:05:00,391 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:05:00,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:05:00,392 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:05:00,392 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-05-07 07:05:00,392 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-05-07 07:05:00,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:05:00.393Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:05:00,393 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:05:00,394 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@799701314::identifier=rick, context=org.apache.velocity.VelocityContext@28906efa]
2021-05-07 07:05:00,395 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@799701314::identifier=rick, context=org.apache.velocity.VelocityContext@28906efa]
2021-05-07 07:05:00,398 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:05:00,398 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 74e59b9aef5bea33a267a21a3a91034678e4680ff2af15f5a2454b515bca27a2 for principal rick
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 74e59b9aef5bea33a267a21a3a91034678e4680ff2af15f5a2454b515bca27a2
2021-05-07 07:05:00,399 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:05:00,400 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:05:00,401 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:05:00,402 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:05:00,402 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:05:00,402 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0c84a51ade6c6796f0e8b66b23a52fd2
2021-05-07 07:05:00,402 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0c84a51ade6c6796f0e8b66b23a52fd2 to Response _e69d2b60e9e25d82b42164df36b20629
2021-05-07 07:05:00,402 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0c84a51ade6c6796f0e8b66b23a52fd2
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:05:00,403 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxAKM7cY21eIpG+5GOuJY/oZWW5iQloqb+Iz6hQ0Jbni5phq0hlgQA+46aU0uXc4CMB4xwwku5DPwmqI17ulsdedbQKfrFJLPdD1NIwOKP1cRgDPeaPKznKxGIemdNBbmDaIeptd/fGNd/quC5 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:05:00,404 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0c84a51ade6c6796f0e8b66b23a52fd2
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0c84a51ade6c6796f0e8b66b23a52fd2 did not already contain Conditions, one was added
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:10:00.401Z, to Assertion _0c84a51ade6c6796f0e8b66b23a52fd2
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0c84a51ade6c6796f0e8b66b23a52fd2 already contained Conditions, nothing was done
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0c84a51ade6c6796f0e8b66b23a52fd2 already contained Conditions, nothing was done
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-05-07 07:05:00,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0c84a51ade6c6796f0e8b66b23a52fd2
2021-05-07 07:05:00,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _0c84a51ade6c6796f0e8b66b23a52fd2 did not already contain Advice, one was added
2021-05-07 07:05:00,406 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 74e59b9aef5bea33a267a21a3a91034678e4680ff2af15f5a2454b515bca27a2
2021-05-07 07:05:00,406 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 74e59b9aef5bea33a267a21a3a91034678e4680ff2af15f5a2454b515bca27a2
2021-05-07 07:05:00,406 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:05:00,406 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxAKM7cY21eIpG+5GOuJY/oZWW5iQloqb+Iz6hQ0Jbni5phq0hlgQA+46aU0uXc4CMB4xwwku5DPwmqI17ulsdedbQKfrFJLPdD1NIwOKP1cRgDPeaPKznKxGIemdNBbmDaIeptd/fGNd/quC5
2021-05-07 07:05:00,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:05:00,407 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:05:00,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0c84a51ade6c6796f0e8b66b23a52fd2"
2021-05-07 07:05:00,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0c84a51ade6c6796f0e8b66b23a52fd2 and Element was [saml2:Assertion: null]
2021-05-07 07:05:00,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0c84a51ade6c6796f0e8b66b23a52fd2"
2021-05-07 07:05:00,407 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0c84a51ade6c6796f0e8b66b23a52fd2 and Element was [saml2:Assertion: null]
2021-05-07 07:05:00,410 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e69d2b60e9e25d82b42164df36b20629"
    InResponseTo="_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v"
    IssueInstant="2021-05-07T07:05:00.401Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0c84a51ade6c6796f0e8b66b23a52fd2"
        IssueInstant="2021-05-07T07:05:00.401Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_0c84a51ade6c6796f0e8b66b23a52fd2">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ojYfa0SjdNyJ8H4yDw637oLm5ZtCUe+blqBdmeoXLJA=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>hpDbDCxMWYl1Ri+EdikD4mpNgKGbNxg0Ob8yVC7sNw5PbzUW7fJWp9Y/JfQHvdDu4epCCuzghpFyPV3rA/P7NtaucSPZeks4lmqun1gq+2rPG0vOzdZdroBXvRpp74OwGwr9Uin3zTTusyHI2XrSQI28cdf4pRtwB49Igh1/9xxbRLIm66pj8qVYkDsPJflde+OLOwGbBno/FJNHt1YflyVIxnQtlgghEVeRuUrRuSKdFs+ijKKDdox8jS4ZZ57Ihj3Q3kbElkw+9dUqrrLTcyUuNBnmdiMfj24ESrz5IO/g+CeIv87kY5a5k5aUATIyZYycdLlRs0MzYd7H2lkCYw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxAKM7cY21eIpG+5GOuJY/oZWW5iQloqb+Iz6hQ0Jbni5phq0hlgQA+46aU0uXc4CMB4xwwku5DPwmqI17ulsdedbQKfrFJLPdD1NIwOKP1cRgDPeaPKznKxGIemdNBbmDaIeptd/fGNd/quC5</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v"
                    NotOnOrAfter="2021-05-07T07:10:00.404Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:05:00.401Z" NotOnOrAfter="2021-05-07T07:10:00.401Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">8/Vbs3TN1bIMobOy9D5CK/iDpTWQ/Drnu8gYx5fA0Cw=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:05:00.398Z" SessionIndex="_d81486d73ec5ab347881dd9704fd45cf">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:05:00,411 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-05-07 07:05:00,411 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-05-07 07:05:00,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e69d2b60e9e25d82b42164df36b20629"
2021-05-07 07:05:00,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e69d2b60e9e25d82b42164df36b20629 and Element was [saml2p:Response: null]
2021-05-07 07:05:00,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e69d2b60e9e25d82b42164df36b20629"
2021-05-07 07:05:00,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e69d2b60e9e25d82b42164df36b20629 and Element was [saml2p:Response: null]
2021-05-07 07:05:00,413 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-05-07 07:05:00,414 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">8/Vbs3TN1bIMobOy9D5CK/iDpTWQ/Drnu8gYx5fA0Cw=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_e69d2b60e9e25d82b42164df36b20629"
            InResponseTo="_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v"
            IssueInstant="2021-05-07T07:05:00.401Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_e69d2b60e9e25d82b42164df36b20629">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>auCjbUXzX2Zs0j484MhidDl5CedcKddTRykJldVxmx8=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>esvLwlMvWOZy8eV836Jj7jPK2XCFPzcR4yjniKuA7/ADvlbFyPBBg7yt2e0kHdTpxIplbl9ooaNqitfNZpyO/2r2fkw/c3Yk/IbcZo6MUMbAbpoJsnbRkBs1l04BPORyb4mEBowWUHJnBQSwv9yGkGL6Sb2u5EziCr0M/2IpgKvXZw+yDrzKiD1jBWmH1gtAv0mh+Y9BTnokLJUUXfQS+K1HtPDLrBI+/NefXdA6slFoqiRwVUeA7N8xgP603W8FvUHu0JWFLa9JZ9xUJPFs57aEJO/Tw0EOq5BTlZrXfEUDiJT6BDzSrNSdNldId0YzaipJ2DyjhRoHBbyrqSWLJw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_061ea792a5ab4018a8dd55e44f9a7e8b"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_4bfef3a174570f1d4e0d1746031149f0"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>PuEtxVJG02QjIUnbjoCyZ+69ut+89ZGZd8JQ0pg24j51tTphpV669Q2W2ICpEHKyvl76yu7ltQ83ew3pQ/6Uvqxg1ADxE2ImzsrHBuAv6msjt7xOfwh1c8WqtlmDK53+D10AVLESiYHXXJXP9WrwWCAG/r4b5Ew9nkAkNquHmxc=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>pLewV9cZr00h/luVcvMv/0Cmi1lcQJaNNL2obRT10stabuwN9hPwnmT+dcAwaPvbAkRaN78kUu9DM+/+ZMKFKvYHu2HqR3qR+lAQWo7WFsyjMePVh6K+RexwYesKxVBrGMdvUA+M4Bf9a38RclWxWpWd48GEk5oeYz9ccptg9lJ8W2UIdPCa7HVMxWBuZ7ksT15FNifl6lKX9g3U/phoaoz1txdxkwOWxzPWhdcUj4gAT40lrlZ4g9LNf3uSmqUKeRIx0Rd3gKdcZura7nMDiFMeKXN9/Do2G8YC7ePYQjMUQ+3Q+OjFqF0vUblU8AwwXzSMl9/v55WZ+p1QL4EC/Wrh/SdOXzVAQ7EPuab5/ehwakOt6IJfOzc/qRV8FqxXjJ4gQU9JKtuGn3IjoyXdfNbs6+bCD8f9HTF+aOTwIMXYVox6v2UJLzqM6tA/GEVX+M0F6OdpkGg/WLNc3RjeZ863f9UDjwnwxF5DUVD9v/dr4fDg6Pev7OL6lgiQp1tmeIPZXIb2MskoJmpIkNg/RiHm01/q/sfVKXL9bdfxwYHcC22Ky82VLgOLLpRoBZv5rP6Jj9bQsPAVrIhgqjtlWRgTs+yV5wGoJA8QvRgnHYo31riTjsKhwpSWroTuGVXQ0ZAfhaJROT7vaLBIElysKJMyeHyU9QszLOkw4fbmKvKv/6IC36bOphpvfkUOoqHISWu+4B5zBpH8gZhdLJxHwrmGqWMDjseEv+IRWVcd7of54VINEYIDEZE7edAspvbSp4EZDlAu45igjkyDzK6kzodgXqiud3ek/B2x1RH2xN0apLgoC3nExpkKGBXiOAntNCBT82Az3duUD18FD8WMRvYmAJzeIRWU1jMUK5Nucp13GHRqXDTutcsiswlOsUMJ07SYoqrlkVbjOjcIOEWRXA1sWmX+LSA4ug6Ys20sxPiXFcUnMU6qNuKtH+XKNrBI7KuzavAOM+coO2b/++wvd20OzRhDvP1Ze2ySefnoKMIElFvCyZ9/vxcIaGGPp/awOnjNxvPG6xRcS7S8tqYeHL9skUhFYMdvmgsM32rNvmQv8f8h9Yr5E20dc6SaJKNiNZ8KzKOaTbSpceRQ9mOPJgy9U9WW76KfmqDGWnTIIgBO7WJkXjxT2hRqJqGs0X0GUA3ZxWo0MOuiNWyEFx7lVXiHKBl1PXSxuzxdlftcK6OHv5ymrKuS0gmCVdFrqKjwzRl43CWcIEsRRJvQDsOz0dOjCDnOpOIJZI9nlwDbbEF5v4vEuFXq6YYYBkj5G+7bMV9KApajCdVU9gGiQmyg5NVF1h0S2enFFB2gBBiTE4HCSs01h41Lrlhymf5/AYaGX9JN2Xijii4URdDMfWuIj+3VSEoyaBQEErF+rfQilvlQ1VgwuXjfUialJHWcsTxjaXpb6A2jctyILULlB+rMcr0Y6x5iIY5kmmdB234iNeVHVTRCfrH7zTVF4cqXbAXfcsmGGLK1yKiRJmorF2lgQFyraS3456iKP7joetRnUe9VF4WCvVk+BQBqjptsUVU4Y+sdSCePOv9Haba/mvkKmo9L11p1QXSsAjzQ7RcHIvkRVdqciGV7oJ80n/w2Yr+KeOFbW0trhqxO0yhE2N5PPoNZ/083Ld7L2VvSA34nrvwlyuG/uBWKKZNcqey7mnJHW9jLDSGDuEscoHWG0ilAnR6oTIjyvXPlEd+CETr0OEkaw/h6eno7sJqOZ1H4XXtQchSGe6yAoYD7fUgSw8SHjIphzT1bvkYcd46bRpjIhzrwWFj2tbIJGGYfnKzInRg9Akyqy5vLnqohNFIS2KhCQ9tv0yh6rvJCXGCXx2zbbscXzi32xXmVYtpz4AQlVarHZn3uTVdtqr793OELUX/oU/54O5nH65sBLkVXeQrKCciaNHu9/fj9yU7tU1XLu1eSYMXvVR0U8n7x/tXjxBeW+sarP+ba+8hfe/ktTgjy+DlH1qBp23axAHU3llSIZbs18XXJIhiuHgGzsxeH2KJG3BvRv0tFZ30CecPTdlfHjSuXOXxjkJzyCSSArgW7AUbT+LhvNabyayT383d5H3pSuyLfquwRIu8YyGCLj1PJBktgl9F/kGxsjMcx3+DwmzXuks8xEaUMSeCn5b+Nqu4+lJOdHdigLRhuXn5A16Kv0wnWkLsNOa0AvlyMbF7zfmelfQN7vnGO3FFrQyeeD/52KXUh7nyTx4CCc7EGu4KVQYo1n91hayGK0r9eeZC52R3/lOeiHSo6g97td2xIROzHsN1XCwf2VdTMXqgg9VjCGUMG9aJsA+F/1QFZobm493pv7fGpADKBV+plLF3HHA6AtN4sWaIgbA+T2q4irrp5MEcrNUO+CUv2w2O5+tyLy5LmBUJku9USmvKehWTHaLhk0HI1MbxnSzSx0pfoxOUkccBq28wYiccOB3+mfey9zT6eBU/iQLp+XrizDXS3dxYQ62sn2E4eyj3JBoQduMwceOt1KVo/RCl7GR4dOCaW1NSkWcJbc+RdMkha1k7SDC/DFuPC9+klLQQQeO2yRll8z6+1AnqidKgyMdeNAJf6R87Pk2WtqRn8k5edM5fGuarmveYjTbdhuVIwa/cqkDOSQODFsZG8Rvn9m1n/rEJ1GZey47Ao4MhiNsydbc8cDZfTUbK3iS/B1Y8oDrfLwGcS+Qr8w86bU3SJ3xRO7XuootBRrn4jdcSh9Rqdv4rtohXZGrG8g6tFzICF6SmfJk71ggQCA+s6wgmznWLWYSBWVV68niaLfdUx1XPQP9htOW4an9obIF8K4Vn6lB/F64tEOXbiGGOfy00+WlkXuTz353OfwiE1xTygBTb2CJetwrIDTA/0rMczIAi4AbWrz4nYvdVe7AzzlLMHXwKbJZMpa54aI5MV4mRKDZpaB4QfqMNRnMb/+kuG7XwKFAJO0u51SCw+sDT1RetN0442IruSZXQxlEiGpDMgvgv4KKM+4aZEQ1SpcPTryJSR2Jyp9onNOf61V0Vk+MDG3MBmXGlM1swX6o3qkJaX1KUMYs8zPwtt6w++vxJPfLSlm73MltqGRNmKwjAkW+7nEsihwtmQNZ8r4V17cMpKzont57lH5JDoKEZG2JsfelejNAZZdHHpvudN7bBb7a4TVKAno/iAuPU+KQsHxlKO7fFHWt4k0nsZDm5Lk67HbQjgOAXuhc5dzR6Ff94Kxyp3SQADzDrIMdHqYf9lSgLueRJ08Bq87w6dEZogM9ufYhzSmKhzjyYCc0yszjm0M5ZvJDzzS64PKXSYdQhHcYOPp+Y093JMqB4MYFjE4ONEznnIjTsW7j2xRb6Q7ALORaQyVKKHz8Y4ryctARH+SOlMFqaikTCdgYsElBxYO1f3mU9dx6Ai340Y+r7dTjLvHu4pax42eXt/HVQ6NqBhjiNajwld0LvwVz8zhsriqJlxyzxpUfoFvcNOuZP2lfvk5N4jw5zLVpB2YZDR53BaEBN2Bi9hNe6Ge5DHR1S3+VYqnGAxzZPl9/V6Do8Y0NTrlpH7DrBWTbfDqdxajsClqIe0ENgDyjtQ5NOhsUeyWCke0Xp0GxFP5E70NvwKFj+Z+uwopLNYLZU3YhaESqvwg1Lst8f0gYiurY44FMbcC8If6WHwzZSGrNd05Cip+CgF+8dzILK9eeF36gGnnvFWZWP1S60QDpkm3ApsdMTNssQUJlEujrCc180wgAPJryQEJYcjqcRAv5SesjM71KEaszNfhML5iZUzLndJZmh4nFwziPOSOTAZ+bMHqYMbFAlbrjNFFRMF45JJKSzxxgVgF7icN8CAxa1rKjoKC7dadrNGXr7+8K4bYnm9w4uW7LUdRpfLu4GiLY6e5m6CEQa7SuDc2NFGzJ1fWhFmjid1FvYKFcEZPLjHoeikaFqMYiwYhtt2iK69jUpZg7Efx24zhCI9ueJ6HdLiOUzHdOwAfKVWZBYvu35zT+Ytly4vGZrYDPgBaihwBQUXqhC222uJvSo/QlgILba0QzFSsbTUA2paiZfwsWilJFFH8rgNXjiPdn3MvRd15OiVi/SCuv0m9JTb/kZHFznbHVP/BsIP+Mp83l2pvp7sJssXGi8CEBpMSfzJR1A/IMl8Aez6Md5467jABg+aAjJ++yMtnC3zZqpm9ikW0Rea8XEgEx7/hxuO15Wbsc1GELR2hGxPrdqzGJhMbSkLdgJwSweTWbWQ5I7NGAb/BneMipCGNqN+R4Igl3GZewxcG7c/ojkU8vUIVRMwOkzMadryS02RqwofEHe1gKKoP92q4O0Lm0mINIjwYVrfxFN2Q/oDdeEGB/BfV/MaQqcUwpKeGxkE1KYwEM5GKx4yu6YaTbxVGxuuYOU+uBHatOfZyHQhgdMRFqwcxX2MAPhxGxlCwgizEPwnDS5s3jvV7xhdBXVfDaF+/ohLaQzxgUV4kaTCQkFTVCVeav4osr6eeNCGL1YXnHCVuDuq4GK+3qOzjUQhZqXRNg/a6MoEfQzIIaM7IKxde3lzsJK/hFxrGfBJTrocluHQbufj0erOWYehGnodZhvcdBaTKfudGk/hA4Mheky1G8Xpwddosezv7AanxOaQkxwC3gjIPN9bbAOBK3T5BU7OOMwcEBtuZL0y1JAO1UzsY+O7WRObM7Vigy0Gw8jQaJddLzXva/fy6/BTQLprlAA2C3eZx4O4cnerxWTiJQJB1J/X8Wytsf9yc8xeACngl8/vs+GwDaRc8oM2U9ILSSMyQbP5ilKxm+iHWqc0TgCkSCJ+U582J1BXR/OmllZMXPw22xkM67oYbgEHphT47ZXdbIndUENkkFmdkHxAZyjxLjwt9YQm4xQ6HYxJ5T2LLioQ5vDz8TbPOTFh3LNmVnz6Hx4nojB/BoGBqce53G/fhINiPiyrYIcuYalIftfEUmcPGImhSZdlsJiOdswbmbUF2f2aa31bIIsUoVNxsAq2jUrcE62yeXxLZEY+0rC5pzL8dF8JJhUIt+Nfo6PEPH0jpzfzhcYMCTjJSbpsdFBvIWddhDfRyiiApHUJImWKHGfYYxtMqwteK7L0CGhVA+5N4ErehpgG7fc5RLeOFPHM+4INDGtGqCPvKRZaNRLLpWjQBuIFGSzQ36MXHxshileSZMoLRjFGBvjL1418pPjk9PNZquzdMmklFuaFcDjhdDzhU+VuJ4ELFNa6yz8WHklqUSckh+O/U13ljNKYZ9p5/PNZR9Uas8a02gUmk1y/kq1XA/GsHPYt2epXTyo47iSH01TeLhctjxlh7bO+WnLYiADAvLh9Pegbc6uZp0uKixFXLqHxaskrwmh20qzJ7A9ogEvC/HR/2Kl49xf66xe2Y/S8UNx9XkDKA976SI62v+4Tt8+t5cyqnrEXepFBzwjyHyc39UvAyWyDMG2OEb3qLnFdiVtfSYnNxh5IWO7bUmdAELCumu+JKNQmBpc1ob3DEUdexMjNxcWTseQmyyn1qQwgXzHuAJJaRc6dpF9a8Rax2G8TrwPb8+PJAGwCxYVqpw8lpkvAeOV5LcSduWBmbx/I34uOrA4Zl8FaCsQFzZWTALG8dqwkSw/erY8AlN+/Rn8+eiuZBIxwjoBr/b7e2OAO4L0DMTtmztC6GYsE6vqoTjgMIOskmBEBcE0hz4IxA1f1TUsQG3uZNkSiaHGwYV3GxiMmfTTN5Zo4W9fMf9JNQJ7u9eh+z8jc7Xc4lgeJLTvs9trDugEMKt/H9LJmrnxu9Uos+bMltmRGfKpw6rtVbQKpz9Tag66jKIIsBwfjn8junmK05iDM9X7gC5+lU1HMOT5GsB9f+Q61BN9+n/rAtzaTCRs6tQglZGVT7gdTR92i9bK8/n4FZ1IK8Kg69/atB7CyrWjGup3VofwEl7I4AogM/z15++55hPKx6Vvd49r3/Zcd0A8Mv55HFFQdA3kmdoixhr5a1f9SBU1dnHyoGfJwBHhgdjJR6Bfgq+pHvh7Ne9nKH8MHlImZHsYmJfVCu7cEb99783XT/ynXuH8VheTWsNhSsm8427z/4Imo7TxINp88Fnkez7tqmDWzskli7o/JxDc18XdLj3w5iWIESh/RPMx5ldswrQFGm64GnPK0O/gqcBcJu4glyQm67294nnID183wtz4EwUOlxrNHCVrixlqUKvlhqFX9hvcnhVakmCCVVq57UINVOD4R6KlFgIP8/97ootGTl3CD6BQwsy/Gsg/NcQc3jGSbHsNbsrYPi3A/j0GbsTV3J7wAlei8v7wduQnA71Nkco3Mtzqinmltn8RAkFtyGaERZqkqhv3ju99HspZjT0Y3aznpF0dwpBV5Jp/18EWADuUDGzB5bGZHuC5Tj606cOxvqzTwYBYEflGATkspsWJWqOOlemCxXoPXODpZxX1ZJE8j51/pRg9lVfkU1h+nV9hJY7QZBmpIBCCu7N+Tz/mTszOuwZX/KD+EU37jQZdbPH0R2X8vwy0KQcaFaskTDm35WvlKxp/nzMR9LHhklx98KRbZ4AWGrHB+tGSKTWOJ5hlx3jgXZ2dbLExgtSG1Y5tjplrT9x1XH3YU0x7tnoLdn38P5d095TzlH/7df4mkFtnDnb0WQPSFxO8fSMruaJcrt+WiqiK9wDXZktArrXqGGbGL1i/T20TGlxzvyG1B3ODJmcBT8PAinX/+tysj9T2q7MKXrOoQJkQH/EhQXdCHc+jB4Nha0HfTNvjMaKWQ6OWB59JBfeHQNBBT0fAcVq8mtWj0o6qyo980zI4y2gfXD+a5rLnf7pf1PSnUp9WFo3D36HEq7VV3gfdyFzDH6cO9DdXTezVs3bzR95T4m6PxpUz+F3iUCkpbarC1XkhxAJjMXZvPwbTyA9zlIVM04XUEZBpwOlwUzRnmoEVk0osDgoVkIOdxgG0nW/V1RkbdOp84l0tVm8VYYPovEBsfrPyhoI5l36kVq0x3JPYZDRHM3V5hUu3yrZhlKo65E1rnsBYxYz21XIvn9r1I0p4hi+645aPjg1qCFaZv7Gn2Pu5jC/mz0kXaQBTI7AA7T6Jy9JYFy7XOZ87SQU+BZvJsm7urvtdf6GlPWJ7aG22b+VD3Jz7Vsitbp7YeK9GG9pUlRSpOvtsbk5AIZSnmJxS0OSdsC45eHMZla3y+lxGbeqlbO4G1hRd/KHFE6ck/m2Q2GDRwmkZQALE1h9k95JnsFQ3JcpdFPSfjkcRi8WMMtjnQunNXEqTuRwugugsUud3+uXucIw0tDUQdpMwbLoNaG62Bzk8k15osQBrk0MLf10ZFkkW5FeLi4QnSWPSJGwvPoJxMfcm4M0pTNILPrlJM0cO0VJ340ZjpsULAYyPmaAPGZjm0hHsNAxu+GAdjPnFYvE5HoYKddnIY8YkQ2r7OMBbqGRWdc/u0pqGCuRGaSnzuDO/7VVamvgUdWUz6gwfC1IUEA8qFXQoshhzrgyuHLTMVqn3ti9uPftC7nIZw0e2JSDoNaRglE8uo/eybepBnaBNviMOqs5iFAVz4AvWnBa5M8/Dc84RtMpx7e+BQ5L/F2zuGnd70kRt3p0SH01W7R377iLsn4H9i1ofpiuJYQIPkKIoRmTinnZO4chu/iq7B635rRhvq6A3Drpg6AeN/4JSGNedX/xIsebZrUbw4jclA88FoT+D/wZNtDoy4BhxGw6N8P5lxRS/nh8cY1RlSQRihvA2tJYYEKyKWD/Fcf8gi7ZPetaGonNGoikBA5UUmEdtwRqq3nTt8XYlpjxs41S6b2p39iDGh2vEUKZDPT7EPg5gbfKX7IeM4TPmFBiQYTr1ruPSpHj+aW91R1TjFtOoAsj7Vy4fSPP61NFxpiqrsBHf/UzsAUKgLfujFElQv4wxuMPbv7TdJ4EZxUXw5jqGoVDMNmxCmVLaBHCEaCs4BIGxBq9fesKg4PxTf8bOZYaduegxLUpdyyzBQFYJNpVM7swaH+3SMjJZUX+v2yPf9IPyEVt05Gmh+HRfxJeOwxqEhP7OUx263biBqhVGF+xUbnpj/qaJltkxCyUBvo1QjxKGhG5h+u13w+B5zXogiN3BLs5dUePtxgavGbhSNSJ6pR+L5K+cQAVwH59X5FZOa/UNeJm5NQTRapUaRV+cMkQuQYpI9AjlGwkr6C1g4XBNgdlfiPgSELzF4mdcbvcEfjv+bnZ3bCB9xlpOPNrcBWChubZLqyswvy9eDOLW1LeFLcvpbEUDJLkhxr7+O9NbMiPITj9yDBMh9bLsEobPmoZHxASLCUz9Df46xTpkNqtD9/yXbmI2xrBw+9CC6CcsDjXAupa3bcv3w1zv7q2tsNC2TVfhQXqonZXouV/IBfw53QBk3yyZlEoUCXMVgV5DJ5gaVCVttUL8smRWG3zdj/l2pOxfhoW+HJmYEOnIxUDZnmBLy68kXm4b6TXNcvjaN4dmSfByn0HXzl2kqADyYYYKTzpzxs+KZciM/7o+/KUjBbPP6DeKqzhm1fM1HCofgfF0v11F28zyvtPI6xAKc04vYvzqhnS8gweyqn8o7m9zEHAudEv56HXQQXVZNCNaXvxZlzgaJr5lup1VDtBbE1lW5PZV1N5Hx4CjIu4+/XpCuXfV0o7YeVabtYLyaN9XnOHBqcSjHUkIjTm2SgDTHcOsSvylM7ujDoPntbvpjpn+lXQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-05-07 07:05:00,414 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:05:00,415 - INFO [Shibboleth-Audit.SSO:?] - 20210507T070500Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_c5qrhgtg3y5eup2q1hbt9cmqdd3xfy879j3v|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_e69d2b60e9e25d82b42164df36b20629|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxAKM7cY21eIpG+5GOuJY/oZWW5iQloqb+Iz6hQ0Jbni5phq0hlgQA+46aU0uXc4CMB4xwwku5DPwmqI17ulsdedbQKfrFJLPdD1NIwOKP1cRgDPeaPKznKxGIemdNBbmDaIeptd/fGNd/quC5|_0c84a51ade6c6796f0e8b66b23a52fd2|
2021-05-07 07:05:02,207 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-05-07 07:05:02,207 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-05-07 07:05:02,207 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2021-05-07T07:05:02.207Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_5adcf3f3-4226-43e8-85c5-0713b363b159"
    IssueInstant="2021-05-07T07:05:02.207Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-05-07 07:05:02,207 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:05:02,208 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:02,208 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:05:02,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5adcf3f3-4226-43e8-85c5-0713b363b159', issue instant '2021-05-07T07:05:02.207Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:05:02,209 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:05:02,209 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:05:02,210 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:05:02,210 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:05:02,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:05:02,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:05:02,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:05:02,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:05:02,210 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:02,210 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:05:02,210 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:05:02,210 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:05:02,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:05:02,218 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:05:02,219 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:05:02.219Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:05:02,219 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:05:02,219 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:05:02,219 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:05:02,220 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:05:02,220 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:05:02,220 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:05:02,220 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:05:02,220 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:05:02,220 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:05:02,220 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:05:02,408 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:02,408 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:05:02,408 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:05:03,012 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-05-07 07:05:03,012 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-05-07 07:05:03,012 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:05:03,012 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1970256330::identifier=rick, context=org.apache.velocity.VelocityContext@26d2dcd6]
2021-05-07 07:05:03,013 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1970256330::identifier=rick, context=org.apache.velocity.VelocityContext@26d2dcd6]
2021-05-07 07:05:03,015 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:05:03,015 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:05:03,015 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:05:03,015 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:05:03,015 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:05:03,015 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:05:03,015 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-05-07 07:05:03,015 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 1604a7624143f16e65ea3cde29d29645ab24170ff19547c162c28ddf4bab369f for principal rick
2021-05-07 07:05:03,016 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:05:03,017 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4aa6a18e'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-05-07 07:05:03,018 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210507T070503Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:05:03,018 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-05-07 07:05:03,206 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:03,206 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:05:03,206 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-05-07 07:05:03,206 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-05-07 07:05:03,206 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:05:03,206 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-05-07 07:05:03,624 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210507T070503Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1651907103624}'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4aa6a18e'
2021-05-07 07:05:03,624 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:05:03,625 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:05:03,625 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:05:03,625 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-05-07 07:05:03,625 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-05-07 07:05:03,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:05:03,626 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _86a87bf6053ede69b9cf28c40137e5bd
2021-05-07 07:05:03,626 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _86a87bf6053ede69b9cf28c40137e5bd to Response _52551d38b7db01c907a57c96be5c9df3
2021-05-07 07:05:03,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _86a87bf6053ede69b9cf28c40137e5bd
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:05:03,627 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx2zsNLjBn6kT1RZnafQvfJ01kN+F8ERzmktglXKdchyrA2xjXoaMyoOr3V48PjfEZfiWWAdfJXpODxyWZziUv2/Ap3LutTDOLbCIbNUWRCrrbDqe/5gDIkw6Qa93amXXqRBS2IF2yuD0Iu9x5 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:05:03,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _86a87bf6053ede69b9cf28c40137e5bd
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _86a87bf6053ede69b9cf28c40137e5bd did not already contain Conditions, one was added
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:10:03.625Z, to Assertion _86a87bf6053ede69b9cf28c40137e5bd
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _86a87bf6053ede69b9cf28c40137e5bd already contained Conditions, nothing was done
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _86a87bf6053ede69b9cf28c40137e5bd already contained Conditions, nothing was done
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-05-07 07:05:03,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _86a87bf6053ede69b9cf28c40137e5bd
2021-05-07 07:05:03,629 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 1604a7624143f16e65ea3cde29d29645ab24170ff19547c162c28ddf4bab369f
2021-05-07 07:05:03,629 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 1604a7624143f16e65ea3cde29d29645ab24170ff19547c162c28ddf4bab369f
2021-05-07 07:05:03,629 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:05:03,629 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQx2zsNLjBn6kT1RZnafQvfJ01kN+F8ERzmktglXKdchyrA2xjXoaMyoOr3V48PjfEZfiWWAdfJXpODxyWZziUv2/Ap3LutTDOLbCIbNUWRCrrbDqe/5gDIkw6Qa93amXXqRBS2IF2yuD0Iu9x5
2021-05-07 07:05:03,629 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:05:03,629 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:05:03,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_86a87bf6053ede69b9cf28c40137e5bd"
2021-05-07 07:05:03,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _86a87bf6053ede69b9cf28c40137e5bd and Element was [saml2:Assertion: null]
2021-05-07 07:05:03,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_86a87bf6053ede69b9cf28c40137e5bd"
2021-05-07 07:05:03,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _86a87bf6053ede69b9cf28c40137e5bd and Element was [saml2:Assertion: null]
2021-05-07 07:05:03,631 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_52551d38b7db01c907a57c96be5c9df3"
    IssueInstant="2021-05-07T07:05:03.625Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_86a87bf6053ede69b9cf28c40137e5bd"
        IssueInstant="2021-05-07T07:05:03.625Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_86a87bf6053ede69b9cf28c40137e5bd">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>4FiXA3te1uOd6OfyQg4ir0k0QN6MUZEp+tETKwn74ao=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>npfk6w3VntKhUOiAybiDS3bPuq8fEu/hWUkME9OHwjXRsX2itfVgo/cYfniEwrW2i9EdiW8ReAkuYL5dUbcnAH5CX/70ZaMP9wu0cn2su+im3xMNFK5qEAvDzw5NicdTheXzs7ShCYRPYKDd6fifIhFaUhelSaq6+gDg2s6BOruunm2YHVs37bzV1apv4JMKgzWTNoPmIm3INiBHvV4nY/Ra5MLE9CfutpmDW/iP9PkkdadvDH0U8RVTXmy9E86SknuY4juRxuATKvQCKFBWiu9aYwZfg+o7oHhor6ojF5Rjmic/Xlx6aVvLWJIQM1039aGJIDQ3OLDaHNPCDGgmaw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx2zsNLjBn6kT1RZnafQvfJ01kN+F8ERzmktglXKdchyrA2xjXoaMyoOr3V48PjfEZfiWWAdfJXpODxyWZziUv2/Ap3LutTDOLbCIbNUWRCrrbDqe/5gDIkw6Qa93amXXqRBS2IF2yuD0Iu9x5</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-05-07T07:10:03.628Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:05:03.625Z" NotOnOrAfter="2021-05-07T07:10:03.625Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:05:03.015Z" SessionIndex="_1d7d3bacfe6258461c9bfdccf5b0d028">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:05:03,633 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-05-07 07:05:03,633 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-05-07 07:05:03,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_52551d38b7db01c907a57c96be5c9df3"
2021-05-07 07:05:03,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _52551d38b7db01c907a57c96be5c9df3 and Element was [saml2p:Response: null]
2021-05-07 07:05:03,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_52551d38b7db01c907a57c96be5c9df3"
2021-05-07 07:05:03,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _52551d38b7db01c907a57c96be5c9df3 and Element was [saml2p:Response: null]
2021-05-07 07:05:03,635 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:05:03,635 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-05-07 07:05:03,635 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:05:03,643 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_52551d38b7db01c907a57c96be5c9df3"
    IssueInstant="2021-05-07T07:05:03.625Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_52551d38b7db01c907a57c96be5c9df3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>SDWpc17izlYtG3fN1ZksYJ0RP3YDD+5tGENGwWcYwGc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Ruhgxrh6d+FtQlfA+KPoU0xKaKTHRaT0XmtZ7jbEMgPGHs5sk/i2GEAyStnK+UApzUVv9qY4N6bj6itOC6oHp1xvB8R3//j/oaird3lvOD6evLvSB92/p70hS/HU1dWvYEwmqoPz0nbXlwiEykg8ncUrHF3ZQOf/bYqj6+bwA+cZtEfSfk50gIbXZkc9mPupUAKtGtRZgH4spMTKUEQ1j71M8BsoEfiQeuIZyBqiim9IJ8H03Ct5z14PiRG39uUIDH50Lv3P/3efK+fk5Y2JROTWfKWZDAIxaeUHyhWqEzQ81xl3SkVmOVg53ZbN5m5lpC1XWQ9FnzRWEHyaGekHBg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_6ace9f1416ef8a336754e0841b425c05"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_287f4390d03614ee7b079a93b8ed2a57"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>F68l74VrYgDUy98J+ye+lucq+M08bBDI+LVuh0MUZ440drG02Z5gRYVwUgUcx15idwg2giUaRbY8FHeMlejy3UIGtMfgWAsiFvnS+WtVZpOUczfDAW2GwMELJVGWmVaimKKAq1tKqnPNW3uJRIXz0WUgHHddF4VJ0OnUu8kIa3g=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>hVP2wdrWSE4YBwsJBsLbFNGokdyxo5GoiZydiFjpvvqQGltk+LtPDgvwF2tM0WWvlK1gnkXm3TwuP6T/Dn/S6b8kWI51R5EgaEPKulpY9+s9CNf3IIm2niyOZZn40QxeEN1LE4gBl3eteUgf+d/dx8xh0QHJ1dRiNdEBht+T5nVnf13uoNL1aG7SsBZKqHceXpylmEaWnZ5G44OO+xODBhsj9sWaTths+HKZ67qXt4H1sXC5eR7zeC6r0TNgvat/NkyI8+5XMDJpirF0p3WPyPWhPh8g1pu57zmbz3pqsWlwo/N2T3SjQLU5zW+QO8axezcX6ejZApklotkXVzbzbdHaY5LhUyVTT2SWCWJuPPszEdhAo3UbExusOHnj1u9gzlak14hI3hwEptSr10LrApnsxSFgjj3+0GUJkrE/i8VVrlnEq/6/cbDdj2cEOZ8xdNPrinwh/zPCDgWqCvVBSQYOPh8Yt7RbAp/kcP8XhKWGHSUaKCfWfvQbwdP3DbCNhxRCCkUAhZVyrEex7jBhTAvvc0Rn8zsNsLNb5Tac2ujhj29eAlJf5a7yMxKxX7PRrpkdmZV6hmPuS1TsXbkYW6WkG26ES9JfLgIYKSji43/Tstj0rzF5ieOaQYngwEXSaAfhSJFH9KCXhbFB5aiRs4dPHfXTZuKqXIZrhWQH/mAstGaT8MlR3/49IsUXJpfSCueVLCgKtSB3vk15Xl6lK7Ah62PO6/wUbZ2XjusEFjLdo/lSg8bmeqn47AS2DrKKfJ9AYqrnslBzFwVbpnpvIsQF4MmpdtQcilXOT8nFFja4Ej6KBRRaEBVRrYKjfhq8Y4I7Zp+0WYtNfQew75GfGZkHLMtCuVEFnKXLVnz+ywll5BrPW25D1aJMM5WxlFybnVcQa5hvUXovK2jEdqjWPYb1SfPMyQ5s278Ka0vxUxvVT7G6JPCTbJ3tSv2uVDqJA+98doveGkqKBPMILhhgwaSxYLt15hIMMJcqNyz3Va5UuBcWdnolFrVbEC8wjrwvLWrDAEe73qjdY+dS9yb/YPB/o1UQAfQ3bv5grn3V1tMEt4tsRtwPxcLvkQswB1vphN1qpDKNCzM7emWFJvf+DYL7evOh3IM7Koy7hgXf8Yb9IH5/wnJp7XgHp9BRrQKFOinomHFhAOHaRJ4zTEiekPEyCZTO3eMQ7V7yJ3eURgnHKIV3WmQbKzLuDRcNvafK/pwmAAkSxzmkzNW2YOKaU3nUlMAm+qrJDYWQQacWaw4V2V5d6SUUiz2Jetxr8tWmrQdzSf9zXE+aers8g1REj+VY0G+aA/QdOHaNhyiwbwisL7V/ri1o+ewUGXxwQ8s3BYqJO8jQkvzKonvr/P8KXpyT1zQZ6BpZKWHIJ6sIokeLf4lS3vG9L/Rh+2UhUumtEBg0odIvs4CL5O7sbwaVrG7FC0T08aNHB51RIwjuBKnVXL06KeUFF6z0ayYT8FCxe/ku/ziBzJ1A7HAgGcRvSX7LQBYAOHrY0Zzvx30+KCKkNy8N5FjiyTMzMz9b02rqHybKQDrM6w+dg3b/rGEKAkWUmtOvMZCAQU7197V6lmBX14yiI/g0wL2mhi4/HzSP7M68RDV0OxOMoN6YMVO3ikcxWWkHpMSOIncofMsLkWtnVbUSj6jECkjusZQiG4lB4w2Kx2wo+unFCC6lTVzM3B8nqimAYcVWWTZoMZmMYVSn0EDeH5vNvpZfqKHOVqCnwy2nvAJSVuoRnZeI75JlItYVILGumlZUS5wQUDPh+uDKJCaIicGSigHZQbcj6NhhQKiCwZrdl6sslRBDRWlrP2Bgf4xeCq+5WEHFFV7oyVVkIDVMhySdRk2HwZMyEdDTiW+qDMwh756sBdYjjnFnBxw3ieu0dg/+GyneKEdEiW12hGGfQBv/V+Ey46oCXV9hhJRMCRXtfU40CpB5YPExS++2H2+WhV/En93grX3W5V4vqohNhSNj837yBUur93nHpc1/vVJ1QPCDMveIeqyxyTT8D2smQpK3+zlQxRl6dkemLWd0b6F/7Iy5yXaZ83bifIdSfpOuyAIyATZnTlcAp2DSIwDXArvTypdSMl+DBVxrFfxQNTjmGCE/a6IEK/VnQaZgZaMpPVOGNp6YcrleH5nbwZoBFyaESVf/QZJn1XdZuFSij+Z2yYH13t21+j0+vMBC9+JFm6iyZEn3PMqqXuECsx0Y0bg3b1Pu98X2vN6dChT3piaY6JEtKzzLYeSaagsoYYuEPzlpVPbWoHFI1+AYzds4Wixs+PhX7UBZ9RhS46jOqb1nX/AsDYHJorX6MJVuLJGLrnoRztMVQawXK1Jq1yoIwxgu/6G/9fMqQOjpUdDcEaprlISh1S/ofGiv+sY6qqZ7z4itCvAQqPej5tvlsRWuHePwqluxWuT0t8/oBcuPjd9hTbPMxBbGqoRrtbomhUwYkP97vbbr7IQiMWqMlO+M+uW+IFEYiGpHNQ5Z8+RQcAJ/3+t9ATDNbgWpSEChXOlaP0BjOp9jD5rL0BS+0WRZyHJauf9XtHuc6amicUwu537TvHi63VBX0DqXLFTExDGHdU5xGw2A7spZs9LHej03ntfRJ1QoQktvqUmVSqYrneeiqmS1z58agN6fDqghP7pUPXPI980XPlXgpMXibpl/oX5jOKHqeljD+8ojBIW84Zgu5D4l+JMt0kj//w6joKN7XHvS5eRMZb3U3LVoKinSPaVtiGfn50muVZvjNwOkg9E9V/ktOOWDcfEcwFGA3YQ4T6lxEjoyhg/49wzIFTPlFGXlKPDZDlzZYzUTjslbKSjNATAGfGGEFvcDiZTjTDJ3C5mOG8W7E7xzi6DH5JsqsWSnxSYv1Di8tuHPIaJZ/Tpo6Vhdq9t9GAc7YdefZAhE6N5u4TNivgUR0kcbeT3gQD7N7Gr4cc3ia5i7VMx7RL3zNiKvDQkLxXyz9WMWYInd/ulqEnoaxqE1ZLWZy4BTSRBdgDsAin29mbSWNjAhsXUZDzuAQDtVyjcLAJ421aBeCyQj7+i57AvVjSdhfeR2wERTwQClX/+cPZX1BA2SJyM46+DEHu77WUQqmLdQzmIPDIDmNHYTKHI8mxWSkpNCcY5SucUehMdBU5FFlzjyZ4XGN858D9vytrkRaUfz1ZaZsZa9C3+NT/xlXHZGdkyg7AKZNuqhM/+KfnCWLzaEjTWYPRKm+IXSG+/+tav47mf44xw/b+QxSAQYoy0hqEeklJ7MiLiUdUisAzqKhrO6Gb6V0mB5taYODO3FAbFRfgB+9hFsYORMBDWCs0mAco3g/qWbbNURjuXVTrAKCfaG9V/FqiPRG9jOU1J75tuR4nBIw7EQQUHJpszuuvpcv85ul9YrAGxNmvYY4fTLlLIvrOhuK1MxMPfSXGP+ib0tMuDFno1XGgS9cM2KkF/nfjltXhb8cUovQBpqvuKrvVwz4MKQBrDuAeyb9r0ysq+rzlvhzNgcSCeljPri7VrkUBQjvd9uwZTWiYs43IEP7N6pyZ6XObwGoQBxF+ng0/8nIZGiV9RPmLyrhPkzlgFe57oAOyd4z/vAa+fH5axWZYo8Hnn2xcc90rBc1O9NKflsKWgjoE0lkPNbHXoXU3m6biOszMTjA4Kp7OL1uDT7tNrhtkhwaNoJ26zh3Ft4jNqDBzx75p1KvNowVJrXtUUc/EN4ncoVVogocrsW+A9idc4sai62rzi51TqB1mPi46/zlr+YmQxlAfXF3eceTynz/mk1QpCIHkR6OuXSW5g7wtAr0q6/KzCxv7HqTUhiR3EU60hWHObltHGdXDCq3gN/xP2+b6PKuoGSks685MV2+YeTjHnWL4CmNXCZNh0sjgUxFxONz98v4eoOI7VIFw3ZbGBsWKojzBz0k7F7aHLpPBw8IOAX3oJukwCCMNoVu6NfMXa68ftxsZtDnjrk7IREO1F1oMMwf5wB1BYQcSxSOfb1XWJ2L+mxvU0jiEEC0RvZ3qZOtLXg7/C/Ij/jQuliVfEEFjV9nR0JW4Bb+WpGOfBOZv9z7BOw2bAbShGpZ2vS1Mh4r+WZqHZbnTUAKmQPyq5qCYDnmzOHMkQgY9tcrUBeO18lwoOO/mWppOAF+8/E+5dE0isbLn36NalExAIw6RsyriqL+9WPZXFjyk132mOaHXBln452NYx2fya8jso7MF96dNy2L64JTPZLeOwvZQn+zE8c/aAaIxc8BjzeThPPGojs69f9pSzVuymrxhEqHu0YafLnKv1+4rvQ/5OyP9540LRC8o0i01OI1RrTezdZEtMU4bWn/rNzo6eDE2uu/qty38EtfP9zbpi8GEsihnGvW6cqlkDozyzWLZrIZHQtqMVzQG1TjniGzbTYg2G6eC/S7q59DDB7632UrR460RuEgEGpVVdIU0hUm/k6RcmYmxy0U0GocuShgj+ureik2+UtBm+qb9dH4bk4qzny/tdfuyCQk4JFgtAMrHG5heFiX9mMK5FePvqsa/yUA8ih6lH51CLaezbW1bRN6pgMKtHd93imRbvpKZVeK1zPHHDMJDFG1LUuIPei0fuxlDWbkvrYuc9HwM7cjlM458Tkn40BP8cPShIzK5VZQB1Nk3NQyEtLcwrRfui1fW9Do0SoaOEvqEmusKglg9rhFY0C2D8fcecgGwfb8RZDl8V7X6N94p2FXu5Uj5dCBHzLhkPW25DMER6yAmy8TcwuTVEagYn/iY9qIW8TcYgxgkdFTwTQN8UuQRVKe7je+dcbQ0xCfDB8/Q/w3y2OvN4cBVa/EjPF80wqwfhprDubbgrvta8i0PQWoMEqbpqQOowToYSh0arhA0fRIaPZmQONEDaTqnNDNscbWVi0AAzgk+XffaE6ub88wryF54+NhlyBKJsnRI6/L9sUOoMV1EFVloAAd5qacJk75sjCfXZ6W0mFLDfqoRk4rx3I21tbG5kDBLl7KeoSdrK50Oe7ctAnIAiGOPyae979703sz4MNNw7Nx/BlKCLyP1mbhGVBlUO/xtyuiM5B32xL7Jf/RGUfYMwX1p8rjyiZLPpbVmAeqGZRvZTg5iiGCjCucnBNYpIcBQib+O8/Qx61wKRC+/xy3YIF35RXJJIA3L9sopVAjINq1QUyfqzyVp/zvmCPZ/Xf/lTZUuOdxFndXBDMPbEqb51gbAIPjYidpCAAMYOWIFqV2hSnHmRn90LthutBWJFMdS1/McHdVkqK5piNCXXL+Nvi363/scPJP1EDTRXo8U3uownLaRj27k/miVroLvJbixbrKlbeo0/hwhUDQajb/KQUfSaBNIvwQwiq00ZSAJx1BEwEYPLx1/i1YNz4LPxYBqc/Uc2PDGWhI5t7l7v1nTWJVKxeTlSwaIKp9M8JhktbdJgIz174C/eBbZnszggAY3AbOLJkj+uWQ+y4fiO0cv1GGC7oOOOoHgYhm6OF6dT/E3/uve1dbst/V5fmw17i2JHffZqt8Uc9irrajHvRtMzKShn9AmTFic2fLDZwXsbampj7EDQ7dszTslAP/AhF+qeTwZVyps6Bl7+5SYXiytiCEaNlju/pdNzlQdywBQscKmAywQH5xa0Y/h3EUQRqjltcqWkkTQnmoZKCvd8rMHEhtvpvCETjme5U6qXlZ9t0hMORubng2TQ68A8NstyuRK3XU1wxHkZnzs+0z611MiWlxdI2N2cZs8HX5mV3ByghL6hB/2sGIH1qHe1HPseDw3Qa3WYBm6wqsH2imhTn9xMShgyGuKbUxtOsuO3t2J+rATF8vtk9EshN6b+cX7xBdOlG909Y4pzvReU8et+wURv0hHtbbaj6QOaGmSOYTL5QoFKUp9EZbn3LY8H2MsgdE7Luh0npq4CMWGmL/HEZCXXcWQ6HqqU6AutKvCdO++al0Pc/7WDFH71mXuRi/zYPm0o5LAZ3SMCrqUmEjiQ7/n9ekN+YsOQOdlzlTqFOPBVqU2nK6jIdwZyq9oeemxNV5/i1UXvoS9p2MFt9YZl9yBahGLJrMj7oudR0vl8gIloOJTXy07zUcSrhJyLmUwl8A0+W4BNGWasmhl0QM/aRQmoiMyY1Gtu1RQacfvqNNavIR7pNLNmKSq8Mt1xa0y9uPPvyvdwyCAjTiy2CrEaO1ewZ+nCg36FuNXf/E6Z/OigrFLLxfGL2cgD6WxxGWpLcUpOUdkbCQFvM3E4vR0zo/jh09mgf7c4aqfAUk9KvC4z5mldKHTMp4V6hySH9IjIxNHSLTbIn3s5FI4YOuPQLskHMj8frLnkhadBDu9PvTS4ujm78D+fmbaFgTnK857/RvosW+sXqnd6aHUeLhrTx3V4b7ga9iPrYcSN8Qw0cn44vXVWrRP3occE/FRz6vdaCoy8130Q7bPRilbcWCRlqXyoSXwXN38YJJ47wZgYwkzEwM/yzCLNkJWyzS4ihRLMgnpoHMD4SMErfqf05cvtM5HAFuHFCcvh9Pq/SuDP991aU+wFSiKYq846c409kx5Eiuvg5ogQUbXifaspEHIwg3maDv6CftZVmbypHqvBvKoeqiqmDLiJ3wQePX2vAGFvtjYvYY91kBQwP3LyzzVO8PK75kDkweIqtDAkl88Rie/tssV6oYX3yzIOTSjo32mEZkKWdfVH7KPz8PZLH7dKLEriz3NeC1QC08nvJu8NcnqDKXI/MtvxnpVyoJVsX3P0KT8fm+YreT1z9qILI8uteULszp3YK0i4gQT7zTcXutoO3RrW8zftYKJKyyvx78Lx5gaAPdUQVQugGr7nPjIBNBXdGZEK/TBwv+o4qYv4KIQMfAPgfBl8lGBNU9DCWj2xqPrz5uRdNFQIu+HvVT8nz7TNpq05IiBH0KNgGxiHoEaPfwZemiG6pXNQ9+ImbFyp0p5MRYHGHeOYo7PiiTKvRTw/sn5jGMGVHTdUQHL6oLXRoEGimOnKnX1L9+YpmtACnZHmtsXHrUWczcSckpqLKbK+8KsS8DB+MaRSEWRCRqk5iwe4QMMRA8N/TLwd/lNARGW8+UGgstn5yvYt5W2tHqI1w/HgsTgQ9CvixDCt5SpI0VbQ/s9j3HUOkFsCGvlwrrh13Di/wHw1+m83Ms4or3iE0MmhvDoGBF5l7htp2gQGWyM+tGiWShtbi46ij7gqflkMMkgdqjsXpD4BFUZwdcFI+1/LvU6lukGWKrpJYMoQ+UiaV1uhLKpD8mT4HVrVeqQE+pRGrc8Hv9PNMJ8BVx69J1MatprHm3URC9lF6YcS63oA+iflXZlENm6cta2lzCe3ujqKMfuuhTvpNVAu6yy3kSCs1Xl733CpDU130/ZHyvss+pbJlSL3eaLnlcSS4R3sktwfMxU65l+MQxS8PoHX0t7Hn+XI3UTz9APusiQNaL+dnH6lWI/HvAz5nWLAwz7PBFozkpjP4IyC84EhywvqXVwfWfqPDTf4hGQ6L+nCF7yTQP6Oax0Q4HQRgoOeentinRkx1NRDbUasKyMP6n39hul0VG5BdCYCxPOCaa19oNYLvzoAwDrwm+C1mvxAueZqzmGod/9MFR0AHFALzqpzsQI+ZtC4eqTCixJqgCupHGHcxel7Wjkm8ApqywAbG8/WWMRjpO6Ecx8B/6MAAxAipWAI/axDKxzBLgT1eDGogWp+gSHb6etpB6rpJQEz4c28EPaK5XrehxUmPIb4vmemzW5vVdikxmHxrETHPXdt0SENZaR3l6F5DEb7xSxFmeBClnOmFxBcXfQfUMYVkQR+yAb4xvgeFaENEtoyI33pXeTlh3fI2GAnnwfMZ2T0Ww3NJb0nFGO+n00a++/ZvKHp3ko9WxMgKuXX1pZ+GSmVpRYg/faVXIBbu3CIF+w8PMqQjjchqxGjiUz/zeC+38yrtG1maxuGjxxk/IFrkFn/vTnNXdjj00dASf/p+gQPI2SFSIe8MT2qw6ukKDkg97LJZz583ujGJzckMx7OZnCb4yKH5ESYvPtSOQArfbClXZs/cPS0EeFf5oxqPz/ZtWu5Plpm9ICAFMgYTNPh/xwB0ORt30TbhjDRCi//E6doidu7bVfQkYb0i91eHu2UbUCqEx84oJqlqE+e8CzOiMy5c0bDOIHxVaG6MJ2xBawPzVjhHxdLkTFqYZJCFLRkaP3jo0vKnBv1S/Z7F2XCGjlTpw4MPhU4CmYXkEk0x2ioNlqDH3piffplGzxBfyUlY27dcDguH86Oe1w23oOsmnzXx4GIcceXGbLDCAvRwdaMc2e/sgtTjKhlrtt66EFvpSma873G14rCSVgfvLtKK/NepoMSW5fYYkLcOygDzOC88tqmoca1QJxUfNbA7JQSVZS2Q6AXfKRNPL/ISPF0Vudo=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:05:03,643 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:05:03,643 - INFO [Shibboleth-Audit.SSO:?] - 20210507T070503Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_5adcf3f3-4226-43e8-85c5-0713b363b159|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_52551d38b7db01c907a57c96be5c9df3|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx2zsNLjBn6kT1RZnafQvfJ01kN+F8ERzmktglXKdchyrA2xjXoaMyoOr3V48PjfEZfiWWAdfJXpODxyWZziUv2/Ap3LutTDOLbCIbNUWRCrrbDqe/5gDIkw6Qa93amXXqRBS2IF2yuD0Iu9x5|_86a87bf6053ede69b9cf28c40137e5bd|
2021-05-07 07:09:37,480 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-05-07 07:09:37,480 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:09:37,480 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:09:37,480 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:9000/api/auth/sso/acs/samltest"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_7039d81c-cbe9-4e51-8aef-fd108f120e2c"
    IssueInstant="2021-05-07T07:09:36.640Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>Tabula-Test</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2021-05-07 07:09:37,488 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'Tabula-Test' from origin source
2021-05-07 07:09:37,488 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:09:37,488 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:09:37,488 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:09:37,488 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:09:37,488 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:09:37,488 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:09:37,488 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:09:37,488 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer Tabula-Test
2021-05-07 07:09:37,489 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:09:37,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:09:37,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:09:37,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:09:37,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:09:37,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7039d81c-cbe9-4e51-8aef-fd108f120e2c', issue instant '2021-05-07T07:09:36.640Z', entityID 'Tabula-Test'
2021-05-07 07:09:37,489 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'Tabula-Test' does not require AuthnRequests to be signed
2021-05-07 07:09:37,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:09:37,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:09:37,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:09:37,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:09:37,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:09:37,490 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:9000/api/auth/sso/acs/samltest using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:09:37,490 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:09:37,491 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:09:37,491 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-05-07 07:09:37,491 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:09:37,491 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:09:37,491 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:09:37,491 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:09:37,491 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: Tabula-Test
2021-05-07 07:09:37,491 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-05-07 07:09:37,491 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-05-07 07:09:37,491 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-05-07 07:09:37,491 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-05-07 07:09:37,495 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:09:37,495 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:09:37.495Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:09:37,496 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:09:38,068 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'Tabula-Test'
2021-05-07 07:09:38,068 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:09:38,068 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:10:02,705 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-05-07 07:10:02,705 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:10:02,705 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:10:02,705 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://develop.localhost/saml"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_d4f4d048676f52c3344b3c4551e3d164"
    IsPassive="false" IssueInstant="2021-05-07T07:10:01.435Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://develop.localhost/saml</saml2:Issuer>
</saml2p:AuthnRequest>

2021-05-07 07:10:02,710 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://develop.localhost/saml' from origin source
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:10:02,711 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://develop.localhost/saml
2021-05-07 07:10:02,711 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:10:02,711 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_d4f4d048676f52c3344b3c4551e3d164', issue instant '2021-05-07T07:10:01.435Z', entityID 'http://develop.localhost/saml'
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fZFLb8IwEIT%2FirV3YucFyCIgWlS1ElURSXvopXKdpVgKdup1UH9%2Bw0ulF47WzO7nnZnMfnYN26Mn42wBcSSAodWuNvargNfqYTCG2XRCatckrZx3YWvX%2BN0hBdYPWpInpYDOW%2BkUGZJW7ZBk0LKcPy9lEgnZehecdg2wORH60KPunaVuh75EvzcaX9fLArYhtJLzGvfYuDZqnFbN1lHgBwawRQ81VoXjRw9e6s0HKfRCZGpu6pb3qI1pkB%2FYCV9jbTzqwMvyBdiD8xqPJxSwUQ0hsKdFAR91tslqkY2Ho%2BEmT3SaZtlnqrM8jzGt42HW22iliMwe%2FwaJOnyyFJQNBSQiiQciH4hRJUYyFlLEUZbm78BW59PvjD1Feiunz5OJ5GNVrQarl7IC9nappjfAuQh5pPvrBm4vVpfYYXoz5Am%2F3j89P%2F%2F3Pv0F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=iI4RfWx%2Fpql%2F5ChIVgnnhwvqcIuqKxlMOgwsACfkFiTvKx2mgHfGJlX11Kv97uWUgVFglXLPReXaOIS8VO8AdWdrol28JEh0EJljNb4PZMeZ1RAnoro0V2nx8%2Bx7ULsws%2BiuHaRQ6drQh6Uia0OXQ4BONCGN22xDzZhuKTcd1mKO41Oczg1a2C0Il9b91tgq3AIOxExHeVKSNFFJ3Manl%2FJ4tGQDcZDIRkGoI14lDAlbCxovNIjNwMZaCW26N4z5gxIOCfo2gLOoThfYY5zObzsAd5PGbV7quGtlyhSEj3LQ5Rk4fEsXB5sowdB9CykuFKPWHhpreObhbyVyog8jBw%3D%3D
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fZFLb8IwEIT%2FirV3YucFyCIgWlS1ElURSXvopXKdpVgKdup1UH9%2Bw0ulF47WzO7nnZnMfnYN26Mn42wBcSSAodWuNvargNfqYTCG2XRCatckrZx3YWvX%2BN0hBdYPWpInpYDOW%2BkUGZJW7ZBk0LKcPy9lEgnZehecdg2wORH60KPunaVuh75EvzcaX9fLArYhtJLzGvfYuDZqnFbN1lHgBwawRQ81VoXjRw9e6s0HKfRCZGpu6pb3qI1pkB%2FYCV9jbTzqwMvyBdiD8xqPJxSwUQ0hsKdFAR91tslqkY2Ho%2BEmT3SaZtlnqrM8jzGt42HW22iliMwe%2FwaJOnyyFJQNBSQiiQciH4hRJUYyFlLEUZbm78BW59PvjD1Feiunz5OJ5GNVrQarl7IC9nappjfAuQh5pPvrBm4vVpfYYXoz5Am%2F3j89P%2F%2F3Pv0F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: http://develop.localhost/saml
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: http://develop.localhost/saml, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'http://develop.localhost/saml' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:10:02,712 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:10:02,713 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-05-07 07:10:02,713 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-05-07 07:10:02,713 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID http://develop.localhost/saml
2021-05-07 07:10:02,713 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:10:02,713 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:10:02,713 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://develop.localhost/saml using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:10:02,713 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:10:02,714 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:10:02,714 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:10:02,714 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:10:02,714 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:10:02,714 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:10:02,714 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:10:02,714 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://develop.localhost/saml
2021-05-07 07:10:02,714 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:10:02,714 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:10:02,714 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:10:02,714 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:10:02,718 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:10:02,718 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:10:02.718Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:10:02,718 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:10:02,718 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:10:02,719 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:10:02,904 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'develop.localhost'
2021-05-07 07:10:02,904 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:10:02,904 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:10:03,731 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-05-07 07:10:03,731 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:10:03,731 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:10:03,732 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://develop.localhost/saml"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_6b97f700bc987613cd93b0f605343309"
    IsPassive="false" IssueInstant="2021-05-07T07:10:03.272Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://develop.localhost/saml</saml2:Issuer>
</saml2p:AuthnRequest>

2021-05-07 07:10:03,732 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:10:03,732 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:10:03,732 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:10:03,732 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:10:03,732 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:10:03,732 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:10:03,732 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:10:03,732 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://develop.localhost/saml
2021-05-07 07:10:03,733 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:03,733 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:10:03,733 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:10:03,733 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:10:03,733 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:10:03,733 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_6b97f700bc987613cd93b0f605343309', issue instant '2021-05-07T07:10:03.272Z', entityID 'http://develop.localhost/saml'
2021-05-07 07:10:03,733 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:10:03,733 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fZHNbsIwEIRfxdo7sUkKAYuAaBFqpVYgEnropTLOUiwFO%2FU6qI%2Ff8KfSC0drZvfzzowmP%2FuKHdCTcTaDbiSAodWuNPYrg3Ux7wxgMh6R2ldxLadN2NkVfjdIgbWDluRZyaDxVjpFhqRVeyQZtMynb68yjoSsvQtOuwrYlAh9aFFPzlKzR5%2BjPxiN69VrBrsQasl5iQesXB1VTqtq5yjwIwPYrIUaq8Lpo0cvteajFFohMiU3Zc1b1NZUyI%2FsmK%2BwNB514Hm%2BADZ3XuPphAy2qiIE9jLL4LO%2FGabbVIiNHg7SfjfR5TDZiG1f9JKHJBHD1kZLRWQO%2BDdI1OCLpaBsyCAWcbcjeh2RFiKVXSFFEsVp%2FAFseTn90dhzpPdy2pxNJJ%2BLYtlZLvIC2Pu1mtYAlyLkie5vG7i%2FWF1jh%2FHdkEf8dv%2F48vzf%2B%2FgX&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=JfWzSw0eC314V1qE234xW3IoHRcTZ5d2y1loGrW4d3mpGTsyyoR1o%2BOl7XCGhx81W3mLCC0zHNKKoTLLjY192YcQPcEOD4821ANiAyCmQ3sTdO7nHmPLHEADsdbWRL2oGeRAtvv30k8%2BBe9XKmMsW3ZtOrDIU5PlX%2B0OU2XjUNONGMthSA3WZ9wW8zbWAuMyBpLASf3Ebbxat1SYlfPHaty%2FHbX%2BWRXlGF5U60YQy7mYWxCj57CmfYqF7dmBIFQzQHEFNkvR3Ogn7w%2BJI73Vj9N4vxYHNosHnIO1WkD4iX4Y3Ld3e7eB0Bdn6LDE2PaFt16UmvNUEsPxC8k9U9INVQ%3D%3D
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fZHNbsIwEIRfxdo7sUkKAYuAaBFqpVYgEnropTLOUiwFO%2FU6qI%2Ff8KfSC0drZvfzzowmP%2FuKHdCTcTaDbiSAodWuNPYrg3Ux7wxgMh6R2ldxLadN2NkVfjdIgbWDluRZyaDxVjpFhqRVeyQZtMynb68yjoSsvQtOuwrYlAh9aFFPzlKzR5%2BjPxiN69VrBrsQasl5iQesXB1VTqtq5yjwIwPYrIUaq8Lpo0cvteajFFohMiU3Zc1b1NZUyI%2FsmK%2BwNB514Hm%2BADZ3XuPphAy2qiIE9jLL4LO%2FGabbVIiNHg7SfjfR5TDZiG1f9JKHJBHD1kZLRWQO%2BDdI1OCLpaBsyCAWcbcjeh2RFiKVXSFFEsVp%2FAFseTn90dhzpPdy2pxNJJ%2BLYtlZLvIC2Pu1mtYAlyLkie5vG7i%2FWF1jh%2FHdkEf8dv%2F48vzf%2B%2FgX&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: http://develop.localhost/saml
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: http://develop.localhost/saml, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'http://develop.localhost/saml' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID http://develop.localhost/saml
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:10:03,734 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://develop.localhost/saml using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:10:03,734 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:10:03,735 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:10:03,735 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:10:03,735 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:10:03,735 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:10:03,735 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:10:03,735 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:10:03,735 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://develop.localhost/saml
2021-05-07 07:10:03,735 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:10:03,735 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:10:03,735 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:10:03,735 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:10:03,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:10:03,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:10:03.736Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:10:03,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:10:03,736 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:10:03,736 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:10:03,737 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:10:03,737 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:10:03,737 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:03,737 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:10:03,737 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:10:03,737 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:10:03,737 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:10:03,918 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'develop.localhost'
2021-05-07 07:10:03,918 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:10:03,918 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:10:18,371 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-05-07 07:10:18,371 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-05-07 07:10:18,372 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:10:18,372 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1299095586::identifier=rick, context=org.apache.velocity.VelocityContext@213f6710]
2021-05-07 07:10:18,386 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1299095586::identifier=rick, context=org.apache.velocity.VelocityContext@213f6710]
2021-05-07 07:10:18,389 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:10:18,389 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:10:18,389 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:10:18,390 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:10:18,390 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:10:18,390 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:10:18,390 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-05-07 07:10:18,390 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484 for principal rick
2021-05-07 07:10:18,391 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: http://develop.localhost/saml
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: http://develop.localhost/saml
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:10:18,393 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:18,394 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:10:18,394 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5bd152f1'
2021-05-07 07:10:18,394 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:10:18,394 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://develop.localhost/saml'
2021-05-07 07:10:18,394 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://develop.localhost/saml'
2021-05-07 07:10:18,394 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://develop.localhost/saml'
2021-05-07 07:10:18,395 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:10:18,395 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:10:18,395 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:10:18,395 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:10:18,395 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-05-07 07:10:18,583 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'develop.localhost'
2021-05-07 07:10:18,583 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:10:18,583 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-05-07 07:10:18,583 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-05-07 07:10:18,583 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:10:18,583 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-05-07 07:10:26,825 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-05-07 07:10:26,825 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-05-07 07:10:26,826 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210507T071026Z|http://develop.localhost/saml|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://develop.localhost/saml'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:http://develop.localhost/saml, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1651907426834}'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:http://develop.localhost/saml'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:http://develop.localhost/saml]' as '["rick:http://develop.localhost/saml"]'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5bd152f1'
2021-05-07 07:10:26,834 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:10:26,834 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:10:26,835 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:10:26,835 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:10:26,835 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f4df5cbbf792d6a67b4ac46ef740ad44
2021-05-07 07:10:26,835 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f4df5cbbf792d6a67b4ac46ef740ad44 to Response _f649012f37e84c8e8db265c1b5293a3d
2021-05-07 07:10:26,835 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f4df5cbbf792d6a67b4ac46ef740ad44
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:10:26,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:10:26,836 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-05-07 07:10:26,836 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:10:26,836 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:10:26,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:10:26,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:10:26,836 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxVPQH947Xat5beCoGaKiy0uiWCxNjpTQtDe4gNmerJ8wOHmPadHD8XwVJu9xqMvBx8ZrN8Ks6fmqDeXjWACmjf3H+Z5Xx+7BYp6hzrLoJyRhNNAZakUehDeckdmILYFak with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 86.84.150.101
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _6b97f700bc987613cd93b0f605343309
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://develop.localhost/saml
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f4df5cbbf792d6a67b4ac46ef740ad44
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f4df5cbbf792d6a67b4ac46ef740ad44 did not already contain Conditions, one was added
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:15:26.834Z, to Assertion _f4df5cbbf792d6a67b4ac46ef740ad44
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f4df5cbbf792d6a67b4ac46ef740ad44 already contained Conditions, nothing was done
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f4df5cbbf792d6a67b4ac46ef740ad44 already contained Conditions, nothing was done
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://develop.localhost/saml as an Audience of the AudienceRestriction
2021-05-07 07:10:26,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f4df5cbbf792d6a67b4ac46ef740ad44
2021-05-07 07:10:26,838 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://develop.localhost/saml to existing session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:10:26,838 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://develop.localhost/saml in session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:10:26,838 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:10:26,838 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://develop.localhost/saml and key AAdzZWNyZXQxVPQH947Xat5beCoGaKiy0uiWCxNjpTQtDe4gNmerJ8wOHmPadHD8XwVJu9xqMvBx8ZrN8Ks6fmqDeXjWACmjf3H+Z5Xx+7BYp6hzrLoJyRhNNAZakUehDeckdmILYFak
2021-05-07 07:10:26,838 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:10:26,838 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:10:26,838 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f4df5cbbf792d6a67b4ac46ef740ad44"
2021-05-07 07:10:26,838 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f4df5cbbf792d6a67b4ac46ef740ad44 and Element was [saml2:Assertion: null]
2021-05-07 07:10:26,838 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f4df5cbbf792d6a67b4ac46ef740ad44"
2021-05-07 07:10:26,838 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f4df5cbbf792d6a67b4ac46ef740ad44 and Element was [saml2:Assertion: null]
2021-05-07 07:10:26,840 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f649012f37e84c8e8db265c1b5293a3d"
    InResponseTo="_6b97f700bc987613cd93b0f605343309"
    IssueInstant="2021-05-07T07:10:26.834Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f4df5cbbf792d6a67b4ac46ef740ad44"
        IssueInstant="2021-05-07T07:10:26.834Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_f4df5cbbf792d6a67b4ac46ef740ad44">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>sJdeh1JsZSI6UcV5IC9kuJBZe6OZwUcwNO9f0zujUIg=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>lea7FFhqc1qN0tzpXGUd2VFJe2HUPpGP2HTDSaqtkTmAPeyrEsDYzw06JN3kPuoAMQbmbEDkM/9/62p2qw9+GcvP78AMHsxvAKMvwW/4ssUyPgh4NKAdJU3aFWQZNWbfAl2zNrem41MCg1qhN9vAX0WGn9A6CupvHemRT/JdGIdbSH42BpNR4Zzm28v/oKN68RKZER6Zz8N7/DEvYloPoFzT8igEEvy2f6d0/0IHjo5QwSAU/6FkOuvDRl8lydeow/yRdwhVeB8x+0fhle9HKmzJjKVv4BNh/P3+BHL14VmLE5nTrZZpNvro3cAc6+sDSHTt63l8LroiW5x2oVpBcQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://develop.localhost/saml" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxVPQH947Xat5beCoGaKiy0uiWCxNjpTQtDe4gNmerJ8wOHmPadHD8XwVJu9xqMvBx8ZrN8Ks6fmqDeXjWACmjf3H+Z5Xx+7BYp6hzrLoJyRhNNAZakUehDeckdmILYFak</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="86.84.150.101"
                    InResponseTo="_6b97f700bc987613cd93b0f605343309"
                    NotOnOrAfter="2021-05-07T07:15:26.837Z" Recipient="http://develop.localhost/saml"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:10:26.834Z" NotOnOrAfter="2021-05-07T07:15:26.834Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://develop.localhost/saml</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:10:18.389Z" SessionIndex="_e6b160d21624b875241390f287bd5cd8">
            <saml2:SubjectLocality Address="86.84.150.101"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:10:26,851 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://develop.localhost/saml
2021-05-07 07:10:26,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://develop.localhost/saml
2021-05-07 07:10:26,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f649012f37e84c8e8db265c1b5293a3d"
2021-05-07 07:10:26,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f649012f37e84c8e8db265c1b5293a3d and Element was [saml2p:Response: null]
2021-05-07 07:10:26,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f649012f37e84c8e8db265c1b5293a3d"
2021-05-07 07:10:26,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f649012f37e84c8e8db265c1b5293a3d and Element was [saml2p:Response: null]
2021-05-07 07:10:26,853 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:10:26,853 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://develop.localhost/saml' with encoded value 'http&#x3a;&#x2f;&#x2f;develop.localhost&#x2f;saml'
2021-05-07 07:10:26,853 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:10:26,855 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://develop.localhost/saml"
    ID="_f649012f37e84c8e8db265c1b5293a3d"
    InResponseTo="_6b97f700bc987613cd93b0f605343309"
    IssueInstant="2021-05-07T07:10:26.834Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f649012f37e84c8e8db265c1b5293a3d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>tJESLPt3xsZFpvxkKBxvEMNnhEBhSKqpIOtEb8HveIk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>a3sFaH0j/f/bFkxPtLT+v66rmDnrCbEFwGqS2SyltdqwJL10jKq9w9RYvQ083HlQKInzIVd3oyPhGMDCOSL+Y9pxQsVZ/GUZoPCswK6JluS+NYKi0+xhOq3q8QcGOdTQCfJ+ebC9n79JDAibZVDUxcwQ8Ux+GRZg0N1aLsqDlkO1VYjlWIIvAJnrfou1Zwk725TddnPuI+2IUesNtP5VRW07RVhLNjgZXNrhQ9kCSg1r8va1ee3RMOOfcmzOh7hM/WXmjQNpujDWbRLXF4WG8rW2orUKHeYIpt/M8um7j2+3NpXlhkXd88uikN3iYq6Z/XKwH0Qy/UgnUpaqkR23/g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_4ecfa3d9970f454d1b336fd7d8a71f77"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ae36c0c298fa339d7c2eb1085a1d843b"
                    Recipient="http://develop.localhost/saml" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEPjCCAyagAwIBAgIJAPouL4ia+trIMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAk5MMRUw
EwYDVQQIEwxadWlkLUhvbGxhbmQxEjAQBgNVBAcTCVJvdHRlcmRhbTEaMBgGA1UEChMRQSBOZXcg
U3ByaW5nIEIuVi4xGzAZBgNVBAMTEnd3dy5hbmV3c3ByaW5nLmNvbTAgFw0xNDA0MDMxNDE5NDFa
GA8yMDY0MDMyMTE0MTk0MVowcTELMAkGA1UEBhMCTkwxFTATBgNVBAgTDFp1aWQtSG9sbGFuZDES
MBAGA1UEBxMJUm90dGVyZGFtMRowGAYDVQQKExFBIE5ldyBTcHJpbmcgQi5WLjEbMBkGA1UEAxMS
d3d3LmFuZXdzcHJpbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH1+d9S1
MNRLP5QTfWIMRSJD3BFxalwkgfH3mIu0uiowN/LRv4ZOU3vXbizu85/IPvMNpWQ/ICdBSI4Bono9
u5a0WRFDaL88+D34Mcdc0wkymSBLwfGEB6QBefQh2EYntLWiDOK76MAdld4ZYqLfkGUWiT6/meFV
5uJcxE01tJk7Vc3nnn1nTLBa/2xFsdtd4XU0p9DvCIXhzmRx2MnODtX/kfk8TYJkzLnqo8+NIlSa
4TgDAf2wxUP8B1BH5AxnT1txkVCaNFF2lEZ3NTe3dDCB7M7M2ZTnf+lWUls+mbVx1SX8dUx+kRsA
+GonnV0DHLPZyx8y9iA9NbhWWjoJYwIDAQABo4HWMIHTMB0GA1UdDgQWBBSCdoaQ6tHW68camO4n
ex5nx64KFjCBowYDVR0jBIGbMIGYgBSCdoaQ6tHW68camO4nex5nx64KFqF1pHMwcTELMAkGA1UE
BhMCTkwxFTATBgNVBAgTDFp1aWQtSG9sbGFuZDESMBAGA1UEBxMJUm90dGVyZGFtMRowGAYDVQQK
ExFBIE5ldyBTcHJpbmcgQi5WLjEbMBkGA1UEAxMSd3d3LmFuZXdzcHJpbmcuY29tggkA+i4viJr6
2sgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAQ+ihJuNbrx64Bj8NKRi9naXsL7z7
wkXqlvClLWTXxfK5RGtQSI9El/4FEj8J3DkP7T0uJ9cEsc9On9rtKerrc86km3mFoCRpCCjmk52N
1BBJQx22Bdm6zGYx1q2qDc10RT1ETGkDFCtqbsuJ8wo9Hwn8QvKS+4a4+fxLjdFzhV2NhK1LqkZP
BigZ93E0TMUaEzy+v70K3tHu493kYrTw2PF6ZRXRRFAuT408gHDJDYiEf1097Il860hOv8SDubXV
GPsVHbZVCPdutGiJmNoJBn8VTPNFb3aXe/Ar783M8aMCAJ5NSPVk9oKHbMUPc4mZQVgi6vRtCU2Y
y1z1QoSNlw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>V2fFno4pExUIdT8XwuRweh3UgfyU8bOevSl426axNUHI+hJnFoYji7p9rB7v2zSVl+NFqPg6ckAWfwzbXxm4usTq53BzrDxHVhg3TU/nPVMQKyh3QfBP8gyNGVg1DvFVodbKmvID2mEDIYVtGdmdvmWVsz/HU6WsRTl+XVths1RiQCT4L2LfQTCTPJxBEHgo+JZrN0FPi9QItj6f3VMX/Wm37DLS9cRVITrh7E1mhUpdrD1STxVGuqWl3DurUVz4ChY1hGCFAwVOJkudOKv9KM1Ob9D51atgy6lFnKfR4vebWmsabCQelEj91WxVGphmRI7Lg+S0iJ0AKq/pbTZC9Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>CVej0V71yATHmukymen6Zhc1e3nBtxGBXIqktrUX8SrzTe0v+dC7aBxAyzhC78VVGzX48heI5xdhyLgoUBHD9+9nmMWZomGTVKIoTCiC2E1v/8v/v443DUEQaHbR5GBQUCQAno4Rw4MzNIyT6DoUrMu/dE0e0bIECXEl6zG6VJyCbKhAAOR4KFvNHNKqgtHcpcL/W14GzzEyYQTGXWY4px+NGmtzhvXsqM+LfiYiF8oKsoABaFitsSxJWPAs12POjqz+xuCioXjQzJvH5gUaT8dhLT1eWCNg76aJmHOxfrjNpvYR6LD8jsAaQnI4EOU95GbjsFySrDdXi1nR2Bmld4ej9e4FqUVCm2wTHZnAKU0g9BAe7dzh8IvyUZ5U5IIWpw1f8k/u3/gWsutYs9pIIKdkWgqiuNe8VKHalcxOU9NJFNMiY1+yDR1xLh+bNFa90yNWgvFweBpJvYQ1/wvnS2Hh7u5LE4rG5XjaLXKjGTVFSHTUH/Mm7DkiepZYzRKDKe2YGo6Al1eb/sXudKAzeAl631FY8KLRXNDhd8HmxMA5VCibbyr70SiFmxFYIOzTMH65SLWSXqdESu9jKuypmX6jdqhNm4YhrWA2kIvMVDJEg9ZvRD3qB+1exTurDLx/F//hccwGygLdYhB1XQCoy5DvvmvYbLhY2AHsT9t22Ws+7vi3ZItG1hQSn0p5tXj/XSm9U2ZwODaDSLuz1ENrBFao8AZCV3sKE7ty1kThCnuqvRZJaayZ3fmI96VBjT9e2R5n9ExuO3V76cJRmo5b7DDky03k+dm2jEaDa+hpQv0qhjU9NO2SWMBUrrwqlUhrOhV9q1xTjhglkGPz+KhIlqw/J4ll34/FJSlhLOMYTT+z6DDMMLpMJI42xseYnhUMgDiUVn0IJ+3pKZxbshcEMrL5GSfcPi4Y1WZ0nGaeSor+RyYaoul5ANdYYErqiBGbnX2rnfmhqR/770w3utjeKGj6nmfFk/4NifQY3/CQs7USi4W56ypo4f2+vepQfh0FfXQgfFiwYTaWLjXSWONmjik2GuBqw8DcvfJPbNS3njnCIg3GORggNrzlGYXY3tkQPRl+c38tScNNXI84K1UQTcinsWV+9IlMWjHIBU8QE26HXANtN8l1TRPDOKsGXPyhFOLRbARjBuUrPOtH8ZZNgxij3qpNlTuew2a2jVkIKJPlI0NihGF88HJbgFmmAnJQIj4kv7fVqpryg1X8lsjbVrC64UQbKfU4FRRurm20oEcSbjGNRKGw3lRIOIPq1qXlFzcWNzIjXGEK8eAO1aefGnCedIt2hEykAtXpppYYGPvj5De6bwC35BL0b11MJmIFenibgcmhNEfaqK5hQxMqj/3aiMYHtwsqhJaVFGAGD83fj1hXnHZY09gcwbuQ5LMEc6ME2QpBWWyX6dDamP2XhhLQNzSDcWB0tsghI1PkbNZjEGAyeV70mu3eAFtPbz75JD3iUBRTWwImV35Bwu7Xft3hOSSMBr7d3wsZVJqEpAfvlGDRwoUXi6gC4Glsu5m6yxyXZJLdzah2Q+fDIKxt5ot9llCq8UyOD/eKOGP6IdymFM8S/oVKT4sggFIDqqBlpQtIMJRcPtwByBxpvIFglD94ALwDCFYzw9ExpC99Ho9nFIWzBRSH005PMuCF3DmKZoxdZCjUWQuE9QbdxTl+a9/YMh1p2L9EfchOTV/Yt0tYwk8LPntzq75s1Uz9662y/eY9S8bFC9hRWNFKAdMrp8Ny+IjuLY3AilGBdUsx1Bp3coloq9tcwVjUiJfioxjWwWxKih9ur5WJHBWgb7Lp9coDfSwLCDWk/hD4oUjWOTib9XJeWJTBFKjcUsyWAtf7XK/jQCPXVrxecAw3JBlHw8Ai0axfIrv52W3+WdGYZPWhAQi+FYCFPcX2WOx7t6/qD1gDJ8QF5YMATtyl79raSwJ+GXE5sB11rPpHw0IIRXZZ/SoFVfgimt78bfOml2GrMzu1b3Y5vjJDEfiklpVL2dL82hFTFgUA3eSuGnx6cF7i74Gy+15HI5Khi55whh9Hx1jt4GAcxFv1qCH44Yc1taYZesoWPmAjMg9CFADfDbtfNeroToXQPCz+w4BZvkGHaBwNEGq4LScEmdoinzinlu5wfX0N6qOOaFQElKzRl7iPhmu9VFAmmd7PALryByYJwAkHFq4FBUi4lJb8Ip815P+RRMHRUBIwkc2+huwJcgN8iQtd19DTw6UpHMIIcjLzXD0twen6mK0rrkvy5roIGWGRArBAsGLv4rEagDOLryrzIb1z4V7eD7kHtQKABbX7CG9AkKzVA0OAz2tKnJtZxubh9TrBCSviN98nbhOPNHoM/oH0qSct+jwN70HdIhIQsg2aNHUogqlxrm4/pFJQa9/Ecpt12jUdyuQ0s+FsOooXVtNHVKYsdo3DJ9AJC65EgEOj8Jbo0SnGvM6yZUIt83ahfYAUFezc62mHU44b6ls4M5TxFWtXCxnNWQMKsMlIMbrj6Ync9fNnoWeRBa4mmI+Y/9yVChJ638mcdHYVb98xUs0eqByw9ejTFhm5Yg8zxPF6vLGO7+TF0Mj+kVcZ8kvO8o/BHiOPllJifN/usjCDKyTiBd3000BgmhpIpb68n8+f/m3yZx08NY2F1zRhtDF5l2rWWYO4vAY/x6242wTNUQ4/N1eFX0YcBmIwBinOcUu6w6VfcXradI6SMzz6+QB3uF2RgyOcnAoAO/Pml9cB+5vr+NdHtxI5gqFbS3dv7StSYELUPvrCD61uHU2qdnpQwDz7c2Sc+tl7EZ/WCZhiZoE1M+xDMy+A5jzLI+ZACviCdOXOscVR63dc/46sPNgIYQnfiuymGBXej41VPiUR4JLCERScrrgRLxGnS4AUrdZ0ZItVmP+huHy5uqtSXKhyNYKDZOp3gqXu2Ry2cEFOejCTAH4CmUJ/Y4xtgAJlxZj8q3Mgr0Faqn97QCSchBGiQ7RXfI/cV3JqX4cRnimBrVWDD91WFWCPI8EI31GzmBQfysatePQyztHZ0xzfTbAlkXYrR5R9VacZ9ycx0Sb9x0stnMCuQ/hJPSBrqunY2WuaZOioc6YqAszeIc3KWB5txQL/KH1RXNPKubnbZk411RVtAGRBQQIMSiuByqUNdc51ctdBfWksH3oDVhmyq9qL4kEXeEchXbEeoLKyYNJHRqYwrYyzo3AmTcajGpqQlRrXjNXcQJYgM9JUFf5HZLvVI4VO55mjb2mxYz6QmWPw5siyfgogy8fSmm7WB2X0TuGSB0ptlimwKJNA5twz013njgWFPO4ey63zrVKEaYfhDD7ruqr5ZsYSINzZAZooKmh87vE2rGwR8pKBS+adl81oelXeT2IBWRxvADUHe/sTvUs5gqRz3D08HI2neqMs1LHA/JKPDDcq4VX9Ccg0j9PU2Q8pVGNASPVBZRSFiHIQhbCsQpHKrEhAKqTY41jd0GD3cewR8gMnOUiS16w/HABtLg0jStL5f7oTXqvsCxZO8Jv6E8PrEWY3RnXudewjrEVcviZHivNAuLFCocCweaHFI1brM37G/YZMdEwRpNeA3kJtUZVgmcNr31Gm2C+9t1m2wYNjz9og/Jey7hrTtXKbvTqX39XsbCGX+ZAUeicrCv4z1D0J3AVOV1IXyqbkCH6OP6pGqA1K5qkPQ9SBBl1OD963ufSMnIfK2VI3iofv1jKSI2aSwTbxv79XlHOE4pe2Xe0/rIZrOn8bb1o5gnGbRlRDmx2I0hcmKnfRT6H4GYLrn8c3U3APv8e/zggl/ySLZtb8XrEK7wZzRPxJER5fZV2o27BL0OJ4EM7dZ8EJ5DIjUiCD5BbJqWClvKt8VD971tLjvA7kLA5HIyAKCgQVkUeE3pgtPosQYnS48U2BFvILg/OBzpDh3QdbsfXy1Wn/UhPnF0ovE5Dn7L75UswjkeyBVEBAy6KY6EBAr7Tfqy6tMIyvsQ7fKHOrmBHaSJuL+jiilUTjVj/KmMyIVObvUJL8GFki9WUTd7wO1qLRIFGK++8TH6fL3r1pXSgbfO6n7bte47pgmfhn393bU2z7zLqqqGxn+5c0pQB19uzc1lQhPE3bQBAINSv2OoKofs0r0yYKsUn//5s5lXtSHXzBTOrtTzcJgtQ6e07gbixoGcZzjoMxTLp0bZilyQwTH2Lxn3KpVC22ul1yf2HZBi2corOGM8AkqlaBRxiQJ6KA2asAhMAwHcN1BYR6kU6CSPD46dLzBefRbdM6uUdmCWxvKlnrTd4BtfmIDzawNNxno9j6XDo4ki/ZlFFmov3vqxUyFYIT07O3Kw7LOVUPBzs+ANA+5dsrd+S1U6McrgXIuJyFSicHVdUCSDP+SgC5F0SQUw+/MQwHmbvk+1N4xYRXQ3Q1DuPZXCyAozYY4V1N3L8f7FQa3h/czfXwIWIa0xchI+SY1id/xyPlcGJcuBbDUfk3z3obCPMszl73SlBhdAJFdIhkrLpI1OHLwfhh+8A05u9Uf4KCnyunOxnSyOcWXekmkdhUtswUn4ainK6ZQfp6WWvBSq9yuBv89YigKpV9lWwUn2K0u+a/DmWAQTWLNbdKB97SNY259/OUDKRSc1s9YKmtHzivhsKjjfP+Fzimqi6XpBVBIbCnBpNkkmfAzqv1vhzVV15hsOnWLymR+sIFjK25l16J+nhBoj/AQJ0hwEZ5vvctOOTrmmv8AfilLBpO1eATdRXBU8hwYFFwM2+91NZOlKpbemhLut0ZBEZ1/HcaPaY/IKO8HAmJjBeBEZHqcIbgy1nC7ZhTzHb30amQcsDOjsxsbcJ11qgeY+dSGb+V2YkDo9VD2FLNOw5QiD4nCJgGDxClckJaXydPYshDkXeW1rCeH2wKk59EmqTxlWbUicRWvzFlV5Tr6SmFXXx7zkv0IiRoCQTIb1sisQtU/CgMZt6m2UyX0rQyz3z3gUFOmk57F7MyrXM3IXZBVQdb5pZOtBX4ln5TkdSKPQrqD3aF9oF+taL0L6anefwuP77QaiJAAq7tksT0dymJxZI3t53I+W55gBkbn/7P32oeuzsLjdSF2knNZDF9htz2nGQ5zgHEf1/Q/NfgU9Z6BFf65eXhFGNNor1D320YFnA3K0eZFzzRaOhJGpYvezA4aohXZ/aLFjMQfd2GaoVG87J7nGVIaT7EblaNgAsHiAC4cp095biIhS1UqNj44kfjMoa2+Mg17GtWAfatFvo99aIrjMRPJDUx5xvCv0OhRm1/VSLLpx4AzxJV7v0zGltDwic41E4vGqjBxXIOzmX2iRbjSt+1nxql6FohrRjm1kzbm07QtqbwB6KWU3P72gU+Vm+/gLHuhZ/cQDJ9PCkHovecY/XgLzn/SHAA42eWPJOZH2EqgNjE7iE64Hqe80o3lkoPhOkkcpQ67mDK1Epxl0HCqEQnrsZDpHRYiI0EkOdq21HOqmXTAuntCDr9WVMeNNTOejh8JTZCsnUh2JTnDyy2gEGaYAFLFYfMSU6rVNR496pOcTTG9wgOVMjAdzaSGInvfZPDtxTcQnXn9CCyInYWaNrhNFfvyv586lq+9HD77aAwELmY45iea1GZaSBm5eEuIJ+MwyEBw58OEZKpd8Z5JSkS3hAbGBt7t/o1vig3RZ+pwiq/duR84ij8QjJxvbuP5jGZ4ZbIWMtPsoKrUyUgzXlRm+urnzNCbKCRjhTDQlvO5Wriloou35bTMev69oKxFReVH4ndUNCVtclgeIdGX9nU1NqZM3L4xF45llRie4VGN98aQZkA3pRfNl1Bu7oifjcX69VVsLQo+2RAC2cV9LfsVmUzBHf6O2TtBYsy+6qf9iS3aqBgyTE9pfgE3UdS04jkbr0I78lMe+677zagV3PC0ZXvjmHov/KJWrN7e/KGdemDTSG12aVtfDW2c1PO9rM/r50Mmo75DM+r5u6RONsOWe2kufoedEIyjMAa4c0z7ya4FoenGRGLdB4QgN/Gff62LUWuG3gp1uPuNyYzrbXCP7/2pQbS1vhA6yJ3xKFhq6AlxMk23olj4Zn643xyMOecIAk1nfoLf04kvF2Qs84uwdFvvKkz53tAKdQbQbEV+FAh5FMCQTRlKxMLktfQJdGYgsjY/FGmtiUXpJrrZkt5OpngJjCnDTnl4qRBUgAQXdQlDjEMrX2AL2ndBf9gWBmbERI1hbka0rwnGkFm38tTS2DNmMpAm6VHay4AcTilqEnZOr27wxmMhC0lzIC0CAH3B7jWEToWXg+WZO0cq31BDhVSPqXnJBL+AK8OD9sHDtfO7ecOYGLwk9OZL24cVB2pwwJTHPoG1aaFBrLp2bV5wgdkB8DPhGd3V7J3iCuRQkSrS28KMk+E27xSg3Iuwfu/Pp7lIyzpVyHH5dXuOozFiyf3z777RMH73v354RwuR0Ouu2T6u9Y6XFMl8DvY3q1eeZEiMq8Nbn9gz6fveMF7TYphS9ir501/FM5bXtS1kIJyd2MdxVkUoBec97F9l2KQ7iZrsm5q7oW4zQXUlDU8jY2xmvAR2n9wMQIQA+bOg8JW77JVGeBLPdQc6ZVk3pQcVkd5yTXItdLhsouqxBe9TTFOZ/Cq9c7KmyxYfZk1z+qnhoBCZhtTxMmlZAfIQZn85KjxOUw7fDC52Nn8AWprAWGDvh7gap2ZVBDx7VjT9uKzOx+juwUKau3iJHXjm/aSmLszilmFJlcJLaz1NwP4f62bwJIW5TuRunt/AoFVWGcSmkOs4aTOZi8CiabkkD9TdqkFMj6n19bErvtYJ1nIV8wXdsFL0LO4iVo3QI0Pz2EL4fkdZlbooyMAtMK2SDpOLZtfduP8TnF2raXRCxJp0XALfWGRuQbVb9DeAOOas3wKP18RdSEOlLPrHhrZkwUSaxjxOgwCDTFmKvq1EkWIpZrW5dbGcrcZl65i7fZNxzPMYrWQxBZ94wzjLxUjaGg1fj8OWfoluFLaT+pFROfnkSSf5ydwqmIBbSzA2QaDlem0PmtDOrw2xnYhTVSkHq86JoRT3nQqg7blT/QA4AfusEDl3Vg0hjDr3orfwPPZC1c5+QmFSRhL/T9efJCFoak3AsFgSnX3VTLu1+aZepiSzV5z21GJawJU2VMXZJvAfEkF7RySeCdKB5JXqbyqZ4oCzK+nExFmaeaBtfgE3IrXq0CQHewF/dn1wU2tIzLuUeIAcpP1uJNBiDq1xHsdMPVQ0/GjsA0WYagJgfZiHiji13lt54Uh3eZMbUCOfh5FB+n7clTlmWPaQfOd0rQsKyyY9BBdTCqLG3da149KLbM7G+kWzXX/bKO8z1/98LcWqDcK+XhEvFic5NwDkXiZ1epqKi0SxunM6KaKI/5sJT6nRRR8QLZ8yP2C0WbMP25Uimpco1AmE99Bb0h/td/nEfHBsGfvmtwY7cDVS7UT7hJiCcpcUMPns4eCyRKLaC0QEvWwdeasFT8bUY7IyytmRjXTsDX2KvlNdM7bvkfQvgrjpNmIruPd6dcT2Ffr1auzApFhIf4FH6kqrpRkRSflc3DM9Hzt6hzcx/DPyIzSZhJc6eah2c7LN1ZLQXQAU9snhXA29M64kxj+C/sszR0rRPrFKHu0oHtJqaHQk6QLYsXguq2gvcvlqVcx9SnOb6BAl5mwE1Hwaupq2I7Ln1jhYU6b7sYnLiUT4mq6+hS78BIAl1LwGQNzUdNVuk3jMy6n+Cuihf3FOr25xUS0+hcU3xoo4YmN7DvNWb3zNwDL2IpB9ahXhRpr36ICTooyiPGwOUh1gJaMRkFDkb//GukPixs0+fUTN8DoW5GPdlL4176DVGYfb6nNORem5ovU1zxdTN92pZveciCSTxIOFDiCtYBXSZf746RLSWlw6TESiQOqIrokfWmlHb+qHiyR0ne8qEYPRB8xEX0AUHUVbgo0Mv1/BGjbLcMVobEXHpaztMzbzcqH7VUAGCZll1c2pQFMU6StWQ+U9/ADEgAarwvK3pDfFVrRG1VlGbf174g2JhJRMBwDM6EKwpWDV0xi9JQAz0BTRZYLtYfffx8sngE0DBKpYU8LQe41JmAfx84DEC5FglVLl9tThZUrypNElN+DcRHcsXj42J9j5MqPH9ME7ixJihHz9rOtOfuUb7Glu0xEgAu0Be63hM+X24HVbGJI9XUHHPLmCjtV965llnpnuXnyd/iBktoVsx31fhNDo7PBdY7FVeJMfXKSmADR1JmV6M5FeXkj4HbbJi+mZxKIDdFGeTShx1U2B7riSoVqmCvdswRq5jUL6ZPOBgiM9IIbWmJw7XGMvN65</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:10:26,855 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:10:26,855 - INFO [Shibboleth-Audit.SSO:?] - 20210507T071026Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_6b97f700bc987613cd93b0f605343309|http://develop.localhost/saml|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f649012f37e84c8e8db265c1b5293a3d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxVPQH947Xat5beCoGaKiy0uiWCxNjpTQtDe4gNmerJ8wOHmPadHD8XwVJu9xqMvBx8ZrN8Ks6fmqDeXjWACmjf3H+Z5Xx+7BYp6hzrLoJyRhNNAZakUehDeckdmILYFak|_f4df5cbbf792d6a67b4ac46ef740ad44|
2021-05-07 07:11:11,240 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-05-07 07:11:11,240 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:11:11,240 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:11:11,241 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://develop.localhost/saml"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_45a13e56e7cf16ca7ff7f05cd973e18e"
    IsPassive="false" IssueInstant="2021-05-07T07:11:10.778Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://develop.localhost/saml</saml2:Issuer>
</saml2p:AuthnRequest>

2021-05-07 07:11:11,246 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://develop.localhost/saml' from origin source
2021-05-07 07:11:11,246 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:11:11,246 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:11:11,246 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:11:11,246 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:11:11,246 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:11:11,246 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:11:11,246 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:11:11,246 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://develop.localhost/saml
2021-05-07 07:11:11,247 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:11:11,247 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:11:11,247 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:11:11,247 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:11:11,247 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:11:11,247 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_45a13e56e7cf16ca7ff7f05cd973e18e', issue instant '2021-05-07T07:11:10.778Z', entityID 'http://develop.localhost/saml'
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fZHNbsIwEIRfxdo7cRIKoRYB0SJUJCoQCT30UrnOplgKdup1UB%2B%2FCT8qvXC0ZnY%2F78x4%2BnOo2BEdaWtSiIIQGBplC22%2BUtjli94IppMxyUMV12LW%2BL3Z4neD5Fk7aEiclRQaZ4SVpEkYeUASXols9roScRCK2llvla2AzYjQ%2BRb1bA01B3QZuqNWuNuuUth7XwvOCzxiZeugskpWe0uedwxg8xaqjfSnj3Zeas2d5Fsh0AXXRc1bVKkr5B075lsstEPleZatgS2sU3g6IYVSVoTAlvMUPh4GMurjYIiJKqOhkklZJmU4UMVj0sdo1NloI4n0Ef8GiRpcGvLS%2BBTiMI564aAXJnmYiCgSURgkyegd2OZy%2BpM250jv5fR5NpF4yfNNb7POcmBv12paA1yKECe6u23g%2FmJ5jR0md0Me89v9k8vzf%2B%2BTXw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=Kt4R9PhEJdEDp8ozvPzJ9iYE2KMxSt%2Fwq6yov1LE0UEcsNkgcwukzP4UDQr5i35uSLjzzUDdCHpB6MqE69dsKVlqDGVotA%2FGH7tzHbhdjYkRlepb%2BTuwAY5R5c8zuzKkdy7dNIR2Bu%2BRH0IlPpjgbs6H4M1tZV0O6WsMo18aGVVzjfbbMeKDawiZ9u9z0G6yS8rWCWzTacS%2FrjmNZ9yrfK1JLnOVUEO5DMF04hxLUeebcXFqmnhj5466vNUIgx%2B6FEXOyhgloR7HXWvT94RxFwR8cV78LHEaascEqcXb5%2F6v0wYajWSxU6UQzfqZ5vTQELUu8bKb4TmbkKAUwqkClA%3D%3D
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fZHNbsIwEIRfxdo7cRIKoRYB0SJUJCoQCT30UrnOplgKdup1UB%2B%2FCT8qvXC0ZnY%2F78x4%2BnOo2BEdaWtSiIIQGBplC22%2BUtjli94IppMxyUMV12LW%2BL3Z4neD5Fk7aEiclRQaZ4SVpEkYeUASXols9roScRCK2llvla2AzYjQ%2BRb1bA01B3QZuqNWuNuuUth7XwvOCzxiZeugskpWe0uedwxg8xaqjfSnj3Zeas2d5Fsh0AXXRc1bVKkr5B075lsstEPleZatgS2sU3g6IYVSVoTAlvMUPh4GMurjYIiJKqOhkklZJmU4UMVj0sdo1NloI4n0Ef8GiRpcGvLS%2BBTiMI564aAXJnmYiCgSURgkyegd2OZy%2BpM250jv5fR5NpF4yfNNb7POcmBv12paA1yKECe6u23g%2FmJ5jR0md0Me89v9k8vzf%2B%2BTXw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: http://develop.localhost/saml
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: http://develop.localhost/saml, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'http://develop.localhost/saml' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-05-07 07:11:11,248 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID http://develop.localhost/saml
2021-05-07 07:11:11,249 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:11:11,249 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:11:11,250 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://develop.localhost/saml using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:11:11,250 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:11:11,250 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:11:11,250 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:11:11,250 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://develop.localhost/saml
2021-05-07 07:11:11,250 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:11:11,251 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:11:11,251 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:11:11,251 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:11:11,260 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:11:11,260 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:11:11.260Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:11:11,260 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:11:11,261 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:11:11,261 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:11:11,261 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484 to 2021-05-07T08:11:11.261Z
2021-05-07 07:11:11,261 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: No active authentication results, SSO will not be possible
2021-05-07 07:11:11,262 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:11:11,262 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:11:11,262 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:11:11,262 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:11:11,262 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:11:11,262 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:11:11,262 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:11:11,447 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'develop.localhost'
2021-05-07 07:11:11,447 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:11:11,447 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:11:20,214 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-05-07 07:11:20,214 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:11:20,214 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@877874388::identifier=rick, context=org.apache.velocity.VelocityContext@10bddfdc]
2021-05-07 07:11:20,223 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@877874388::identifier=rick, context=org.apache.velocity.VelocityContext@10bddfdc]
2021-05-07 07:11:20,224 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:11:20,224 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:11:20,224 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:11:20,225 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:11:20,225 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:11:20,225 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:11:20,225 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Adding new AuthenticationResult for flow authn/Password to existing session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:11:20,225 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:11:20,225 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://develop.localhost/saml in session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:11:20,225 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:11:20,226 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:11:20,226 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: http://develop.localhost/saml
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: http://develop.localhost/saml
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ffac124'
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://develop.localhost/saml'
2021-05-07 07:11:20,227 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@1080a6fe' with context 'intercept/attribute-release' and key 'rick:http://develop.localhost/saml'
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:http://develop.localhost/saml' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1651907426834' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ffac124'
2021-05-07 07:11:20,228 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:11:20,228 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:11:20,229 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:11:20,230 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a30bf3d2fcca27adae4ae87b559be9f0
2021-05-07 07:11:20,230 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a30bf3d2fcca27adae4ae87b559be9f0 to Response _83ef1b813135231ec92afebdb1d2825e
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a30bf3d2fcca27adae4ae87b559be9f0
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:11:20,230 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-05-07 07:11:20,231 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:11:20,231 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxvuJwkn6o3Q0jlT2pOcxiANmAR7lTmlJgp/E4lJuoKwU8r885SgGxZ1R7HxIGo9oD16ZrNB0CgES7fZAkl24A3BZnUhDkgg5unseH6SHBpWHh4OXfQ2Q5hTdGZYSuGe1+ with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 86.84.150.101
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _45a13e56e7cf16ca7ff7f05cd973e18e
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://develop.localhost/saml
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a30bf3d2fcca27adae4ae87b559be9f0
2021-05-07 07:11:20,231 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a30bf3d2fcca27adae4ae87b559be9f0 did not already contain Conditions, one was added
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:16:20.228Z, to Assertion _a30bf3d2fcca27adae4ae87b559be9f0
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a30bf3d2fcca27adae4ae87b559be9f0 already contained Conditions, nothing was done
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a30bf3d2fcca27adae4ae87b559be9f0 already contained Conditions, nothing was done
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://develop.localhost/saml as an Audience of the AudienceRestriction
2021-05-07 07:11:20,232 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a30bf3d2fcca27adae4ae87b559be9f0
2021-05-07 07:11:20,233 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://develop.localhost/saml to existing session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:11:20,233 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://develop.localhost/saml in session 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484
2021-05-07 07:11:20,233 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:11:20,233 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 4ff210d2277220967d9df7b3e974932bd851b7285b3c8c99a7a9797f18e6c484: replaced old SPSession for service http://develop.localhost/saml
2021-05-07 07:11:20,233 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://develop.localhost/saml and key AAdzZWNyZXQxVPQH947Xat5beCoGaKiy0uiWCxNjpTQtDe4gNmerJ8wOHmPadHD8XwVJu9xqMvBx8ZrN8Ks6fmqDeXjWACmjf3H+Z5Xx+7BYp6hzrLoJyRhNNAZakUehDeckdmILYFak
2021-05-07 07:11:20,233 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://develop.localhost/saml and key AAdzZWNyZXQxvuJwkn6o3Q0jlT2pOcxiANmAR7lTmlJgp/E4lJuoKwU8r885SgGxZ1R7HxIGo9oD16ZrNB0CgES7fZAkl24A3BZnUhDkgg5unseH6SHBpWHh4OXfQ2Q5hTdGZYSuGe1+
2021-05-07 07:11:20,233 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://develop.localhost/saml was replaced
2021-05-07 07:11:20,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:11:20,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:11:20,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a30bf3d2fcca27adae4ae87b559be9f0"
2021-05-07 07:11:20,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a30bf3d2fcca27adae4ae87b559be9f0 and Element was [saml2:Assertion: null]
2021-05-07 07:11:20,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a30bf3d2fcca27adae4ae87b559be9f0"
2021-05-07 07:11:20,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a30bf3d2fcca27adae4ae87b559be9f0 and Element was [saml2:Assertion: null]
2021-05-07 07:11:20,236 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_83ef1b813135231ec92afebdb1d2825e"
    InResponseTo="_45a13e56e7cf16ca7ff7f05cd973e18e"
    IssueInstant="2021-05-07T07:11:20.228Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a30bf3d2fcca27adae4ae87b559be9f0"
        IssueInstant="2021-05-07T07:11:20.228Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_a30bf3d2fcca27adae4ae87b559be9f0">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>2gZj5fGBlWeM2ypRCMtEU2CiA4ExnKftVC4fig50aEU=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>BdUWQNYYz9xzcJaxBiLjSieErBMZArEZUuOwKV5jq/itSOyI51VC3odxcXRdQZcyydi9nZDweNaFr+csm3wI1/RRZIE33MO6gT1ZL14Bu/4NT2eIt1oLwHSKizuEEx5aGn+tOLFVMrYT3jllp9dOVmSAsB/xIZ14zIMaBy39cQuAjZJDorQ2ZishleMneJYuchGMRZNvTJhnfU9XUT0iIgYFQLsLtbrsfTuz4uftdlD/31kiANzVwooIRe/j9/BBCOJTmqIM/TClmTot3VD3bblUUGRxlOEEsElv05zmrr3gGudmqnFm3lLR4H1OMA3w282YaWbPnbA/S2fTLj0nFA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://develop.localhost/saml" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxvuJwkn6o3Q0jlT2pOcxiANmAR7lTmlJgp/E4lJuoKwU8r885SgGxZ1R7HxIGo9oD16ZrNB0CgES7fZAkl24A3BZnUhDkgg5unseH6SHBpWHh4OXfQ2Q5hTdGZYSuGe1+</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="86.84.150.101"
                    InResponseTo="_45a13e56e7cf16ca7ff7f05cd973e18e"
                    NotOnOrAfter="2021-05-07T07:16:20.231Z" Recipient="http://develop.localhost/saml"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:11:20.228Z" NotOnOrAfter="2021-05-07T07:16:20.228Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://develop.localhost/saml</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:11:20.224Z" SessionIndex="_00d4d5924fde364fbe0b69e2756510a6">
            <saml2:SubjectLocality Address="86.84.150.101"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:11:20,237 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://develop.localhost/saml
2021-05-07 07:11:20,237 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://develop.localhost/saml
2021-05-07 07:11:20,237 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_83ef1b813135231ec92afebdb1d2825e"
2021-05-07 07:11:20,237 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _83ef1b813135231ec92afebdb1d2825e and Element was [saml2p:Response: null]
2021-05-07 07:11:20,237 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_83ef1b813135231ec92afebdb1d2825e"
2021-05-07 07:11:20,237 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _83ef1b813135231ec92afebdb1d2825e and Element was [saml2p:Response: null]
2021-05-07 07:11:20,239 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:11:20,239 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://develop.localhost/saml' with encoded value 'http&#x3a;&#x2f;&#x2f;develop.localhost&#x2f;saml'
2021-05-07 07:11:20,239 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:11:20,240 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://develop.localhost/saml"
    ID="_83ef1b813135231ec92afebdb1d2825e"
    InResponseTo="_45a13e56e7cf16ca7ff7f05cd973e18e"
    IssueInstant="2021-05-07T07:11:20.228Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_83ef1b813135231ec92afebdb1d2825e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>kNIGXS1ZfJ5dzXeChBsdK8Sp4yLZpJ2eEzEFF1FwcqI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>H3c+gL2AgYMUi31nFNtacEsrXetGCsqjzipJ/uLr+7KFPyWn6KNJODjylQYZ3sTK5hJXRFsR695mXfC2/S1uYTSRw77HQPoidg+ojcXG8a9peTSVvydJknpa8Xb3DgWAe5E7AOvEWaJEPhsvTYl39cIMBsQG9IFSxmD4iLeVVr9Fd7TWTmr9Knau/nFn9nlOlZ4s20P7oyNMAPUKCWGXXhSFu5KbEFcUaRuxlP4UxZkGuDbMEQ2MgVTXhD7+UfvU1UbIL+0whA9eC9ppo7J/fi9tdzIYX/2WZvU9xwHHlUAUQ/PxlJwdLS+keg4u5S/NEoWpJaalHQDS1AKUK/ad1A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8769878c72286caeaa46d7d4bd3fb953"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_594ff688ea12def1df05abb45c443351"
                    Recipient="http://develop.localhost/saml" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEPjCCAyagAwIBAgIJAPouL4ia+trIMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAk5MMRUw
EwYDVQQIEwxadWlkLUhvbGxhbmQxEjAQBgNVBAcTCVJvdHRlcmRhbTEaMBgGA1UEChMRQSBOZXcg
U3ByaW5nIEIuVi4xGzAZBgNVBAMTEnd3dy5hbmV3c3ByaW5nLmNvbTAgFw0xNDA0MDMxNDE5NDFa
GA8yMDY0MDMyMTE0MTk0MVowcTELMAkGA1UEBhMCTkwxFTATBgNVBAgTDFp1aWQtSG9sbGFuZDES
MBAGA1UEBxMJUm90dGVyZGFtMRowGAYDVQQKExFBIE5ldyBTcHJpbmcgQi5WLjEbMBkGA1UEAxMS
d3d3LmFuZXdzcHJpbmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH1+d9S1
MNRLP5QTfWIMRSJD3BFxalwkgfH3mIu0uiowN/LRv4ZOU3vXbizu85/IPvMNpWQ/ICdBSI4Bono9
u5a0WRFDaL88+D34Mcdc0wkymSBLwfGEB6QBefQh2EYntLWiDOK76MAdld4ZYqLfkGUWiT6/meFV
5uJcxE01tJk7Vc3nnn1nTLBa/2xFsdtd4XU0p9DvCIXhzmRx2MnODtX/kfk8TYJkzLnqo8+NIlSa
4TgDAf2wxUP8B1BH5AxnT1txkVCaNFF2lEZ3NTe3dDCB7M7M2ZTnf+lWUls+mbVx1SX8dUx+kRsA
+GonnV0DHLPZyx8y9iA9NbhWWjoJYwIDAQABo4HWMIHTMB0GA1UdDgQWBBSCdoaQ6tHW68camO4n
ex5nx64KFjCBowYDVR0jBIGbMIGYgBSCdoaQ6tHW68camO4nex5nx64KFqF1pHMwcTELMAkGA1UE
BhMCTkwxFTATBgNVBAgTDFp1aWQtSG9sbGFuZDESMBAGA1UEBxMJUm90dGVyZGFtMRowGAYDVQQK
ExFBIE5ldyBTcHJpbmcgQi5WLjEbMBkGA1UEAxMSd3d3LmFuZXdzcHJpbmcuY29tggkA+i4viJr6
2sgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAQ+ihJuNbrx64Bj8NKRi9naXsL7z7
wkXqlvClLWTXxfK5RGtQSI9El/4FEj8J3DkP7T0uJ9cEsc9On9rtKerrc86km3mFoCRpCCjmk52N
1BBJQx22Bdm6zGYx1q2qDc10RT1ETGkDFCtqbsuJ8wo9Hwn8QvKS+4a4+fxLjdFzhV2NhK1LqkZP
BigZ93E0TMUaEzy+v70K3tHu493kYrTw2PF6ZRXRRFAuT408gHDJDYiEf1097Il860hOv8SDubXV
GPsVHbZVCPdutGiJmNoJBn8VTPNFb3aXe/Ar783M8aMCAJ5NSPVk9oKHbMUPc4mZQVgi6vRtCU2Y
y1z1QoSNlw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>KqlknSBOACzrvw0+f4QWvwBlFitb7UDnujbppNITSDEOs7sZvAHZ+3Y3tpNdotx/g7Tv4t+lmOcyjUMc0y+BIp3QXPBbWeupFLd07EFgRtZQKUfvHoQQEOWs89SGVZ7U1ZAAxWqRhzl0q2osAElq3Q35AaHkdN9ki04dpkSaU1llUM/IkWNdrdC2S5I0hrwIefZ3RxpTgq/8d8cLK1C6J3/REgrCsrr2tgnWyIb/idxO9z0spQ2cci5k4Kj+lfSvntCGPLIOypv5pT1lu+7kljl3O/SI3ZCzchTVgVOId6hW8dEeC0ehFmvvhZLW2Y3Uv1sW8lxQjCrf6iMAYAip3g==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>66acU7CGGZ1kn8PktTJiGEMStD1iU1QM4thbK0VccFiba1lsN0OdDMaO5hmnBnI4NpkRgKVNmWXP77t3SI7rQ9zzM7Ua2Nnz7Wa1uIakVBgqZcaQGHu3kC27EnwzIvSPAgN8LbbOhAtzK009aZMBKf+w4a0voYM4xuD9z/qW53DteBoaMlZlNiCMudoLmW07QfBqzv8xNjxVAsRGkSYodNdgxT+L9XizVIQIhT2RwdpzjUuDDZS1qnxplvFCN73GH8DGda2bXaiGpHQYWm/CpVv5m7qUFi3cQovKwXyyJn38IFnbtJDIuI0BjlvHwHzVqOn6RUMMj0Fy2xFviMeXJkgAN8BXdZyIASjJjq1mIOQZN/I0TX5Tr5KrpXLTPuQV2SiWvjeAHhWChsyRd21nQULe7flr6ozi3QUwt4clb/9jxbC/vB8FBJKBnWEDiV5hGGyz9fdoaQtjIRSgmCETC7hizDTRA+fnIzBbH30UsagEkqObZNGeGlosna7KF88vzTYAuvZihqfMO7xAV7m6IemWGK0fneTCATh3xhB25i90tsMs7gdA9stkTqoiE+ZOaQ1VlnU/C/H9qjBcz4NDKdyvUXtRZhDtOLh0gqi6MvOm4vrqHbBlrakhdTkoAfiOnExOEr7+lemyZ/ewMSLbKsmkpFDknl/1ZpnwLssZeueOKeUkIW8hLFVu/fpop5OPQzzBXlWOv2gMJSxZWf3WGiTuOtMgsYue3dMtjCvzxWtwgV6VINTbR7lVn7l9eNUCFov0OlqGvtk43i6ORE4CdbmSWVhL6qdXH+B2A9kJiqwQ6sRGubVOtgC7B9RKPDPsFah9Hlyrx3LN3wHjufes9sWxCPZLhf4S6s7TZzaY/u3JSDoHLC09Wc162uMxl/+/Fh13IauyUciubVbgPhebQ9PGANaXsIf4eAdU7yOJfICFgZZH3W2qihY/ur9RTbQENIPYrNiTStArCW3yIWEADGMWuApMf1jOlHAuBRa+aYLNVuVJjNp93wZvk4m/iIywKusypMlayqd7blQdept10o4D1dTRfZf5ntQ+7OxdzCe2eBb18MrhkdWZQ6EP3lJcAJtfB3SM2OtfEzrKM11NPH1cEUkwQ7gLn/nGrcbLf6r8Y9ufMjOQ8drDcQYaJdsT0/He0rLfSeY9A0UXFa2SgbQw0YknNzelphVah2e0SfgSv//Mof/nu4JnCUxQmbgDJ5TltHjKfGf7PinfI6ua3XK+NEmq9WP0bEhH65hsqlBRR0in39bYFhgSlp30NumnzvNkBk3SN8ChXQTxm3jKXZ0uteExRQdaancIhS3cKbKy/HVSn3kfXkjFv0h6TnwnkESuKTiEYGEBy5vP/NqG1kdYEeyLBnseH1iFeRcECd5wd1uCL7Z/pIRbshLRhBVJ7Pgw3G5D29r/a7hhbDjeyH8aGlOTpWhJIfNS5bPW1m3irzjlanxS1dViurQ4Rb+aDuqXt6S5mN75OKN6FVzMwXFcjbnLqNTY0lgV/6NsImH283OFcvg9d7DvLcApRqmKzTHZ6/5D6aB7gB7hZuaAHxa9cxY65ImkPBK8A6Zlm3CVNOyqlxgKRN714QhIeegaNfqr+erzGBguXd9S9ReQ5a17MkwHdRjHskqL07POnBF8DmuU/VK5310DbOPXylkTZv3aevN5pbmjTlo1+uyuhJ/4tDpeu0O08fPPnfZY1kIVvNyfr7gJJDtOp53yunhbzSZuTKao/GntFLl5NaFW5quDpVw/TwJ+Aa0tHLFKFcDsMASiuiwQ/1k0neA3u5QQyVBfopIKrY8ajHXN24qpOswTM1XJtJc5HsycxbMCj05MFsiv+eSdd9iRwPGvPvn41EQq3aKg0z1vuKQAtz9FLusU0DUn2uoHXi39Q2s+bDU0+T78k2fe5KEUdwqzqngweET0piqbZyyCGPzzD56XkhsnA7h0I6FKYplKGeZ0o0c0s0tmeiVLRW7I3SyxB7yTvyGtIVzCggwASLcPrehcVgV8RZp6B9XbqShEAUii83Wd9RjG8edUxQ59gw6l9m9x5qBJlT704oHpY3EtRGh24lLJheLlaFqvuvSeYTl8i1WX95NpbSgCkQMHnDJ+seK64LfRqenjHMqFwhRXM7NeEjkauJuKc9cAMh7RTz+a1pQHC8I2tEplFF+hh1Jv9a6QyNRVr2FitvEBjn1c+A9/1fdl661LDaukMwekLyrzzIfSreM6wMCRlfmjNUbkUKynqvLUlQzSRlfnrva593HIok3k5iwK/xjWSGqIqxwxDIM2rkTu8hHDPEAtLQksp2S3czwQDCsH9oACVokZzPHBLEeShPGbF1v2GRG1sL7RnRtt+NqXR4P/W8nNrOBBrtcoqe/xBCHkonc5Cs/LL/LSEEgyMP0uSNeL+xQcxC4zsHP/goPqem5TDMp+daGwYKlXs77BAbtb8mS84ekJTZOLNQKtL+jlvWh5sFxrsnitgKjR4amlBs30afZMoIH6FscZ6mXYSBuCcwiEs8U/j0r9+U33jF755YeZEj9f884WCs2bXKz36qu2soj3VvecFopHVfKtY5O8Q6nAyiO4I7usHl9U639rc/Rxhf5+p0zfE7bYQGJT3HN/zLDh/MOGTpQ/4b0jnmjp/1nE16w4rjkiiTi2BjysFKJQH+4Qp22uITeGCseqPWRl406AutwHNhpTQV/3aDWRd4wcVyx26kvCLh9H+1BzTLQI4kxCvWCZPCmuwRo+Jl9q8ATrY0MPwu8sPUwLXxvOv2iFsNZTixgeUq+x6W+L5crLsoNWTfLkssNnurW89CIO/iKc81apJlEeP5rQxgBkjRnvp4JXSU+KGi6me3xxN+4D4tUzZZ8KQ8JPQCaoiGeCyo4mK9g/GuVHJelrtTDBCSB5r8zFiMaDaQLNzezhxuX8yM/EWD7kWvbWM6llcQnnbL2btf/jgVzW189bi9SUcp/UzvN+YD3UPmm7FzhSZrJwHzZ/PuV11Xya5E0DAkkn2GBuD/e524/LK3GH0vxA/ydYz17/0pRnqz56ixMTD6V5PalkJH9i6cK/sLh8/4RHa1uXtvb27TweZUKtfkFyyM3mipHXHuGQiWf9zlFmo4lA0DsY9r1h6kqKJJ8c7CLq85HcyBbBHxvXhYAPKe9+YTlMQUdkt51t/Rk4Mp8lM+fuSWQ7/FEAoHDpGst1GeZUKYMYlWzKDroaP7lWyGUzA5dGUcK04/zbAdb2b/CZLJqDIFsbNkXOxWcJ4kST7vdRSFfUCzfc0HnJdzud4aCPGs8FTHx0d63ZEfEDKh40etLC7KB+8nihWeEsepd7MuPQ8ATwtVNDeGf5LwEhLe5uRQdSZ8exTVR9UeeG3v/af5DjtCGV2jKGEZA0CN0AHToMxbNJk+gC8xzKSNrBHcMfX1/DncYOGlOFKtq2qje/w7JNx4os10YFCsRFnOB+OOcjBJAF8ZhuzOc1DwVrnqiL+JbtslzmWkWcsjQRiq1lKdJjmiumA2HZjy4Rntsad4GMXUzg3CAx+ku9aR2fCAZ5CjsyRLvJPsrlEymMtuxWFQfjkoIXNNllIec79xJIH4OLwWnFkjWXD8CPaVOUG2cMzbn/AvJzLEr3XWBDd/ny8Cfk37Rlha2Mnb8238p5abPddwWvARJhT7xBrmXzIXtSAhE/Tf80F+qJ0n224CQZZXbh13y8TTrPnUWM8nGVYJMk28LEbIDDuiqwi1XcHJSG1L3WAXzI/fpIPpNDeaU3coxhEkksWnt1r7ULKXvXeept8NBcMoF6AJ2U014VHjHVEZF5Hxyqw4v2VmT3r+d3WhE6uvd/p3o/8LkbTxDksGJWmKGZ/VZmCBtGNveM2YDGwOIz9TpWjc+Syz5P7+nPJ+syOYKdHU7BfLfPZKLqducNJE/a3HuigJUE/LcpxZNVaFVPdzxd8InbBhyRnDTUhgYsTjyyqXccv+ltbldcA8pUo8BblpxOJ/e/5NsjqLOe4AtSj7y5Y2/wp7B2H7jKJt6Eg7dY2akLXagay9FiyEePS34Be6vA2x7NGwBJN1tQZAJhKQ1LPcgQKAW1KmwEEXN5Wz8A8gAOFYS0R6yhRBfyNB6gQuq6oWwfBnSZ5quww9ZpPoxKUNgd72f3F6TbVvbJZOaluxWjJ4QV7j64qDXVvXQqh0ioP5pG1qoQ5pBix1LGeu0E4rNBT7PIMADWM0Zx/gZDEfh/xRbz7Dl2Awjk3iPbmUfWCZXbeP6ck26Q7Nw+bjkC/R0VXG56u5akhpl+SA13tq+aishw01/RV3zcUgBr7FPdb1nlsaM4tv/eajgeDmCLd+oqzO7TLczY6dWbUyVtUSHsBmBqIw3G2rqEpD3mf/PJc9le9gstGsE3RyyAXgnBkHATKUJbceu21U642+Bl/o6yxlhbtrICBpXX4G81cXcVqjbeAcqn8zOHDBMCjHToGYO0XNJmOt4o7hQvAjGVKh+D0q45hAFH6AX3cJ4MssS8A8nliq9D64Ae/voKJwIy6zkAEnUhfSmAyMHL2pIymNyinXgSzcZCHCa7gsiXK3RLT3BfZ6zMCf7p/LcJyFHnAZQHH/n2Giu6PmKtakX4J6KjwfkkAfnuyknU/5cxYfIJV1a7p4aKACkKkugrF1isMo6ZSnUhxoQzIQLm8/jhwbtdyNj66zywosgjNz2OMOg+eVc8wDGjXNMEAABFjZAg0Rz4TdKTOeyi9UG6VesEvMooD0DX7Ii9nm+Hk9Kih4w+Qd9V6Lqp9i9PaIfjP9u6b+6nYwZBHrNU90uvQX42jvOQqcnvKuxQgoOSXAhhO8roMfd1DZJneXTn1Qr6oRcdZdNrmacFwRjzhvDkMbC1GsBZBWsHNJdX+BjyxQ7QCRjGnwo0pSv/l/bXAKkltu1+jEBUwriOJ4eRDedx6aIRukVnolCXgjcTc8bRewpZUDuMPKrGdiq3E3/YO2u4qohvHMt6ao2AseVVbBX0IN5rl8v7Lm8kKIHQlONgY0/PtA7PYXfqTL7FvDEnFvmZSdJRgnj5kVP21ymwK47ziwZs+0ierIDap6un7iofHovqpKXz8S/Wcgug/ZG+1pgm+aY9d3hQJo5ttfHME7/6wSdMjzeyDr0wNpB3JeYeK5OP1tp96bDOTOElZj95qN/d2nFtc78ftN4HG2vxY7vMzWFIkNHyO7Q6AZPjB2LQtPDqkJWUxNzX5ZfbYmKMIO1G0kTAADvBsmySVVmt3NyZccXpaMGXOaEedkozy3AvqsE8NAsSVVsLEuLdtA4nbtxRewm9JFjQ4C215nm8axyyztOgIVTGBRKhp7ZKWQCugHDx15dm8SnK3XKXRV9cakZjmFPyqhOdfc/6hnVHydr1MMiA5s68cYsJk9VERXGtv3HR2CQWXxP3so61C6KUMmLIaxILp8bG1X0Cldk8QuJhM6bBvjrKziERhl/vu2k5tD5s1CjZZXrHV4wtPEQlXDxX8oMSwZv0+hYb3DG8U6bT1rucGBuAoPhVJth7g6+CwXwMIDcbjxzrceSFd5il/DBi7DCL3RXEKy0fM7vv6AHRyow6SmkJF0MAewfUPWmQd/AqsLNilYKrMLCZ50uzlC1X0ITKA6f+3YKr1RcVMjw5xmqVeU72yXV6fuDOr6DZQzxDT3yoOLT7yk1l53OmwMUk0ee6yr8odIWcyf5bcsm37rXIRD7cO2zQ2ZAbJaD2IS0DQeIGOgj7sYmg8ssAmc16qa7xhSt/9tkdaRnJLTPhiIiYwgIRA8ibtGUSuqVgjL2iKMwJS+euSHMVDLV9UCQQQGIzQrntinJQlR4PwM0V94PDdM5rB00GyFZoKSm7HbOvr56uV1eeTalaGkATWPztskM7qqGxK3Rtb9RkbdiK/ci8N2fKfKpfE4MAEut55NBDKUNmn+6zvp6EpDcwiS4gqxBanRK1bcGqlsy4RdcHWIruKxyhfjEDDVeaWynLedQ0/8O+r1VCYtALYm6GEG3qI2bNy/AQ116+L1/2lhOS+Nxc0+iJMcZAwhBkBiHE0GsotwyunEJgNx24KGckkqdHgcmRu3NOIbIjfxww6hTomnKxFRNvookGEWzpnWmzfAOo2rUpY+7pYHyFzaZu+O0cgtnXrjaASUqHefsUMYZiVbUgP3opNFuikCTKwLtdW/FaMx5hbEehWYaKxj5lKEsxCW/sos55CzIRMe1oKS/RBoM1G5hfPmggdRGSdyQx0aWjuXWJl/ERdY8bQC9pDVD61TLkUlsqUJiFmTvKo0y96UAPrRscdB3CsXjkBjkj6vvbUOvtYZ32hdHT79IlhENSqol4jLVHVwjQ7X2LRFenhSQ2hPsEcAQjk9N2WH67UmU2l6AifXttrKH7EXBPLI7fkBGLDO6bvJywZRBmknjECeaX9v3TwvpW8OQNBVGuoPftv7WRx+OxyQNTQhrJMljdoo+k5mN5qp++iDKR99qsyx//luyekvXZI+axkHb3uzl4vsOuvHeU2o/oKTUoT+53NRwWGR2vP0bdm1U0/XjK9eb2tYGz2bQgPphyOB3FB02gUVJIr0TtyNydU5d0xcCPfPHiIPqZrVycxn1QLVUmT2LrfC384ESUVZzVYZZxdRMRqkSovr7EeEt8A+sWIxZ1EM2BE6Kz8kjw4fTSBKM99wHBnGZDhiV4aCL5y6MXRAuJn5050reurwJ2IyHZoVuYCKS2g6vKaONlx54qLIP6zot37QZqdSOX4I304bT+MKaQD32VkSjMyINhjojo3/tsfmgqi60Z+ozpE0eVs71TakiPEWVSPiOL9CRe+PM2/kDG2O3HLovyLk0H6goZ7PhYcxFbrflaz1Rsnk4jw0EzfzY/uf8wYP/iCkQ9XQ+9zrdyEBTwa2hqz0UlCc1gQS/AN4Du7d/Ktb/WcfWu0Nqg6Ag9JXfpABaIJTrVciqwhrX5j57vrWlJss2CodYul5OcW436trQJFvQxtOQvPvUk49+n272tFOe31lImUD62SCCgRkYIQfhHIWsDBWj9Jx8wAtAeDRnxFJ4ymsLOHoMy2GXlT3/x6p0FyZZXOiG0dyAgmZ2sZxLroOyAOzZjeaDN+xgpNK8SWblOSwEsD1Yml/VtoNV8S3xMRephb932FA8Si868iOVfEIBSel4WEBx63IdfLfmbKQ2YR94jf7o8UchnaK5HxfRaDu0+P/4/0Dm41IXW0/ccwahEvfVay+8ghX9L/kFyWxGuqlE1FtSaomdpGtdnvPCSwHY0DZ9DZ/IJb+CHEvOI1ncI8HSocsGAlCB7QFBu04M6OVGbLeHa2y94kVgudG4RSX//XjS8PvQeo/mVRI7brKwQlWOR5VOZ7NUP4edJr1tCz/dZjVgkE3o1uTStgnG+JcJUpya0h0Xg4dOT+wdup7eZ17Hd/PEVax8CSQSBJ8bFgqlZ/Uc3VBUL4Hh8dkEpbkkMUvLqa7044HUyFcMKbcbdZMYFOWUFCPm3cESm9Qr2FOixHg9Q5D7DqgQpH5Uhx/sdAHQUqb54GiUS3Zf+Sj8rpFmyQiPA/vUgmE9PqhmLB4GN5PwIh1UiQn5DUz3milb4M8ootMI38Rm22Q1JHqJLlDT4ht4PUhs426IydJU6vm8qpdCIUeQ0M9GepE4PV2USOSW2QVMYf+lbcClN+eA+7ANwL9bCheTb+9k5cv7qDTT5CLVbgGP1p16i5HKkthGfdtKBJs2fO2ms/YtEI+Bw9XO1SyD9xJtaabqDnFmthhZb8B8Hd7UhCpDsUb0Es9nTN9n14QCYl5aRJ+7GnPSaWpZqQlbJohjIQX9ts3NouYXKB9v/2Qij0Zfvv1SQcPQH8yha+0uYCa9Ld/dvbBvXpleLVxy3Ngvosm8Cv2cBqeSLXq2fc19ph7AIpdNQ4RoYCf6D2eDlgmsB+R3phmYHlwY4r0aSdDiRrS4iTk+BSfvcFz/qwnmaBWO75VStfNLMEh1IYo0J4VbLvDH0f5w/oJBQUP0r6xsvcPA/Pn6WKOypum3UbmdC3MFCb5rwo1CznJ51WGTgNGbD0DLQcec+wEtfw01AKmVeJnoFfIXwf3nZX2LOVUdcdzciico9b7ow3XbQOMQ/gNvR7yah3gn5iVbVdns2o8IInzC5/73zDsc5mZm+I5wFQP/zm8149o+GPAeg0ncMYTA88zM/gxhA2BoiPLh4hFKaqBaGpG4e1WHRqx29GoRZykAWBqaC/SPfE3o3CkF4cYPdHxnTo8xONYwC1CNpLUNKUNcCcxdAk0y88dKBPf8D+0QeffHuLBiy/oTUvh6dIq6J9qir</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:11:20,241 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:11:20,241 - INFO [Shibboleth-Audit.SSO:?] - 20210507T071120Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_45a13e56e7cf16ca7ff7f05cd973e18e|http://develop.localhost/saml|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_83ef1b813135231ec92afebdb1d2825e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxvuJwkn6o3Q0jlT2pOcxiANmAR7lTmlJgp/E4lJuoKwU8r885SgGxZ1R7HxIGo9oD16ZrNB0CgES7fZAkl24A3BZnUhDkgg5unseH6SHBpWHh4OXfQ2Q5hTdGZYSuGe1+|_a30bf3d2fcca27adae4ae87b559be9f0|
2021-05-07 07:12:23,212 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416
2021-05-07 07:12:23,212 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:12:23,212 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:12:23,213 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id14821344505583311580070534"
    IssueInstant="2021-05-07T07:12:22.291Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id14821344505583311580070534">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>atvaJdpWZAQvx6oAfRIFfr0TyWw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DB25ISOB6yeEE44kzfx8gMb4dwS4eHqb7COYV+QhuwpPm8c5t6NBNhjUvJdQ1MtuA1KZII4J4ZMvlct2O0wENUWl4likvf6F9ASVZh/Lu1qI73c/GWFaAp0mt3FetYAbxw8/KkGoQ151TSV6xefTvSAQEQVxpNmLxZiinku1nwEoH6cTyyVKjBYErKm9v5f7fjPoqPbofmyEQKNC4bQ3EDLT9Hdg7WhC2HfeHj9Htf3n40xXq2/dDxE/QLCJyZtK/V090JhtP3Ioksng7cEwtRETRivjgE7ymyeNvRkmVuAYDHxbrI2vNUrsr3EEjJHXTT/v20hBlqQEMHvz7aEmUQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:12:23,218 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' from origin source
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:12:23,219 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:12:23,219 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:12:23,219 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id14821344505583311580070534', issue instant '2021-05-07T07:12:22.291Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:12:23,220 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:12:23,220 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:12:23,220 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:12:23,220 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:12:23,220 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id14821344505583311580070534"
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id14821344505583311580070534 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id14821344505583311580070534"
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id14821344505583311580070534 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id14821344505583311580070534"
2021-05-07 07:12:23,221 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:12:23,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:12:23,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:12:23,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:12:23,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:12:23,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:12:23,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:12:23,222 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:12:23,222 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:12:23,222 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:12:23,222 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:12:23,222 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:12:23,222 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:12:23,222 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:12:23,222 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:12:23,222 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:12:23,222 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:12:23,223 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:12:23,223 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:12:23,223 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:12:23,223 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:12:23,223 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:12:23,223 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:12:23,223 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:12:23,223 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:12:23,223 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:12:23,227 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:12:23,227 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:12:23.227Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:12:23,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:12:23,227 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:12:23,227 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:12:23,227 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:12:23,228 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:12:23,228 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:12:23,228 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:12:23,228 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:12:23,228 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:12:23,228 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:12:23,399 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SAML'
2021-05-07 07:12:23,399 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:12:23,399 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:12:34,156 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-05-07 07:12:34,156 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:12:34,156 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@311496033::identifier=rick, context=org.apache.velocity.VelocityContext@22140a20]
2021-05-07 07:12:34,172 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@311496033::identifier=rick, context=org.apache.velocity.VelocityContext@22140a20]
2021-05-07 07:12:34,172 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:12:34,172 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:12:34,172 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:12:34,173 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:12:34,173 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:12:34,173 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:12:34,173 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-05-07 07:12:34,173 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 6b5e34ac7028233a62d843f7352e4764e38bf88370f41929ef909c7de17955f1 for principal rick
2021-05-07 07:12:34,173 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 6b5e34ac7028233a62d843f7352e4764e38bf88370f41929ef909c7de17955f1
2021-05-07 07:12:34,174 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:12:34,175 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5781be6'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:12:34,176 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-05-07 07:12:34,345 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SAML'
2021-05-07 07:12:34,345 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:12:34,345 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-05-07 07:12:34,345 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-05-07 07:12:34,345 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:12:34,345 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, tecalliance
2021-05-07 07:12:36,643 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-05-07 07:12:36,643 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-05-07 07:12:36,643 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210507T071236Z|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1651907556644}'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl]' as '["rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl"]'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5781be6'
2021-05-07 07:12:36,644 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:12:36,644 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:12:36,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:12:36,645 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:12:36,645 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _3f35ce1ffc5eafda033eac135e3e9eec
2021-05-07 07:12:36,645 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _3f35ce1ffc5eafda033eac135e3e9eec to Response _669e4c6676c23bc4491c6341a5e3d69b
2021-05-07 07:12:36,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _3f35ce1ffc5eafda033eac135e3e9eec
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:12:36,646 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:12:36,646 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:12:36,647 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:12:36,647 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:12:36,647 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxBoUjAR0M5MwCszeOyb3TMcJOftlwQbKbsIfKqdt0NWrS297c9ToabrG1KcT7vQ9GPEZXT3OK3abxq+rwENqixObQBPz7mr8yfvWIowJBy2/WrCM2oiEP7t/w271Q+LN/fmCGGWBHRp405POlIJHovHXJg7z6Y32pbaaDq1l1Vnt0 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id14821344505583311580070534
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _3f35ce1ffc5eafda033eac135e3e9eec
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _3f35ce1ffc5eafda033eac135e3e9eec did not already contain Conditions, one was added
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:17:36.644Z, to Assertion _3f35ce1ffc5eafda033eac135e3e9eec
2021-05-07 07:12:36,647 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _3f35ce1ffc5eafda033eac135e3e9eec already contained Conditions, nothing was done
2021-05-07 07:12:36,648 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:12:36,648 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _3f35ce1ffc5eafda033eac135e3e9eec already contained Conditions, nothing was done
2021-05-07 07:12:36,648 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:12:36,648 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:12:36,648 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _3f35ce1ffc5eafda033eac135e3e9eec
2021-05-07 07:12:36,648 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session 6b5e34ac7028233a62d843f7352e4764e38bf88370f41929ef909c7de17955f1
2021-05-07 07:12:36,648 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 6b5e34ac7028233a62d843f7352e4764e38bf88370f41929ef909c7de17955f1
2021-05-07 07:12:36,648 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:12:36,648 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxBoUjAR0M5MwCszeOyb3TMcJOftlwQbKbsIfKqdt0NWrS297c9ToabrG1KcT7vQ9GPEZXT3OK3abxq+rwENqixObQBPz7mr8yfvWIowJBy2/WrCM2oiEP7t/w271Q+LN/fmCGGWBHRp405POlIJHovHXJg7z6Y32pbaaDq1l1Vnt0
2021-05-07 07:12:36,649 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:12:36,649 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:12:36,649 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3f35ce1ffc5eafda033eac135e3e9eec"
2021-05-07 07:12:36,649 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3f35ce1ffc5eafda033eac135e3e9eec and Element was [saml2:Assertion: null]
2021-05-07 07:12:36,649 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3f35ce1ffc5eafda033eac135e3e9eec"
2021-05-07 07:12:36,649 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3f35ce1ffc5eafda033eac135e3e9eec and Element was [saml2:Assertion: null]
2021-05-07 07:12:36,651 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_669e4c6676c23bc4491c6341a5e3d69b"
    InResponseTo="id14821344505583311580070534"
    IssueInstant="2021-05-07T07:12:36.644Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_3f35ce1ffc5eafda033eac135e3e9eec"
        IssueInstant="2021-05-07T07:12:36.644Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_3f35ce1ffc5eafda033eac135e3e9eec">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>reDMPwGFwJHIpX6309yugpUHw/HPhWbRfzpgNWGql0U=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ZwI6125By3kJl0irkJSWGAkXbZLivMNbFDmYnCeXnDFC4o1UPjgeqen3NM8aCO2ZLe0MWmJbPE1GBaA3NncJlvCTQDzQhQDDdjcLU9P8R++k78Bmi7PbCkA69b8xUVpNaMKaqK6+lQqqNnrnNPj2i4cpfdlH5h37dtiGQd9GFqq5ZxUD0AeKP7rY+ngBxn/mT3zUK6RTIo+f/YsSpBhRkfMc6bNdT74FLIEwNQO3Kasm3rLTOiOUnXjfOpz3YkO0HenX/NNX0laRpD1PFQ9cpccwm/TPl5mfv+YA6VDZuG5ddm1z9yJQxLiP6/rsygGWBvvJcBTchO1toz4dzCzSlQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxBoUjAR0M5MwCszeOyb3TMcJOftlwQbKbsIfKqdt0NWrS297c9ToabrG1KcT7vQ9GPEZXT3OK3abxq+rwENqixObQBPz7mr8yfvWIowJBy2/WrCM2oiEP7t/w271Q+LN/fmCGGWBHRp405POlIJHovHXJg7z6Y32pbaaDq1l1Vnt0</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id14821344505583311580070534"
                    NotOnOrAfter="2021-05-07T07:17:36.647Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:12:36.644Z" NotOnOrAfter="2021-05-07T07:17:36.644Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:12:34.172Z" SessionIndex="_a95c6974e84880d9cf37b37c0a7af54e">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:12:36,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:12:36,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:12:36,653 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_669e4c6676c23bc4491c6341a5e3d69b"
2021-05-07 07:12:36,653 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _669e4c6676c23bc4491c6341a5e3d69b and Element was [saml2p:Response: null]
2021-05-07 07:12:36,653 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_669e4c6676c23bc4491c6341a5e3d69b"
2021-05-07 07:12:36,653 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _669e4c6676c23bc4491c6341a5e3d69b and Element was [saml2p:Response: null]
2021-05-07 07:12:36,654 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:12:36,654 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:12:36,654 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:12:36,655 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416'
2021-05-07 07:12:36,656 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_669e4c6676c23bc4491c6341a5e3d69b"
    InResponseTo="id14821344505583311580070534"
    IssueInstant="2021-05-07T07:12:36.644Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_669e4c6676c23bc4491c6341a5e3d69b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>sd8Oqujdr1u+IxGcYMrKKlWDi0gFYxf1zh8fVAJHYh8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>dz9zOCDu/tXMGd+73SixTFBRTMfg/FywpPt+qer3m5TI1+bFc+oXpkEC1N+ZqPPoz81odqxavPDepVQoWCDbUtRBPFqmSE+Te1wV1NiL+Uz+80RM+s72C4Yxe+6y9kJ2wX4kvKiPRGU0u6cJ2OmWuiEymdtYfm+MqOiImEPUJLOP95bQ5IRw7AA/9hFpTrbnhzBbXutd2Zl9l2npYku9XDZ230xcVGtrcztVPffm/FSq3CRIWvU5Rdtd7SH0bA9LO0nqmXBRXe1sLK+WIK9vBJV2PiteFzSROB8HV/LWkDvmJh5mH9USXH8qwlFgcNzthpd9gnTgrqCnWYmjQyQlAQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_c1736e235e2d60eaf96c64a2a3f80aa6"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_a5887e0296374480b4201104fcb373d3"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>bG2Hn7WguWV2jizAjD7oNZRSNRpVzjsk9OKhtrmzbXppclTExH+CW/MIO/63bBfYaqL5hlciOdYGZocrOGvC6AC9fCPJjV3vZ4z/OO/9dsmMfdHRjRUHjIwfsMvHMA3kHYIfMDrw/VWM4zb92lMsQEPwrcnGmCkMthQ2bIe5j3ENwD4D9xDg5Rv7oaF9GvNwpMa7QXp4y6QNxoWo9VDzNRuJQt1RLDMvmgvnCXHrdKOomGcNVJIoU14K/gVx6f4VPaZrhJiJwaLKq6fkMjYCQgFPY2FHiSh0tuGs3yjDOxjeT5YHvlKatTpvwvArR7PKLOyPBHk6tXRGChzFlngBYg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>JRCZi5qrO74wQve05QVaPzp+C2xodsZPyufuqw1csei45BPzW7eB1bhDa4dPAozOEukTMENq9S8R7bB4DreM1owcFd8yJh7TIXXZY+3FpFobMyz3+YndIkxbTR+qVmLabPTim9B/FaUG3yIIENAVFCUquRMHFdsbvs1fIMels6J9nE1rbGGBg5JHD/wizkZZkIkgIq3pNnozqIMtULR4ZV0JrvW5vW2xdkH6rSBg9Zm0PK4E2q2VRPOHgei7W74jF2LcgQfuXzfauw/NleSCkJDrnztWfgSkK9b/K2pkSeQ8ftdpN5+QrJeL5IgZZlkzzmQzNmiTfQglIDTn7Ci++jCyAfVbqCLfzmgkpse2ivEOK6K54KuEjagIJ0TyR4ogjtmDVEwxTk4s9qlJ98727sX8dL4D28zm34zHztsjoSmbN3B0QASmI4sUXO+yUCfzYySo6HRxhEOvLdxaeW5RzjqHw/MN0Uh75yXdGy0jVuwpHreKqayRbT/EaY+un2trfgjyut+zaWBNAxUoQaGixljXsXSOw8fA126//UFVoSJstVpkAp0PMQ3CrVtmJjRwxyheXn2IbwloXgxKuuzx7jiJD403eoc/hyQopvVbKS9Kb8pISQqxo6skGVUs5unXdrlNwPEd1Lwqy+ONMtDN7a3FA0ZzhGH3gu/POVVH2Ed1bXmz5FRwkCV/s6yopYNTCevQfQqu93knQl/nXb9pTX4dUEcoIv0vCuvZQqC1wI+04B+J9cVh8NcyKmvNEHK3mF2E/FfEEyFITmuRlvOKqvwRW82kDEtcMCwcFfXXygepjmRyjnvFUtSKgrwvhDftWfzIj5zgmfFMQwg5o2X+1V1ycqxfcAdA4pv1my5vkZaUg9cxMEp+WQ3GZHO7+61jRYQJcdlRnuOXRil+0V9V7/JED3RNBidO+BVLPAazk2jOv9VQZuvRfw3IXOUvIM/5f5GSX2/8fjXB/sU8yTwPKJjH679K3vBanJsSeD/cUeuweOjEu45sURX0iAbTgi2wlATkaJb3hLSSC6DXUfa994uNEFF6gz7k9PY1ZpAMMhgjGpITabS16LNa5i4N0SQ10z0uNiJdktwjavjJ5JPynVBrADnD8e5ggawnT4H9hdMofaKFSGGJXjtjhKtm0PQEQK2FCgi8wZR2F++tE7NzvRIxNCBjjlXEwydgi1/EETjPtTw5gCcDLkWaLqsG0gAtpb8GsnEWPuoymyRuGjiCoD+Jgmj8zbzry5Y0CnNnWRU4zqRwcP/gc0k+uikCb4vTUld4zQTDksIKI0uuiDNxN6Q7TDrZ8SlElzcATaxTT/Xwd0+HtA83yMRdYdqBUj3eHDHjQWn8ObfOGagxwUs7iUpKzrvpHLTYMPZBBZfUKHEVJmouBafrCdByic3P9MfpwPda/yCBAxYAfffBVDHfLLtWM3VOGhiAZOOfOgHzJf5VX+1bJjSbcQ4UiEingGSQsS9LJdozk3iPF8M07LLn8VuT44qrFHw+5Tis8df2ZrTUKMXsvKJ5lQuZDVIx+yULML+Gu7siPwpBEmb4udiPfQZgeJngp8vxMy4+fnnJdYlhH/3BC0IvmimC1Ji60xjXt/Ejn7y4jh6DCiTV6o0U/7EaudshjGtkfDX3FLGkVUmwAIMFNP9gcTapuV5jlyQc6ERXPYRnG3wCzeJjfFh95Xf4qKCTUy3qzkMzDA6rVbSGhk6P7BnqNcOhz9ybhBU3e0faSTmVCZurm2CFSQhU8b8bzUunvgIJOdXNFu40EnYtBIQme4ZzB5NtWrs57Zbuuh6x90YOI+/thiYDXFhtdEGurDUWum6p2ZpIoZAPOLJ8FXGY+dsqCkYLSplUAYxHrNj4ML7Ogi80uSAs2e5yPXPaqRUHVlDjihmKv2dYLg0RQDb7iWaLKY592oYXyhM4U2UQfWLKuhlMAt9dwQJCjm3UlxB5RQ/YnM5DAKg/g/FkmVmT6rqvV4crtzyOqKI+419OOwLCpJ2/IbpbKiSmOn6Ycsj16sUkCsLJwXY3SuJrU3OO4bNVGjkch8D97W/75YDOz0hCFvfxE4vv1ykXPPE+52a/LKVYWKUMQKi86wuLVSW6fvuNkSYmNhFZU9fweEwmnhxkfbg/s8Tq3VRF//DZl/t/svRmpWLTfTCedK2+zFNcSSWjrqFQJvvmUtmdaRONDHjdLm/v63oUD2Q/pk9ukZckTPKMtf5rMDz9FIqJ02H5LBC2PD3USJ/5lbMamcW+iOZkNYfGsjvtDFvXf1BNwGI4jgOvX41O6VV7L++bo2RQcwHcu5AhiwJ+s2+tHfadXT2cQzR5AnsmoI/dzO2BPNZn941SuriOPMOmh6yKKh3SfIXHhjG7qcz/VL9DRwgBMyL5wncBTxIFwUuaDVO1EDOrRH1Fwxa8tJNPEO+eEjjLmarwHBpvWdt8Hyccngp59kqZz6Ot9e3IaCooV2rJC/hHAKAUbDXCVr8K1nCposfZY//zV3gegNsn/X4d8g3cc0Jo/tCzrB2ZvNRQuCmymzLgVHVZyzaJ+U12kmDVf5SrYAQYs95qSvSfjeCx9rXdoxeU5rbORKBQIabocuXTjByPEV/TFuDz+H5Yuu+B4ckygfUKQp31YyTxRYr/i8gIar5bLlfBOrxYTnEJ9lho7NsAqNuW0a/ZkKDQcMpybWDF2Rb+nI/8UOt5UjFXGJ6hYpibyt7/BlyKQMM1YdM/fz+L/OtJHqsfo7dwSBNt8pEfrjzfboJUjEwTiIK6avQZI3MOP9ESDUoB0KFXudva8VTYN8KsTON2S9HKDlqYozfY7JD/nPqPL6i6btkbMHQISA63n8MHirsNGGfppsKBlwJfi+Pi30SeVrLixPETZlLykwQ37m8bHQY+1XI95I5nvF25+m7EPxcyOjdMwuOEaB6nTqwU1Ninz1JazEh69b819Zd2A+u5lCbaLbhHzmk4IGwMI2+dU3+a2Sr5FuzkiSA03XWQ5HrObCGeKH8teVeJOPtfQd1ggz5h2LoJ00+5wLdXkeKSPfTw+IU4sCLHSJmMGvyBKuFaySSa6Xqzp17G8b1fYfSXIfOxITCgcML5JlgBTQQPbj76Ye0MlB+GVLdvfA6WskML/LivOve5pdfh/VbSNDasMNopyKaJv2gHtvFUAf28nLBM3ywk3CLF+buxdArSJdHjzbDPl8NMgGyFDeNnVLVQgsO6CD9P3KcSjJhpSnLdS7dvU5eMOJBn0+NdEA2AzpOhzpstclShnJIfjpv5QzqyJr0xqsylRBWGbS7ytNTZ8m64MGL2YfmUefeYBiYxfxDZ1tXqFa2kKs+INFI+3UOhALFXpEXKlaDknwgbmFzhBk1QgnJyLODGV6R0gBquNS0+5NQNrBPpUidP8DVUKK8jkJG80ufwg2zJhIi3e2pei87vw6Fm6MbCVt+JOr4kBFKKIfQzMZL5wz/54+jNKu9iPp8KwdU5B5ZMFBzCFis9XMY7YmOmZMFTKX6SwgE8sj7cAdx756Fe5UVVfIb53KxLD4fYpOVAhqRXEEBgNA3HStNhF9s313F9aX2/y1LfBWddeNhySmRoMLTD9EHAxCWElKEifOYvia34GS7crL4GjVSz580+IlV2L46rwqgQlQHO3G248bz7lnDK0sAG1SzwH5rZ4oju79bL80XHMJAZSTumfw6E1GJFFT4rfCgXnYkO6UjqLGLYwtVuMI49Y44tqPN2ps+vwKgX5ursIn26I/jJ0QAsbO5syD/t6XcwBg0caI4o7or8LY+1WbTjJ66ek+9dQtyR/CUw7jo7eBJaJjeRMhSiNJgSQRpRSQuCfgz2skydqidDOEJIjkLZyotYHcRUWkX1ee7Hwh9pl9S1tkIyrGSSRGQQT2fU4yz+FgtbEla6GAwC0z+euh+8U/6L3gwF4IoNnhnNPcBQB7TW8w/YDa45EJuRx/SWBdnUZJ5RArJTLe/YFZlUSDEYYy8GszsHR9z4NPlgB52w7/BFRQcWXM4+gbRDJ/zVgYC5NigGjRP07EON/nJlxKMFHj+fXOLguWsjXKvrGIc4Q/0yVTCTQdeCKB5Kvix/PSCsgIQRiqkXfp4izUxbytPkvYj8ZjpS0AIIl8d/E2+WzHDbFCbZuxECJl8UasW6FpzUMLF6sobLu0G46dwutW81jHHKI0q+Nz3NX+lphcj/TrZfOljCSNnMx0wzBtHzmqjfXRRKGQvqU9Uo6DEzFS87iroT5MRo7v7CznYj5Ux+2HNMrPBH2qJtDVyXWgs8ExltL1z5KVzOqYatZdY/+sANQ1gc5OHudIIxGgSyJS8Lxn5bF2Mte/gy6t+/+x9+TU9dDvL4ZSVGpbopywDUd8ougXkpQX0RVED2kDkE/MRHA2p17DPe5lgp8bEZBJL0YcNeDTYY2/sP6OmNQIjbDIfw0AY+MkLEef6ZnY6rZtf6qs/SkXeehI2j7euPLD3jaJaNuiVsPQGBjCT0lEpTnvjhoSwih8HiHFKh7IKqYBMI8kl9m4n5LCWOYo9vQZIKkwagqm6P2eza/Gipv83SXQRZg0oxFZdBqjIXwLIv61s71gP1QyiJEbS8yWdIRh0SlTcFjblDIa10dd5xYR2jP7KK6aZxwu39K9RMLq6zKXWgnZRbV/ENg+rU2dnYSlCaw2mQHQKPfhtPLiEcvyw7agraIKhMOyGOVMIZf41XYvj03wStUR6uoVxKDRhjxhObCttjaOiZD6FU5v4usPFx5LqdskwauRrU5puIvNoDw0F6K2LyCuL6tTSkIsrgDxiTPof7m5zvu+1baOfBzdTC9hvUUiGWxfUTsN+MJmm5hIrCp64ZUmRpVl+rbDGcQQbepIWLezIkMhAi3RTT4biJEpwClRl79YXWu4zQPUSBFE4xR0q8KC9S29h+BDzjALRSM5r/DB2N0tFYRvAysxkk12166dseIyPWgPaaLHhQAzIemclj/Kvws8qGJRGRmnFO3X4m6fonnw0+QkoFktjr8vbndZ7bzgLQnQJogG8aRb4byTiD6QgzAAxkrNem3r2mHb4iGKKndbfpf+kiiY5lFl0Oggf3tgyTNXOTjBbdbrxmOs/9NzNZIvSwnLYnvCp2kjpUZy1wBGqBxdgoAAys5G7YOcfbK3DTlowbvYhbE455VwdxwYVr8irVAtEDzKqx0YLGsUnP3CHs8tQl+F7ndgvZnIHe+mE5R4wMEOTPMRkhPlu4m4nnokuDqx4mu/MUTtZRl7OVooJn269DapDlNgWDRojCb9NPgnwH6q3ZRPvF0vMYaxbJrQnO1ajL9Ss5EZINxWPUeq9Pyb+NMb+XvZ5Prc8WgEzU0hXVfDJ4SqaBajj+JRR8PuV6o92CBrBrfNjd3jiFLmLjgHs3t0a6IHrMJWa/Fbj2q2RmkqxGaDPLc8qLtt9pAmJ7sxCZX/9hip1qWwCNo/hQBnCYlebm3TfDMSzPzHe//O/B5SJcsfTxAXDjTcpehA6PUDrgLWOxRm00Gjc9LYD6tcgkLOvBipxPUDfagWHS3RVHsuisZXGxwVPbeO6sgHUu6bqnx36W15y/Xk1RxK9my2a5nJPkww15GrxsjB0bAS+JHxwf1OUs1jfZWzi+FOkbXDNTnXUNo/K244tIJWdFu4LtsrDJSg3wtI3TOXA0uJ8/7aquiM8kpN6Ll9IBgDfbdu46x0S/tdu6PZRvzfk457YlGYhxl5EE7kvH6P8s+VL1xnzgY2sNs+JQrwg/DqRG40XkunGVzAp14hWki2u5aIAX1z4nQ3iciKxw97WrUFIK6tSXnRCl3LyWlKwZJKKV00ZLA4upi9R4tPXlMPjJUtfEAbucmrrw50ZdbtDzTWFovo8Gtvj6sHr30vo/YIxxhysIsSAHw+QNfv626zBrPYbTGmrPf5lpvXHCaqja+3z6gVBI42PznSTNGkFA6/hmY3NHrj+VNEv1XVWD0Ykc8KJYj5iQwePtU1z7eOSHZQDALuXCTr+jaGhLxoIHNlEFAGJ0idax6XmsCFXfrbGF3Xs+DdV8Qwfo0Jk+YzscROAPZRhM1Y0tYsvFwHSoZnjqrkJVIokd5JIZsGJLr6MAZZ4RaPM3jBxkkATK/PHlcCPJCb3hQARPFhHWk/iEWFFx+oeH9wXDtxP1PCrOEpj31hs2KSGGhuwsMb/OP+mK9kDveGrcOPQ+rP/i/Du8zzWshK8G45rDwvvSkBDR0u5w82ld9HXQusN5eqLTtyTKJ9JnR133Besdn+XJhoVipBIVPwmGbVRhSudVtkqnKWahzPCrVcln6XlMQWxz1o0zlNL+bDp9iIxO4nsVUNE18kMJjjWT6vaBEoHpD9TPiqboh/Ry9mGdKpsAIsRDl7rMujcnEeUeU8aOhzy3jDC0olGoKE5rGQsaU007XtdPZ2YMXWyccSZDVReVPvXiMmV9DwvUZE5lm8mkqzhSUXgQLMV+CoEmIUd8XPAaizzKMMjSZuljnhzlQEchztVYvJARvDWMFISV9G9fdL8KWfA+gASVrsKS0iRKDlgjyRKYE5BjiiRVm5MWYAVkVS0d+aze0VZn24q8OjwN1YbmYDjvSXJkKzHmrlxg21VkVlHp39UuASvoM1XUkKb30s3VUBMaRpM6+eopDv6RM+7Dy4tr4oMMzCErVeCN3PYzO7sEtdnv5bsgLikhthsQCMUIzt1nVZqjxdaCJzTSOayVy0RDHS0Z4X2IOrh85PNhlMPohWZUo6fdiZwWmMhUQOmIhmODu5nYxx6CEF2sL8lKBYQMfdK3mVS9TGzSg+1oKp8pZugYjGjXQ9TclEcvPpTKgz8IZw5YdH1hmHUZ57Kct3S5ZF8vlsck0BOw75kWVjc6eiVVoRgGBxqCiFdnu7dyWsFjw6nYxdMkfc3wFTWBF5XDKmtaeLp6rY/OLu8m+jbkSlUzcgkI+6eS67/1MINYvMAtf/UNrPgALTH7ZIcWzKYCwZmb2aGj96j70+vnVlMFQXxyRuK2NHV22Rv/2OeWt7yV7ugTldcqO9QqbiDG+1ADeVM7PIj3gUTgkarqOeZUAEkB7YCzWO9bOlaZejiOG0WeET8rwWm+KQ4dofXJT381V28gLNs4IngmjseEL/qLqwLV68TfmgNndAtIKK71kBUe8Rrlo7V1K+PphnzYkKp3ru5wSC+5IeOxst8ESThKJdX0x0wobzBzPhFcRA02lo/HtVyLjc8BM9E9dKcUCSv0QDmOzkosxqzszsCPHWQAqiE4ndON9urrWPbgKVo5q16drBKOMSC9gOlDEsoL/mcinjIUONHzULXMGFHGAwH4qGBPFG4+evqYCN1cFJlSatrdc7ek6ZCHL8ALBrTkCah+8kmJETTq1XfyMnm26YwRi6NlJMoaVuMqdb+k8TysggbHo4sqiASrwNvBl0XlzjNqCuupiClaal+/nDSfNQfyGNRybZRMWaj2GllMzQj0g+DDf6WeV/u05K4tIb862qmNziEph6nbO14llE1Dg1TNCEZejQQnWvIRW/vP7ckn/8R0tkfu8itigaaOz9v8/x+xhRw8Y8HaQpNFYg0aZCclqrD+62K3kNeP7KIZUSPpt5qYX/k+s5iLfaTc91TvEIin/n7PgqC5GtPZBkjxg3K7ChlFJg05XnaLk7VcBupICo/7ZBoTheJ8FM3WPS0UfzDhE4xeEkQAuW5uodO5RHL7I/EpGK5CNIyFDUAP3R3Hg9xmdq3tC8O9xLpA+IA8zebRHLRmdBQWixnI+lgYVWURVRwM549CHMPLpZQ1TA13hQQZyHsIGlWCM0nx3ugEJ6ipSgy7wzhl22Ui1GZp9hW7uzG8D0i+qY0OPG4zs3LtdQgnWmv9CRvbGgtmERf83w6HEZiiO6pZBdB51758ToZftbdnnV5XeLbJfV2O9ZeqCIxOnNADVEgNWiEZi3D2v56HRXlKtqvyTDEOMem2EL0xyVsAEdst1RL+OmwpS46IYnHGpCFzODVzvx2PTWR7tMA/EFxJDVsHR8B6lIFEMB6L336ExQVEcVHKNWNxZeJpcV57q3Nbln67xSgHQr5GN3rPs+CzxwwlD0pKj1ugK0l+g7bhiiq6678hBxKLCu+PyM8xOnMISDjaN59PuEIHHaBvrhfOqkqYArLFLI35ElskrSLo1oUYFbv2LsiOupYobJJDQ55v8q4FEmonTe/4BolhEOG7NPQwAUAZK7CgnWa3giWhRaGXiqD9RlO8Ndxq5zVIy9SXpVproy2acGR4Nmh1+VJbhcYGAMxIwtKDa2zOQu+yzy744+cSC55WUXGmXDVZXPjHIw5nAdBVMUaKjBAttfWIUQKUA+PZBnbcfi6i/VaCBacE+gsMPy9ZkKv8jJaM7FqxgSSLh1qqbcg6/1glMyQwbiPNkj5goekIX2PwaNLHO/Dd+haI8aLHSbf2Y9A64peBec94u3VQbiiUg7Q8scCTh3bfEtUEpjqBLnh/fM3/YE7zEImJ4p2F/HgKgMW+TqbU</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:12:36,656 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:12:36,656 - INFO [Shibboleth-Audit.SSO:?] - 20210507T071236Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id14821344505583311580070534|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_669e4c6676c23bc4491c6341a5e3d69b|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxBoUjAR0M5MwCszeOyb3TMcJOftlwQbKbsIfKqdt0NWrS297c9ToabrG1KcT7vQ9GPEZXT3OK3abxq+rwENqixObQBPz7mr8yfvWIowJBy2/WrCM2oiEP7t/w271Q+LN/fmCGGWBHRp405POlIJHovHXJg7z6Y32pbaaDq1l1Vnt0|_3f35ce1ffc5eafda033eac135e3e9eec|
2021-05-07 07:15:12,052 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8
2021-05-07 07:15:12,052 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:15:12,052 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:15:12,052 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id1484460319312119763751171"
    IssueInstant="2021-05-07T07:15:11.142Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id1484460319312119763751171">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>gNahqteWtEmg600FzBE6uDVEjC8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ATlrIw3UGfurKujxYfw8arSqLv04tI/MtK3xzL8aN44mDjgQ1Mi9GHzJ8gHt6h52iEQ2jGyT/f33kTcx1qKU5m1TMNSADCFp88ciio4ijjlgC1e2pUinn9sRScz51JevxlPuXUQxESDWdFmGN6rFwtPARwxyUGa+2MoXJ2tchxlsvWvuLfwmoJ5yUysDbYdssKfgJb9tMW94uce0gg6CqpQ2ScPccC1/XTqm/mjy5GJ6r2CX00aM8nfBzK0wuFkp1qtYPFvYItBnehI4uwK2rf6HfTwiXfKtFgzvlMBOsjmKq9OweGnfuPv0iZMMbMI7dVmMLzDoY7RWoh3wawVONg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:15:12,062 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' from origin source
2021-05-07 07:15:12,062 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:15:12,062 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:15:12,062 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:15:12,062 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:15:12,062 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:15:12,063 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:15:12,063 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:15:12,063 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:15:12,064 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:15:12,064 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:15:12,064 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:15:12,064 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:15:12,064 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:15:12,064 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id1484460319312119763751171', issue instant '2021-05-07T07:15:11.142Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1484460319312119763751171"
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1484460319312119763751171 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1484460319312119763751171"
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1484460319312119763751171 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id1484460319312119763751171"
2021-05-07 07:15:12,065 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:15:12,065 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:15:12,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:15:12,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:15:12,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:15:12,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:15:12,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:15:12,067 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:15:12,067 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:15:12,067 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:15:12,067 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:15:12,067 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:15:12,067 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:15:12,067 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:15:12,067 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:15:12,068 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:15:12,068 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:15:12,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:15:12,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:15:12,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:15:12,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:15:12,068 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:15:12,068 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:15:12,068 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:15:12,068 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:15:12,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:15:12,074 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:15:12,075 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:15:12.075Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:15:12,075 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:15:12,076 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:15:12,254 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SAML'
2021-05-07 07:15:12,254 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:15:12,254 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:15:28,638 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-05-07 07:15:28,638 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:15:28,638 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@306343471::identifier=rick, context=org.apache.velocity.VelocityContext@75c06397]
2021-05-07 07:15:28,650 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@306343471::identifier=rick, context=org.apache.velocity.VelocityContext@75c06397]
2021-05-07 07:15:28,650 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:15:28,650 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:15:28,650 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:15:28,651 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:15:28,651 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:15:28,651 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:15:28,651 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-05-07 07:15:28,651 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4 for principal rick
2021-05-07 07:15:28,651 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:15:28,652 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:15:28,652 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:15:28,652 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:15:28,652 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:15:28,652 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:15:28,653 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@15a715d2'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:15:28,654 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-05-07 07:15:28,827 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SAML'
2021-05-07 07:15:28,827 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:15:28,827 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-05-07 07:15:28,827 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-05-07 07:15:28,827 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:15:28,827 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, tecalliance
2021-05-07 07:15:31,096 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-05-07 07:15:31,096 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-05-07 07:15:31,096 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210507T071531Z|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1651907731097}'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl]' as '["rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl"]'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@15a715d2'
2021-05-07 07:15:31,097 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:15:31,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:15:31,098 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:15:31,098 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:15:31,098 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _db143bec1c25497d6ae56f686d48a263
2021-05-07 07:15:31,098 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _db143bec1c25497d6ae56f686d48a263 to Response _fab2b7792815187428a575436a01dc0f
2021-05-07 07:15:31,098 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _db143bec1c25497d6ae56f686d48a263
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:15:31,099 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:15:31,099 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:15:31,099 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:15:31,099 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:15:31,100 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:15:31,100 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx80Fdwo9HxsYdGb7wO94MsHg7pfH40sZ0NPoeI9DVb5JaLoxdWgyKfgPnFvfZBH65omgOiLwjUyTm5lB7x1sw48FFfSRJIeaJp/czQbn5fAY+ZTIgFpcHTkTzugPj3cDUFyQWb1zlHfiSNrmqk0T9wPCoSUdBkgnRvHWHXvfjvSg23Q== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id1484460319312119763751171
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _db143bec1c25497d6ae56f686d48a263
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _db143bec1c25497d6ae56f686d48a263 did not already contain Conditions, one was added
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:20:31.097Z, to Assertion _db143bec1c25497d6ae56f686d48a263
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _db143bec1c25497d6ae56f686d48a263 already contained Conditions, nothing was done
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _db143bec1c25497d6ae56f686d48a263 already contained Conditions, nothing was done
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:15:31,100 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _db143bec1c25497d6ae56f686d48a263
2021-05-07 07:15:31,101 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:15:31,101 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:15:31,101 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:15:31,101 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQx80Fdwo9HxsYdGb7wO94MsHg7pfH40sZ0NPoeI9DVb5JaLoxdWgyKfgPnFvfZBH65omgOiLwjUyTm5lB7x1sw48FFfSRJIeaJp/czQbn5fAY+ZTIgFpcHTkTzugPj3cDUFyQWb1zlHfiSNrmqk0T9wPCoSUdBkgnRvHWHXvfjvSg23Q==
2021-05-07 07:15:31,101 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:15:31,101 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:15:31,102 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_db143bec1c25497d6ae56f686d48a263"
2021-05-07 07:15:31,102 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _db143bec1c25497d6ae56f686d48a263 and Element was [saml2:Assertion: null]
2021-05-07 07:15:31,102 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_db143bec1c25497d6ae56f686d48a263"
2021-05-07 07:15:31,102 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _db143bec1c25497d6ae56f686d48a263 and Element was [saml2:Assertion: null]
2021-05-07 07:15:31,104 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_fab2b7792815187428a575436a01dc0f"
    InResponseTo="id1484460319312119763751171"
    IssueInstant="2021-05-07T07:15:31.097Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_db143bec1c25497d6ae56f686d48a263"
        IssueInstant="2021-05-07T07:15:31.097Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_db143bec1c25497d6ae56f686d48a263">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>dPPwtNhxQXtMyZl4Kv0fpBAJsyhT/dx3Q4ingu4bCoY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>epzdcBBLkV3pLovbYKuaADnxKJPqA+4JQIhY1XN5v13L9RkE2lVVBXCrtDDVTN1pCxtHc7YmBbNHyzA1Cxf+X3KnYyan3IJ6a1NjaBiUEcTke3AHkVdjd7XMKxf+zKUIeEjgP/TA+3IzUSZbZf/Ub30bAAZp9ZVlnphUNo90/lpWSEMO9GQ8WZTHPQUawgPKnxhLVrETrdQJld77xIV6Gvg9uYhLlJwDKAztLU2tV+K4Js12+IumgIqPgUucXZ/DZvVZv4QKo5BlZiAZo1BRUU+UAqc2Zma/+rHclgUyKC6+7g5wRAUEHbwLHUAxMU4KBrJICgPZH2c4eXj7C6tgDA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx80Fdwo9HxsYdGb7wO94MsHg7pfH40sZ0NPoeI9DVb5JaLoxdWgyKfgPnFvfZBH65omgOiLwjUyTm5lB7x1sw48FFfSRJIeaJp/czQbn5fAY+ZTIgFpcHTkTzugPj3cDUFyQWb1zlHfiSNrmqk0T9wPCoSUdBkgnRvHWHXvfjvSg23Q==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id1484460319312119763751171"
                    NotOnOrAfter="2021-05-07T07:20:31.100Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:15:31.097Z" NotOnOrAfter="2021-05-07T07:20:31.097Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:15:28.650Z" SessionIndex="_9984fcd48b7c35d1b609e44f26d5bd67">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:15:31,112 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:15:31,112 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:15:31,112 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fab2b7792815187428a575436a01dc0f"
2021-05-07 07:15:31,112 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fab2b7792815187428a575436a01dc0f and Element was [saml2p:Response: null]
2021-05-07 07:15:31,112 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fab2b7792815187428a575436a01dc0f"
2021-05-07 07:15:31,112 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fab2b7792815187428a575436a01dc0f and Element was [saml2p:Response: null]
2021-05-07 07:15:31,114 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:15:31,114 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:15:31,114 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:15:31,115 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416&#x25;2Faln177a159h7Zf52X0g8'
2021-05-07 07:15:31,116 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_fab2b7792815187428a575436a01dc0f"
    InResponseTo="id1484460319312119763751171"
    IssueInstant="2021-05-07T07:15:31.097Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_fab2b7792815187428a575436a01dc0f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>6gQt/ha97zwiRd7sI1UWzcUJorykQ1tb7HUCkh5c/Rk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>S67MGJ9H21x3WL8zPpbdnWzXFmY0muE/SqUZHCp/HftgvwO7cDVPLjfZ7V6S+RkaAPkycBu4SoJ7sezPW2TXfPLYHjL2F/a53PO3Kn2YmhMCALkRR8Kyty96ByxokSP3/dnoZdRu/F5W0Tgr2NXA25RM9JxUGKnCX2UnxaZJ82jprQmT/ixvQZCXzMj6h3jQnnrfoNC84MKou+ILQ2MdlO2++rQhsrPABlmvkvYGw+HX+7tcKAB70RRolJRddwuapyg+SOWl3IaLCgM20caroF8QtZrZMKlfK6bFrqZpY3j6uDIqfsw4vinDIIIp7MwTqrQk620aE+yO4mPY62tl5w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_9985c6e4921003958d077a3c8488d14c"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_df5df4a8c65095e66bde1bfa780f70a8"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>X4iTP1CgTTeLjjH3Nl8RYwx/MMnpw23Ox/VAqZSv5j46Ci25bj6DV5JEfxR9b/4WNLKEW1MtgmaRXyXtBMSMWkT6q55+EUmbSQ/sJ6iHasRtribXdf9g0z5OeKccJNXjkQEk/n/d4CkAtaSDKV1f7N8/tbewCXiJDLfgJAiYQlpadvN7nyzCAYaTrh22RljQ7wqo1UsIDTgYmxEaO9DvtOuaFO6I28ThJmot/eASxCH8QdkO/IsUkGRLrQrz8pQsRzLtQd0H4J+dqVMEVtQ7LxbrLDly40DvOrfk6nhPrXemTrXmlXkeTm+nikpYZNKAE0gWxH0B+t1UpxWhuwRH+w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>cTggztMrLhxz+tgL4to3+iXLPNjrISxp/qzU7zfUNm/QfLHdQ1ocahO/rvVHXajNRJ3bfQgZnkYSRNBO66LB9i0vG9X7JDDQgdsoIxOyeGMuXMq8b10H0k5Xp/gvD/QTrbf/Q0OzN6/XNRIM/tWAZjJWj6XsjUuSvKPSzDb+lKTHGBjwejb2P4Y1u3N7p30vZM8+7S2Bnru+6GG5YW8ze9KLiGsX/Km4ZZGDGF/pBnr1byx3Ep1X8GyApLboQlgG56QNJy1GRFoA8nNSc9t1bBPzM/8TUi2IVRhyJi2F80XDwLr4AG5PEl5bSl1m19okKI1n496U1VjKIHZxz+WLH22xKYQnCC46ZqYPP3yRLpCCfdypll6R+tQpcuWSz/dvDxnT7naGM18Z/ut3QUGuOSWPoxJ0PfqXvrHwCkxWPnwsKk/8Isthdsim7GevAfv9/HGqD6mtMgW7qn7flSS3cUzXG32jIgrNQzIXQHsTTkxhFeTq28lW16BAWVdF/qGjv5k9SK5RHI5fZx3zmKvIsQPXFzXeDXmhFrUlPnmLg8iKDq2lhLzRhiZcLsgdcEbARPANHSbwb93jKQjfmFNTJObWnK13LQszk+wb4ojiFrek1hIWiOZodoO1fCaGBPdX7XUFIHirfnAV0ajImdY/FsjPIdEE71FXwTX4I/5jbl8QyzlCE4Ff010PizjgIkrShDl1L1w/9E8hhtgqze31JhMtoGQQ0yTQ4TEjgWvgeISMhcv3SHh/x9DI/AhaF7IxQdSJ+gdqRo4dDD3/XpueuQ/0m+x8bMpN5HN03bObHF/QOLjvOJmS+jhRh/w/vhrNrFH3gU42zogkg6XASDe7df1YWf8DDdFzK4vkeRj9xXrLiw1Sg1Sre1bYIoTy7gk+D57yq0QxIKoGuO+oloKBKM70eGM4tBjb5oGRZlM2ZOclGoBMAMX/6Py8s377GxxgjqpwDiWYvAVUGy7GVDUxKbkoyD6Z7L7pggkKNsXsKQrynEAQ5Q8g6T/uz5lthJta3tE8yxdBHBnKrVmkbi0085hgoMfJ43Tr/o7XmHEqhnWl+fgT5MDGZa0ugFQ/tVtUFqy9pco3z6LXwPSg4gbES2IwbUkwQZzhAywl29dUlhL+rF9+Nk4/QMw2zT3Tb1Tc6b5HA1/jbd7JC3oMKOBVcIOtQ2d0uLMDMHZ89SOwxReCIiF1OPh/PciOgRB/GYvyylMJE8enj0IAUoQxdu9t9COPQyy7+R+dqED5pzgIyo+FAsyXPbqcYDvEdJ9FJCLxIcD5ZTgzfymCoIOB1DWiUrTycXa4Q10ceiMBzWzhtbSvgw7r4eTuF9l1fE+p+czMpANSsF12ULV3z2rZK4lihMOVCHo8h0NNU4i5PsDsZ9ZKjUDZIrGUKvHmMn7UA3w/domYJyydHg9jt/+NLzhetKKM3wZVvN533U21W+Bb3XSxyXkxhPg4mF2IKDzlT3NkNyHRFVsvEFrTHFDfcJ780FZz/N8IfqP8E3BBjrlpOne/fTH4e4wFePx+s7mlzgnD77PO19p2Bghm43jUUMDYjlzv261Cg354ZHIWhPWB4iKx4Ta208IKdfT+0db7TUPsCNQ7z8EiM5zrFzhHo276KvG/SG2+7EKA5gEofqGiBHuk0dvIAdWY1Iw5xACCoQgWKVHh0lA/hBTPYBN8yZZDQ4VGPI5SBVzF2BeFnLuih0Gd9qVkjeeyJaowTXhhn1kGILM8EacX69AC2PBYlja8E7aGzojXsCdxuzkRvrzJf106Ssj5Ajl0RbNfYWbUWCjBb7IlSfbOcX7KIvFz22XqPHAFGOi2N+w0UX2YMAsJhIwuHmHAL89+TnzzwX2sF2ViDhg874k99UGBzF9Qg27Ez03Uwvwvr3miYN28LnLP+MRKWsNLVpBpyTH3gcmGbUU3Idg6Z43QZ7C4z+Pp4Wcvd0dVk+T4ACekJoTrVyV5lpTN6YmgyBzAJ8I6P6hFXlksysI6jNVEGImEDIj+Jpv5JCfpu3esTpdTW84etyxFKAS5k/Tsj1i2PkSMeZPBkXYK2eb/l3uepj/r0dskn5eDrG56KlTvfSvjqd0wr3rNqR3SZm4V/u8uzJB0Y/rVhLL0QAcKRyZrvqikYkySLpTNBIcTAEAR6MJ8o6Yf6ylOOcT4wxwJVCtszdqFl9rLDYD7dVyHgwkTiSaWRpANynnXJE3DiNbPN2sDF2JLeYmgInEUPXPdK7iuSWtZdszYke5AYJziCSJUsYzf2o3oD7EqGlBfCVE4/4qAZ4aEbwivH0w2ORCojpsKjPBuXbh1NRL2LN9xrF5dfvAIdxXJFDDIUhskmFG7iuau4mwXABypoHaEcn3WqgL3eA2aWQID40GHoBOxRsXHDnzjY41KOAnd5YESu2aDBcrunbgmiNJ7/ZYJnGbKoRRrqt4Hxi/+51x8iOEDKv1pKeLga3psXAlo4G+6AoAt0lsHjcJEqEfX09kIkvNwETUJsOAopcCO2dbK6znPgBfYiPE2vh3uoz5RvDHnlpmk/NEzobhAJnxcc1zCJfn4AJgReLmwh5tEpP9XC3E7EAqfFnR3rxTmc5Av7u8fQ304S2vDwbLp0WD2CtGPgxROiY1sP63zMykHpClHsHX3TpVx7ClxeJ2AuH5pcIfaJEDG4W01s9LVL43+eApG3bQckA+GEa+B7tHhTBRWgTv25iKhbU6b3zjfUOD+F35Nwt+p6oWl4jKlT4W5YGs4CqcNkPKGeb5qNYFVfHndvK27dKokReFr58fVCEh/XAtPcN50h1kmFmEnNGwFf2LSzlfImujc7UoZ6YhtvfIjGW564N40naEMuFmFb3ZzJuOxXtwj5nO0+cxT62DRAC6rXmcUZoNisfE9l6lUloGajkOM3uq4gFwgMxOLCDPuMYNlLzKUDmeUxI7SDMKLC4EfUedyxKWB6Iby31wV1mWd+iBtEt0A3hweMGY8+wwTwIgAw0EqQmsiWr1DL0FcUXdLT69htpZZFkXtpK/RYYHzjKbQGAu+NPQ3RUlgelZ7AZXUhMIw3xBl1N/9Rxnd/0n2nTJjI2pXKF4G3mjCehKeyW0KYJ5GCVcpDTObHY/drFFJy5U+R8jCP1lVM2xYkw3xgSesxfoYAeINnT1XMleo20DTJfRb+Oz4HLnEgpkBQhWsv6sB4MtFYAqpeZET3Y11KYg87E6cLSfYbEkS3jou6DyKETMPQv8/I1jqpH3XpTHjc5Ek+bm/xT0dE/qPyc7ywWWm2WUfOjqaZFwxb4WmjZhUL9m/mzEloGxWPymFoAboTdjO/PFjxTFLgfLcGJrrO51TGzHThziWbLm6+Xd6w5BcA+rfMzoedd/AKSxupuSaD7/m0BRg43A4dWKxYWnrTL7DgmF2DoqFZkm+q2CbE5W4cF0tJovhhtOyzV7kZ5YIf1qlXohYiNFqdQV7+w0GsrrEPWSIg6UI85paMcyuOTYE7z1rd7XeK6VdW1j94wSoObKhS9GsJhm6+rnez25/BKmXq4RW/GGcVzvYF7t+FdtoEzKp/AIFSW5m0xHPH6kIyn/8DUJePQUl0an0xTeMTWpmyOVFC2mZLu+HlM7kNeE0KiSJYvYub/0eYIG1KN7PnkZ/V+y+T+ateMdx0XI5EJvgoFnkYaP7vAhFvNtd3nxEPMiVaZnUQ+6DLTQPSDPZi1b68jvSVMfDedZOfE3eKkAinCLuKBgBG+IwW+TNLmva91y3SDMFDZU9sXQ5Uao7f671WxiVw5ehKdS7Srx0HkFvJTMGBNHhMLDtb6sLWSOgWbmvhqSeIkZk9Y5Nqh0zNNm7+voB40oxJXRnJtJ7tnYF+HwSEGE1oLRFgnLv2EmICjPCIQVA6cmH7pgRNo+clJpGNaCQVWIUYzcxQGsZUQj/lrFa7THy9hoV9GXgzgB5xwbC/iDsJQ7bMlDJ8b1ZKzzMt1/kWRIv3Bw25wz5L1B30fdISJ/cF6/28gMmtMWdHd6URAdrCdL+QuDsVoOrqgXNbsGiV4OzKohXQlB6xp0Fea+TiwnQBFeNLZG/wfBON3n1HbHKEg7sJexGfWk4jE9cT9ZxGgIgco6ZfUN5Q2EMDDGrIxok+HVVhh7tZV0lgpF4xy51mdrA9hVBwLKdkbuo3RtXkmM5WHWiAw/hI1JqOSgU+/MtXQ9KJyTeAQR/y9GkNBhZ9elqukstPyjTXYyk3kQRhEKHcc0f3iC2xXKorLBU38kSxyyJyjNwFrGk01klE00f0zHUuwfEfZ0yCUvI2DcWG+mGbgWgeyTPXDj444qCfbjtjeGOdROQnhL7ptYJdP38gE9XL1/4ZAp4yiIRfaun0kgJ+W8TNfZ73sMpKWpAT31kOypPzzaiu9mCVo7fDJTfxTW5VLTtsX0BMp+voi0LXe72I2E76VfWmPjdGk+BSfxSt7nq2i7H6j2uFDVAeSqJR7VRJPUBo5q6JrasmHjIMe+p+gCNddbJyWDgNc4x/4B8VfvkANxx+x/eDOnfzGvej8+OErBawnJdtgOf//+0Vh1Gcuhm4OnPT4k7oY8p01aghh6FB81oZgLYf5NQU54kq+wPFXdoe2IpO1j7N4ZWmVGbxWhemrsx8bP37I/RgcqmW7HD0dx25d4tMx43RP595+8CokTN8dgm3qUPgx5JTmyaeuMeBzVBHegvHKCwyJqqSlid3yvjzF4Qmo4n+5SQigVLn4OjaarjMyaFOF61ZFYpXIQSdcBbZ29WyuVk2KAb7/eH/7ls0owPLQtiJaZqXTyQSHEO3gIBivcGgsF8xFbsPdBRdOlELm8hahFnzgRHPRAdSBLdUZghtkx63NEE/ovTih8QyXqApVUqgFNITgZFnaTicXb7NsmpL3eKWeVFwt3EOQ9mA99AYr8zbg6ttmPsl8mbKWZZNL3FcrwRNqlUuPi3pNDcOcMQBSNM5wNJjg135VFCdax1veptYKmDF/lagGoyq3can0lDNQ+06F590mnzzcG5ZhVyckAdUDuq4oKYj0JEObnBZVNEA/LZCQKUkz2EivyfxpgDJ5j2TQ5/qaYt5FdnosowO5rK/NCjhD49RAi/2KxUB5B3IbnjNRaBHTPCgrq0tJz0WJZUpC/Q2KLHT/do0YRNKulVY+uon0bWE0sf2VKbvkwe/Dp21gRwlEpN1YzlU35EeTi8toaPNyZnprAWHnDZxxhtCyengpgYypJahpEztQWgCXqWYEBaS30aHXhgvkAOEW0B2GmGXex84d3afFn1aXBQa5o3undTSguIQFv7Z3PFvInmODPJ7qH+82Fkb9pV4QMPgu1v3lO4PB4e7o7rS4SMIFLLJ9D7K+279tA3I9UsQlvUQxyA8gZOURamymRTE5Ofq5AA1nWy83Ks0YqkRt4A/Hrh3VoKZF12zdS+50k+4ZnrcrIknVTvEvAhbiAvQL/Q327GP+4Xx3zCp7H73x8mEljxsp6cVxuRbhJBDlf+nQL/01yQXXC2gnqN10L82+OFzZpRQywNHdh0kUcIe/pAUyAjhlK1Lbn5wIsQQNH3Lxa7x6wrcTslY2eMafwExBzqNOdk7M1IGtSNGaiJg+mEGW7TYyIeMvXgntvY291m4EpmfShaaTKP76lH46m4QnzLYG0J/gpRp++Yj7kiUt2+juobL1vIf0Tx38AGrXt7mWeXlyXE1pSje5W/evszHwpl9RAv18XY34kEYOzSJllCWucqe5RzcCSsMHzGq3dnNVjAl2/DW3bAkK37jFWAi25yIAZwBVEODMqPrK5b7LFreivu8E10u+4ZMAVh+P893E/rgGtzIjh14WRAk2U0IkDQhXNhGnjmLZZtbPlMUglPyQvu5F+/9t5/hkd09BTQlGLdmYdv+b0BL+UaOlc1utK3aTwYzVxbPspgXTTNWgh4R2IXVkKSeKrLwxTiRewQst8TS8DetgU035mD147xwuxEr8XyWY6kY/SFIH96UXwS4XQdDyzpJaDToCy2jFfmSma5KZp988OacoWfV9QXBJWUR246e5HAEiwzg0T0mpLeTc7K+oxTkgvK3AV61Y/uvtbvUqEJb1AjRzRUhGi2+Mg5dRHuc28E2ulDZtCrALXl2hnKNvtsyBuotOeIoT5QpO6b/GjNyYKtZWH6j/L4mt/tFp2XkpuQVtaHZOaFHEZFQcFK2sKXFsnI2YOS7pagPD8IWNRC0vHaPakJUGxVSVXcd8CZGkHCccbksELIjuWrG3Q5frbefnrD79g86h1ltdheN4Ja1WIgkw2w7Ey7ZTa7UkHXUwGptt74w918kCiiXCkACrjkCE/TL+syz+ZVQ7oQSCPO2dLZm8mIWwc+w/mjuRGt1nCy487i0xvKy8BcNWb40pMA2SMfF4fPiFn2dlyTbiQViB0aOTjkX/jaZvER+xzYTDHy1gQFiiA/prRwx4bYGzrvlzCgO7BEBwQdhbRTUz2br71Nbz3zDbRWcpNfCmv9luyB0d+1jnnJoQs+WRcSN+SBluCIQfEEB2Gvo/GNYzpu/IYRHi/fqK+ZHvS/sMG0WzR5NoxZaXcRyqmLluUbG49LwL4eXSLZW4Wf+pQNsglOYr8wIcIYvBR2DW5LzaxWroJ8oBwDDDP8UxAlC6dscawqN/id65mbWx42R1wiz2cHDT4uMunb/6bWjwoDToeLCNNBp1tSozC9FrF5H4RD9KP8Gawl/SldF8Mn8aqc6AadvLCrd3l0pd97Vd5B/oP+HX8lVuHV+Lfs7qM/WBmM9SHmN8jXZ7bjlDSpt8nRvprmZsHRycdLX8kqFWjhMobY0kYrqUgr8P0qzsoM/tsq4JlAf5srBdHDnmL1YA1O+z0vRjwJ4QJhX6AuMNO9hoUlzJYQGVAQm44nO+AnTzQjUIDfExaxLl1ajAte/aq/4ML0iPbDb+zjkme06MoBYS3Rryc9KjraKDdW7YEp/Y1ghkkWYAYjqS1g7su3x57Dj9Y0K8kbxyZEnFWwh/9H6IimIYh8qJpp2mpLb4B6aAVUGPgQgZAS+TU9yMEXnIt6jwFGmy/HGW/Sh9CdiaM3wISO9CmzsaYnzIBuq+WVIXga8LxyFV5Pmo2dkRAF1BLlnh1K5p7kkDWfWwAY+vPmgkb3Rt6T+CgfYQAhaJeQbNh2wW7yaWZsE3OBaQ8/kKc7yL4WoOEnxNOOjOwlG6uIMn5TiBeASkpdBgz0r1/jiXlpaHHYOtHgF0e0zsnzLj6pf3a1GkjmzSdI5ddcwtsihIakY0QZ7aUTn1pokOdDISHWWgJZYqwWULww+CoYbg2ReAEVFqBpzHE8L/y1obgJKjPzpJmwPKMRdkrKYoLBLJmQzwNVEjEJNGMvrhcNXl8oc/3UZ2cW/xzAe51jrDiCRVKPlZj5Nt1HW7s+lokIeZT34nbwHZGG5fGv/cV/FUja5qH8zG3aRXfDmhTT9I16tAunItGmw08QD2+5JJZlyphhqBg7MBZ2HAq59LVVwo8WMCHMs18C1gk7mXixxz1HNG4K2VJY8l99hOXX8L+Dx5grJH4IM5f6POLffQNrAxKLB67idn+3EECesvXLOrN1X9AXhdfWr9v7H8OA8WHkSKMlDyL68vAAVZbv5RW8nK2j/b3S+WOIZMJOQdr/WErjAfwMqYSfsIP6wqqnTP/VSttZrJcJMz34MUD+9Nl1vb1wGp4vg8FBumg3wRCBTL3Mo6H4XuBqOHkYxYoLlBVRFNGMpuuUR8kHqn4PHvDBgrD2UaR+or2s2ibsbjyajW5oa7csJhboDJKNQx2gMpiDmFVg6y/5ox11ZaR9G+rAo7xa2VYtaDbaM5CwYbQW7rD4XNs6zNPPdnf4wSZjgHyw+HbsbywkRHHC8b0WftwSKbsgH2uw5R1nfVPp9IC/jtYnAOarHB5snZkEB+DQNSaGvubtf2EZjnoWLmEmhKl8xO+RLGHDedlfp+VBsEJGYiJj+xg0QABr76qLYYNfX+KM8h1PlNdZm8zP8NyIrw0tU5lIgCcAvO2mvviJzFZhabBuL9/LGl0yOK2LsuVTh0AHfLXC5qhL1H7dUlWeaKrtU3Z9HlWAR4zIgfz26b2gp1Ymnm4a/6pgT15RU0j0yF8fpdhdRR6KyLLOdblsbvO0V+N8pW3kSElKS6Jt5fN5YOYhxtnJMPfbHZFnUeMcyToS5oum5GymA+XGqHzWDbu+Yr/9QwsyhcPxm3cuRNSfDX01Yvr4um5xhRz8p2TvYdl9vqLM1A/BaLyTuMlhY33/9pnen9cKcikXONVKhRyqm+S77tak17rcMIiyDsIGuVlyfDCgZzwRYNIipwnEGpwreFVrL/pntyjB0Y7DDgx/i3UZMFetwJjJ8nvFt2yttny6Rwf45BxTW9zQcHvXNXqQ/sI57B0uStilspkX2qPJHf3YqU2FZmDr7NbIee/qytwUbEpcc7UuEqnk57PsA/esRWlJXemcYVcJWoh5uHYM2++mB6VA48zYVphNT+n/MMtjDvk20f7p3Ybh</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:15:31,116 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:15:31,116 - INFO [Shibboleth-Audit.SSO:?] - 20210507T071531Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id1484460319312119763751171|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_fab2b7792815187428a575436a01dc0f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx80Fdwo9HxsYdGb7wO94MsHg7pfH40sZ0NPoeI9DVb5JaLoxdWgyKfgPnFvfZBH65omgOiLwjUyTm5lB7x1sw48FFfSRJIeaJp/czQbn5fAY+ZTIgFpcHTkTzugPj3cDUFyQWb1zlHfiSNrmqk0T9wPCoSUdBkgnRvHWHXvfjvSg23Q==|_db143bec1c25497d6ae56f686d48a263|
2021-05-07 07:16:09,074 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8
2021-05-07 07:16:09,074 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:16:09,075 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:16:09,075 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id14823608521197431555001767"
    IssueInstant="2021-05-07T07:16:08.693Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id14823608521197431555001767">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>Zif9J+04sT3+W0jlI4YEeq+PuI8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>EbSoa5LfrBuOdTKiGmClqFydaIpxuoMJe8fCklTAqsJKksUmZ36I+WuA2pLLdjsczeUrsOmyB1k7df6crFTOuHkhULVxX5O3ic8QIqqkPMMAym83HOduEsd5m09DnrFkuoB04IWjeDC7WXZoqeJ5p4thtnk9acdIiHPbigm9wu771P5GcWiLmZH0cMHG1/e2ZoCOkGTurMJlA3t0UgrKGTIig3OCbYZFznlCMKcI+EZ7+8L1XHGdulAjHkIQ8YY46QVhfM4ThzKoYaOeTvgJ3Yb2QhS5AbiTEqSEDdyKkWt9ZKgquhkTVtMvjzUVkwQbV8/YNbBjQqoPmt0WHtMqXw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:16:09,081 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' from origin source
2021-05-07 07:16:09,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:16:09,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:16:09,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:16:09,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:16:09,081 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:16:09,081 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:16:09,081 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:16:09,081 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:09,081 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id14823608521197431555001767', issue instant '2021-05-07T07:16:08.693Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:16:09,082 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:16:09,082 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:16:09,082 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:16:09,082 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:16:09,082 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:16:09,082 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:16:09,083 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:16:09,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id14823608521197431555001767"
2021-05-07 07:16:09,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id14823608521197431555001767 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:16:09,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id14823608521197431555001767"
2021-05-07 07:16:09,083 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id14823608521197431555001767 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:16:09,083 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id14823608521197431555001767"
2021-05-07 07:16:09,083 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:16:09,083 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:16:09,083 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:09,083 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:16:09,083 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:16:09,083 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:16:09,083 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:16:09,083 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:09,083 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:16:09,083 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:16:09,083 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:16:09,083 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:16:09,083 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:16:09,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:16:09,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:16:09,084 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:16:09,084 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:16:09,084 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:16:09,084 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:16:09,084 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:16:09,084 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:16:09,084 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:09,084 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:16:09,084 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:16:09,084 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:16:09,084 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:16:09,088 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:16:09,088 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:16:09.088Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:16:09,088 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:16:09,089 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:16:09,089 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:09,089 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4 to 2021-05-07T08:16:09.089Z
2021-05-07 07:16:09,089 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:09,089 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-05-07 07:16:09,089 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:16:09,089 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:16:09,090 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:09,090 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:16:09,090 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-05-07 07:16:09,090 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-05-07 07:16:09,090 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:16:09,090 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:09,090 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:16:09,091 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:09,092 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:16:09,092 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1a63d28e'
2021-05-07 07:16:09,092 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:16:09,092 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:16:09,092 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@883fd84' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:16:09,092 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1651907731097' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-05-07 07:16:09,093 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:16:09,093 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:16:09,093 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:16:09,093 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:16:09,093 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-05-07 07:16:09,093 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1a63d28e'
2021-05-07 07:16:09,093 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:09,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:16:09,094 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:16:09,095 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _86e10af8a3b299c0ef8b6bac0dce576d
2021-05-07 07:16:09,095 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _86e10af8a3b299c0ef8b6bac0dce576d to Response _00cfbb04dcfdb96d76ae2cdc61120eb6
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _86e10af8a3b299c0ef8b6bac0dce576d
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:16:09,095 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:16:09,096 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:16:09,096 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:16:09,096 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:16:09,097 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:16:09,097 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxJJ4JA+Lf51GX9hpYNcgSjKdX4SoIirgHP9ycNGkypzvLaaAFYdYEpk+UWDQAmrxnjzjP1JbOyeVtwqanNHqLFaij1bqdbg6PIXVV9VA0r5clNgIEcsFZmdCEFU/zIKyRfCPxnnrCw2lwcMmqhBxrnAjGmYD4oeaJ3p9b0rZVDpChd8A= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id14823608521197431555001767
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:16:09,097 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _86e10af8a3b299c0ef8b6bac0dce576d
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _86e10af8a3b299c0ef8b6bac0dce576d did not already contain Conditions, one was added
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:21:09.093Z, to Assertion _86e10af8a3b299c0ef8b6bac0dce576d
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _86e10af8a3b299c0ef8b6bac0dce576d already contained Conditions, nothing was done
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _86e10af8a3b299c0ef8b6bac0dce576d already contained Conditions, nothing was done
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:16:09,098 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _86e10af8a3b299c0ef8b6bac0dce576d
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4: replaced old SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQx80Fdwo9HxsYdGb7wO94MsHg7pfH40sZ0NPoeI9DVb5JaLoxdWgyKfgPnFvfZBH65omgOiLwjUyTm5lB7x1sw48FFfSRJIeaJp/czQbn5fAY+ZTIgFpcHTkTzugPj3cDUFyQWb1zlHfiSNrmqk0T9wPCoSUdBkgnRvHWHXvfjvSg23Q==
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxJJ4JA+Lf51GX9hpYNcgSjKdX4SoIirgHP9ycNGkypzvLaaAFYdYEpk+UWDQAmrxnjzjP1JbOyeVtwqanNHqLFaij1bqdbg6PIXVV9VA0r5clNgIEcsFZmdCEFU/zIKyRfCPxnnrCw2lwcMmqhBxrnAjGmYD4oeaJ3p9b0rZVDpChd8A=
2021-05-07 07:16:09,099 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl was replaced
2021-05-07 07:16:09,099 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:16:09,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:16:09,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_86e10af8a3b299c0ef8b6bac0dce576d"
2021-05-07 07:16:09,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _86e10af8a3b299c0ef8b6bac0dce576d and Element was [saml2:Assertion: null]
2021-05-07 07:16:09,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_86e10af8a3b299c0ef8b6bac0dce576d"
2021-05-07 07:16:09,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _86e10af8a3b299c0ef8b6bac0dce576d and Element was [saml2:Assertion: null]
2021-05-07 07:16:09,102 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_00cfbb04dcfdb96d76ae2cdc61120eb6"
    InResponseTo="id14823608521197431555001767"
    IssueInstant="2021-05-07T07:16:09.093Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_86e10af8a3b299c0ef8b6bac0dce576d"
        IssueInstant="2021-05-07T07:16:09.093Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_86e10af8a3b299c0ef8b6bac0dce576d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>Wox8smO5HigAhdYRSRDn4fRnvN7u3LZFOooNZtuDrQ8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>b/XHikYmVsRPnoH6WoAzzPoKadJWoz7esqbwZQu+XfXebrz6fVC58AJxpiv8uK1Dao3sZZU+tSdYBxZcwci/+7otspY0bnywibL+2DuehN/nw3rlp/dZGrMVDigGU0z42L5BAEoogY7iSpPvxAvE33FlahZX+aJyr/GIEtm/OnIvRKTevrxzjHC5hIYEYIivWb6tPFDvJdeJFzawDqP7vtEiFD2Ty1IWDLGlshSiB3re6sdqP3+Zm4ZIqRED+X1AlH9sMrd6Z5N/Dj6wK+xBND2LLfpzwMzIuCCzzn1vUCzV8gtZH0IlWYfY9VqkY3E/d1WXGpjJsPDzKdiuCkcLFg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxJJ4JA+Lf51GX9hpYNcgSjKdX4SoIirgHP9ycNGkypzvLaaAFYdYEpk+UWDQAmrxnjzjP1JbOyeVtwqanNHqLFaij1bqdbg6PIXVV9VA0r5clNgIEcsFZmdCEFU/zIKyRfCPxnnrCw2lwcMmqhBxrnAjGmYD4oeaJ3p9b0rZVDpChd8A=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id14823608521197431555001767"
                    NotOnOrAfter="2021-05-07T07:21:09.097Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:16:09.093Z" NotOnOrAfter="2021-05-07T07:21:09.093Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:15:28.650Z" SessionIndex="_fbad3a57fb94405a993bc3f2aa965716">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:16:09,104 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:16:09,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:16:09,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_00cfbb04dcfdb96d76ae2cdc61120eb6"
2021-05-07 07:16:09,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _00cfbb04dcfdb96d76ae2cdc61120eb6 and Element was [saml2p:Response: null]
2021-05-07 07:16:09,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_00cfbb04dcfdb96d76ae2cdc61120eb6"
2021-05-07 07:16:09,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _00cfbb04dcfdb96d76ae2cdc61120eb6 and Element was [saml2p:Response: null]
2021-05-07 07:16:09,106 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:16:09,106 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:16:09,106 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:16:09,106 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416&#x25;2Faln177a159h7Zf52X0g8'
2021-05-07 07:16:09,107 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_00cfbb04dcfdb96d76ae2cdc61120eb6"
    InResponseTo="id14823608521197431555001767"
    IssueInstant="2021-05-07T07:16:09.093Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_00cfbb04dcfdb96d76ae2cdc61120eb6">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>pGuZE1INMiuPJIJRDBcSL822aYuaCeOYUnV1QF34Yvw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>E9on75DJaWE4QrOUnO/9VkxOfeTjRfoUGpuqonrC+MkP4vTwyMqXKeoRh0MQ/fITawSa3nBWUhU4IxA4HhzIPjrcvdS4YQVfOV4ypIDRZyIALpajXvtqr5kiZWcnUeUaT7SFHjIUELMJ3sJ5M/T5AzHEq5JYzYFYfwfR85KGJfOndZQahHuvEogdLryIw4DjX/FVF1wUBKnI9zpM4yox/ibemdeyfXbWdVABbEppKAfekvX5fW1fs7Bb8o0o29Y+08g0uMGrqilJj1enwXEWM3m+KuxadklMoBQJFR2zYePazgh+GCxyR4SA/RwHh7INwiTn2uMeRpM//gFxAcgLKA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_083740c53f7066852867ac16b4996e6d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_da286686440fde62b387a58053caa22d"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>enMxfsOVXR9K6Ubd+tFy+5UQFKWYqYD65NoB2apvWBWS/050Kmhne6yodrNLsSzUYiBvSqBHKzmoMt7hg7ml24Pg0fPF1KriRfs2n+MwxTqPSDILkR9cxIwsJuEsQ4Egl9TX4VFiYD4A0eI5RiRGpszMG2k4dxV0jEOulRDYj+UthTNyFMricxE/QhuqaS84/nBXCxM5/ATaBQb0Jlv6m7wDaSq7GpF21sYQDMNiTeL1XpcXXziaN/x0uH597k0/4/cifsrgGj26kcqki/KjpA0kS7IDwEBctg9LMAkHKirIFEdLRmHFFEN5QFv2TOo6iGYP3zFPL5oJc0BolSW2iw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>BpUxfPjD4Er1NjmL4mCMSywN90/hJscjGDD5FMyYQouZdcKZiFoxLZNshPNr4NRKZY8OW/faxgKum6uWC47cQ5vVeqxAk8/5fJ9tZ5cke5bsHorKz+igfRsxdHz29HO1TXd1MNTXR+6kGO9WFQa52eW7k/+PkG2J4XybmrKKBMyW+LqHRELTYtrvGzvamxi801xYyg5r3LYAxNaIH8NV8Q+4AT1pqcZohLa6SMOnv22XcFIBGM3/AMINyfEWWho2O7miuovWyHum3QEvAOVu2h8NzTJf6zWEzhBGMHupS+deYnMQmgxSEDUbAQe2xFR1LdtqMVyQIWaMZ80DjtNFvCKhQdTu+sMjwbSv2To3EyB0+4JUWl/A0zDB3ad+wTGgISdbytCJVt/cpCkFZVZCsIw6ki02lYRNhNH/VxXJ3gXq5fY0WGLH4Hg/8dZXJVgYRrjEFv9Ix77PcJ4IBreaAKrKBNvPWU4Llf5Zizty/tDWxrpgUUJHMxCnYAK3cLQke+rhPZqKHdXserBSDrBttQlMBKMWpdEqY2kFtQK9602f08NWZpazS8ztxfkpIcPKL6eN0jY5fa+7OXjZBzEGw2va/zIB9bgnbAInG37TENj4r6NpmnnaMMU/okHaUUJmnR4xRf/0R0GNAhHP66CtktuzOsFKGVTMt/e5T/P01sn3rkiS2Scy1vBbMrg9N9Kod3Yv4q0WKDaBzy+xDlSXORkCdDr6IApRZk8HvN5jAxUxqlV72rdeG+pqySLjd2iSFZchaA2F9V12xkLFiCj/mNMrybLg20e/kjEfUsNQedjUunBYbdGyPq0i5fEDF0FVKRszJbnkEuBNB61IdTMaipIAFG1wMffZgobPLkNBY+9OUtvE4jy0L4GB48rVcLohhCsneW5jYnlc1lTiP8rb/vB5+qwFklMknlgClA6YIVqGgFnsaFlqfhZN2N8Jy7kYFt68WUuKJfsUii5Hb+YnQFa91FCQYdh6h7zT5KCt7AJW9TKrASXSpvFxMOretqj+VjnJWZ4bGRGTuWp8Qgp9s87reDPhdAtYm0ghfDTdFh056e/zD+aWMJT6F9B1iWZNh6S7EfkLOJUuNno4ze3F9vXhfkRDx9u6Ie9KSXu3B1nJoeWmnacjyu/fXEMPlZ4QrJbLAAdB+0skguyvD+OB7oK91G9v62lGdWvFOrB5rmBbtVRpKwjA0ypjx8TnKMrMLeTbY3AwdeIMczMNm30sBWrXnjWM7XvmU1A0Kk4sxMZE5wMv36/hjqYxj+7iaPpEFdtxPFNqzVjVCltoyoP54Q34eGoLG0MUKexEhZMoMSKiwe154iT18bVw/KEdLbCzCkCAgOQ/oSy638CDgLKAyvU+Hy7VWlefuPjbNvvgsE09rtaIsExkagj1+wlwpPQJ2tq1Own8qC6Lbts+d0C4Pyn6r6GhZiQ61+UyRjIgi4jZA12pdZx6Qlr73CDTKvQaQG+45USrTtdc6q7bL/sSQo7SDdRaz6C4uuYXucnhpp9F5mMy0Tnyk7DBMgbjaesB69GmwUIq2DR+aCsGe2raFQKIDIhRHO1svF+vqvvHMlVCQaoAyNItao8MupLqvvOfKqEnSZFHgUi/dmrIbakm+gqajuN+Nm51X6TAwMEtkcSjuOHqf/Hu4VSLK4V0Os2baU0bCDxq8oP+sj9aSaBXdKvDyjA7AurnjhGlwvRoxvd1GyYkLTvOAguQC4Oyzq2CqnCI5H76/20Z1asPlZWCUnUA33UmAwbMzByJMZP72WPI7Q36ytdwG59Rn4dInjRqYApqh4jjhIaj0r1hUpWfRh0mks/jH7M5xs4IjNBEteBLK/60lS0JWhC/lPFpX32TM4kRW7goAaenZnJDA6yk4FIEXTU1pdfbqBrePc6iOGYV7ObOzyCBUqFWGBYTs5YV8cTiOIh7hWxVB1F0BtVEfLhMnIotOQJSzmHpvh0D1qQEZA6LWQWOrSwJnsik+G3lDwhmCq0gCblIWcwhR/YMumjAbTAXCv8qbRki5wR1Ozie7ZFx3hbjVqSjZGabrOnEXoAdHrWer/EI59xk0+PDHN8+ORvhGgM1PESphO/pByZIkS4B7ImG7VugYFUj027ySeo4N1t1oHlSgej8A0KA5v1VLeH/nxfKzc7a/liWA6HPasCpOghae/u3AM9VuiWpj0P/7uMXj4d+z3Cf+ZftZ+G36JpPrjEE3hHglrJboayjvIYNJlyf8R96mSpnPYszKky7SKY9okh3F2PZr9EbrP0slN66BEmN17TH836dY0b3n2ddMG5fk1QW36vFHpXP6MKN4AhksrzM0zJWnOkQlAyEQDGmmFUrmYG11mnhJ9xhOrbo5uBu1YKfARG7RDkip0FhsHiF/1/eM2IpgKtdfedGUe4Y2H0nJCsj+t4uU+EyMREG+rdfliCbqWb2q/TqOVCTDcgcCJIm81s10zDuINC+8pS4rdZh7JyOugKpCtUSlatOTTWXrXZPpUtBe2pHsWtRAEm6J16GP8q/9I1flcStgEifkzTb9e24HPZNjHynkUCCe4O5aeHyWweedmeIdvVDwheXETD9em5XgPOrgJxplpHBuL4zAry4T5mjwlFVlqaLBPJH60DTY/JgtZO5vmDtdb+23n6lvpTrFGCUVaXT69+iIZ8KvdFbY4mh4tN2HVzLzYLZ527XuMygQJMTML+qXTeE7eFxvgq+eTIkAYaW01H+UgKDtCkyNeaCMgvDCLLdGAOl/lmhRgZfy9brsH7lpYEFU8MYKxDCIIrEyYrXXbEJkAsXrOtN/AzBgTYfD0pgB5ek3pIlp5y6iJf18Jy21T3mYa7sJKoegK/PFmvO62jKpJRZip4RKJuPPm6D1xqIU+sIuIudGv0GyA/itSiWxl6v7bftm6jhuG2IYROdjQpUtgCjetq9BzTPOiH8LwRSREA2nWIATcPN5y8OMRem3+JiWT/vWWbb09W86zI+ct1Tn9yuy+LuCh0L7Xae7+dcGz4PXOTgVEysmuclFHenvpnea+rdkPIL2aG0xnVfAWzNU8Zh6OXKXilVUv1dAlVEDD+ouQaPVyQ3nD6ECjFvvs7eqIkIwSn/ioz1zfO4VHP9/O540HzJVhK+rldKCXRCvjXnOTS3QjaQ7G26x2nXRQPdh3sEjOQhQ1qC3zHGM7pWZkJc64cMfQTan3IV4y35CeY+qA2RlXK5q4ZVNRwSjZ2ALwVsfX6ZNPIhmCRvcrEfLTQXG6KJNDFtxSbDRLol/IrOvthVImltcwjhb8KkD+fKz84UvCKqUKt2O0RMiii9ERUWpR/7ZMBoQYMOdhbtI4XduxRBYqEqAEB+5XfuXJDbtycEL+u2SbCS+3ATK0wUYw0dpiLFMNGCHaFDVhE7+0KdzlnKU3ApmiXx2ckjAWz3uyEkL9shkH5FjWmMQ7IuSDkWTdBTJghPQZH0vIJOOIuvn7bSmsidwPemcXH2Fzeth8HcIhpH08gbo0KeVZszcc95XmGN8vwI6NleFK+3UOL76RLQ5NxYJMmW4h2UdiQw3AZA23YmrE1cjQj203oLd/RD+Y3fjsynjkVJZJj7yPCZBDGxu4mFp5lIBNCf/JELxgZu9vsWJUYj2uG3wLv+hP/9XFqKeWlmj/iMi5A4D+ZdthLOYGGkTooGEQlVN8MH0N9qBQePmnlR4G68cCFAeUUkk0dogFEygT3eeGw91OW/ugIoc16aAku8rzmTPETzvO66KTbgZN8fpMzNRDrRqKHVjyPCqCOGsLH7h8OHZNfgPNCz1z7mFOROUBF9neqC5YepeL1Nr+UWTyN+AtkVu/89Wn6Nw/gFZ3Ct5tzpzBBOX1CWoRrvBwdELC4LlW7mP9MNBwKWNbbekM09xLuf/7ChGv37FXfu/NKWAQr1ZK0o3R2zPk9j+Nai0Vu7twk7zk6BTej0UBIU7/qdWzg8j+/pNf9SAPq8aeTMMT5fVnk02iiHtxeFridjlXIFl/LFrO0xztGB2lLoUuLrHlBKfzdMEA0MMNsofMJMvpV+8N4boME9ACkrtAWLX2TPLXlijV6EeJXsJVibgu90n1htlXqm4CkwJ/2RcAp3f3QMODhn1voWJKpgjMaofLPqzlbW1AraFahLQZVD52L/r8a69EAKcULlCWkgZ94/lXkK7m7F9ibUvzWSOedhI2JwpYIjG+23ITGuC7c0/rbZM4U5WEY7jcNkksrQsUk0MuBsdM816gYvVQS8XjsR7ZN4Wqr9g+cxB/dWYj/y8mRnsZujRRMmSoL/DntJ49p+6J2BssSnzPtFmuCpyb2VFDYqkoVIJJqC1+GkRvWWwkrYFvzq0XyYRuJkYeEu4j4eCnzWr7Uw2P2L6s7KO8lKOZWQsWuwP4DdTHsNse8DmHg8GSn1h7DvcJvWCdrLIVtbZga7i+410n9Q/8SMdpWW7MO6e6tdCJnSwLpeU32WrqaZnNDFEpTPh6Yvl9/qJsOtJcPS3AkzY2BR9FzxRnrwZiYwDxIgampjgq349spAPsx0LoFG/RZdJmJ+XbDdtVZmbeVj/7rZktJGzQx0ls6uJXbUfMiON2NOiIASJD8w0l08BW/xKzK4QZnm+6mBVPTTVJcJlq8NvSUut5/Pe+SxsLTaNOkML0m2wDFARR5MHhtXU0lGHxC2taP7hwcaVIHWeQpMLD0nSjokRf9T7YpTYrVfuH7yVAYZFIjWyCw4i0BvS4eE90pXMMXYT/xyhpjqgIbYcz/OcQM4cWbn7Yg30525LUDVeNll0wKO7QWjJmsXY5A8Ue6bZtP9q1AC6dQVfQE9PKyUURsdRAXgdyt1OmmDfeYnc6EFu+YgQdLeNe4232Wso14jqnsCZHm/BLZbLWGQyzTsgzGbDwXkdvMtkGESeKpq6Dozli0K9w6QDDtFnrQb7Zu+Wx/aD4eP3nwEd+McTp1DNS67VggkJFR2ARmfRxYQybdsPUsRgoVSLZJOq1QdFtmBLmSUaztg5hD8yD+RASztxAhHqFkGDGYfJOeAetjhgxSbsltCJOyuEjnlPI5AYEJIPUslFX/ezmB1qTJ13k0s8LlROfKCis34VaSnsAl9DkH00v+6XxlI15zeTa72FZK3M/RYIX79y8q+zGUpanErGVgjntaVxkj1y1xY85NdylKcK+n+ftHCleoGIDc+OZ13b/AaMvppwOkQ3Wqdc3C6TSfhdE8cR1lW2qrSwdw9MB4NF9pJRiygMJIki3BnvpSgHjV5wt784wOMQmKsHGZZilR2CzkyjOWoYr0+VfWmJEGopJrEtgLsozsCx+C4W/BEtDZEoygkuy+tTwoASA8JhIh5DCxM4pkOS78OtFVFG2dp/QTl+TYbv4V3XctAfVEeLPYXgZ8M6i2+FpPrxqGjGtLb9PwW1g6JlyMLdbj1az+FWxeTO4lHvS3osV+FdnLD5vJsSfJcIB9Ob9YQCuURXeoJWun2tc+Y3W7lFs8SAUNCMFx+BVCDbZP0NDbelBjfM8Qpcq/U775jjgpioEkO24dNFQmJ1EjHxBiYwdFAFv8oZVgMekK0GhTyiN2GoSFXb6hvP97nasL6/dHuobxiQn0U3Qx5S0VRvHTFHTDiKVhw3/udkdMwiMIwAkQ73qNr/3qJIe8Xt3p4B5RXvKC5bHC8t9OCG2mg8mW0Ya5snQbk8CcoxQ8KTz2lPd8/A4t8HqJbFdtcUchm5GIhJIak2jfGy9cNd+xFA4+kthJvBGVm6rKwLuc+W/LLWck3dgk4PNUlgQm2iVDDDFQG9UV6mN47kcSEmi5TC4vwL4E1/14mCvJwaH16SSajX2RBdkgGM3WkMIrv0wfJdhyW8PI/VLd5LngLwc2y10cgWD0u4udT2HuZvn75AV81slRPIHASJnjzL4sjTcu5Nm27XS/Ugslo8Epp2G5hRUW2aJ8zCE6+5wzFGkPhkPYpdCcJkfKKmOiRAmHxdL8YeDEpwdeHZsECF6ThQcC0yBJ3IGS//2/NyTZpgWJ4hmzaMjGr7v3xtA/Sl+oE+ZtTR2Ch1nNW6rIU3b00fsvCzNW5IRLwM2RMTg7fxuaV+5k8aegCpwybCQWeyZw2VsRLaoRyDbV+hkQWoSqbyae4d4HMljw3Oax8bgba6s5oc9DRiDe+rIlnE12yfEmCxLB1fBFj062/LozDKRJLPVZ7FOKqWGpxjmduTLaXmXEhl8a5seOcAt6BCLkKZdnJcUz9KzddHAxCEQZPC/ZFJXIbouMzcm7gxwd4zqsMhcmokULQDGz4I8CMxmd+l8nFkBdacZx6vbMUaJ5VvwYaRdnYmDV7MYnSgjqCHo2wTpR5SFsP98/1Wq8CBKVtht6uyCCsb2Xy5+QIoGGxnRxY4pjbqerVZUptQRLT/JpyTDWpDi0TOtpFntYTYlLGXIDVOoQQTyMSdRyvdbvS3Q46qOizyn5kf3NSlJELOPf2L9Rdf1XKsKwzLTx7BX6+cIEkjaLbqCMwcn1Ww+wDC5P3NIhbPq8comlQ5XgdEsUEpQkpqMklsL5LbB+tDefkeFIK7b1QhiDQG5ZZSdGZhoS+QvPWHfUIXrGbcNZZT5mD2RI3xKgQA3tNkPjz2OPoj4i5A47yCT0iHTapLf4xv/FtqIL2lbUPwXHuS+59SZSaeGpSSHgZEPnuWRI7Ncfqpqjq76IJP2VOKHbgiYKdOx8fIUirmob+vhJ/uzDCOzIPxXKzUEq6JVvu/Sy3BcdyUWSgO2cnk4em+F0HUTFwNvTrN+Q/lvnM5kCSmpS+byQDcCia3DqCxt+CvHjVTfQhgru0xawtYPTNUds9qQeiIPCJU5/MeBvboAI1YTG7yJv88Vi5zTNOI9um0Vj9DmOBL59+CTBB0oYdIzm2SwwwsP6kvOrgPsWjNEBIJd7ebuYxqraWRp7gnChsxJe44sMEExwLwiby48dD01wEx75+crwE62kjw/t6TRnPIZPMOMgjkqYxgQH/Ss7X/DLTMTowrRkLb0qKzra1Un4KSc+b7zyoi5pEqEi6VMpMeHbzNGSYXMGyGNEfkR/TldoaifH51dBEEItXQjdP83wHpciCrg6uEtrHWzwp4RtdSaV1xTZP6yhNUlBf64J/7/AsMW5Sy7QPCS0qj83c+SqORqsED5yjilG57bbVVYaz9uq8RaiLsJzj55ZGgwd/f+h6SIdYMRxMbZcNKrQJ+a6QuOl/WUCQVrVhls+krGILpbQA7AGKHwI8iPfFrSSsfcR3FN1zq2mLqGXc8/dQ7fbzUbudKti9N/rxbd9yBs8bJJN+xQFHzccEjU/AdVcI7Ki3hAmyAyUQQoBVu5BrVP8qU1wUm1INEyDAx8FKf3LEmLhC+uBhngXt2rRHUvSuaoEcSa0/sKW2tp71iSqZjeteIoihtEwvYVZHgMhZn8kr2O2+MShc8zFpNXcgDxubiCXRkZmaA2SCLwuY5ovYghUtvltibRq6v5uVWM92fF6QrZGykzWVSGr4beq5AN3DEfixDb56XMEhmDAbzBzH78MJProoBVO7qOTlYo72efHnIWaNP9xDoJbmdi15DqBX1h6x6qICBYZYpt7ECJNIeJ+8nGCOSme/U1icoZ0IuJLjWzqa0osPBoRoXu/JqNsxy5mWaT74B0yLWWLptXPG9AxLJDTLD6j/Hwm07+jU0JYdqX2N2POScguQG8nnuyi8Hsp23L7q97o8WC0FAWu2kW/TU+PBTVjNx2eP3fhXsqsXlpKXZrCHL7jrq09fXPOmdT42z5W0Bw5vV31jPjBLrKPyd7dOW2riSFOB9upIdLY7oXBb0ge+OWH3Oa53qukU29iRhtRfVD+cHDuaSWKmASmnKoaibUdSAfXpWJdey3/oFiMMUwNNRZYKoG5ZM3DVESShF3gmyrODk+a+6RPW1S5kpNCaZ0/FKzWfXi6gHnP7Zjv5SAIxMhGRscopsSjqHhbNYlwi2rdViw9z6whuNcepb5R+ksZlrlHckNpnGwkzSU2wy+/KUGJm4wQGDv65OQwRRGpH1hB6trIqHG5o2l9CdHyGB/2md5kCMsYegn09sgjbaTapxoctle2cDjKm0fDZ9Id/KmYvQlGm/JO8nsi3qO3h/45QTz4SgbObsIy7AqYwmgAPmPhKevWI9A+xS1PCqV49M3VVUnWGx2ICZTNJcGn9rQrK2Px7T8U+y0ZkTS0WRLoPrZqzhdLvrAjRPVMHulMu3qKn/qJQI9nH2nQMXcDts6TLZDPB1+9e4jz/uuzzELAHfvOy7igg3rYDnhvRynwhzub9y49dSH+W8hBmhYyvbRXWEcuHouTFAXhDHsqobLl3G4DdFOLIbs5E/iw1KAdPY94gyZes6+KlYFZL/T+Cnein7Z+sQyZsNdhMTuxAwJmFUNWWNQap+NGPm4gTcLCTkflybOfo1FjSgrsemV0vVlTVGyJbXrFGV0pfzlaxh+vdGGogr+YV1wEpzoMEzSxxN7by9coDqytz8VjhChoIhjOKXlCQ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:16:09,107 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:16:09,108 - INFO [Shibboleth-Audit.SSO:?] - 20210507T071609Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id14823608521197431555001767|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_00cfbb04dcfdb96d76ae2cdc61120eb6|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxJJ4JA+Lf51GX9hpYNcgSjKdX4SoIirgHP9ycNGkypzvLaaAFYdYEpk+UWDQAmrxnjzjP1JbOyeVtwqanNHqLFaij1bqdbg6PIXVV9VA0r5clNgIEcsFZmdCEFU/zIKyRfCPxnnrCw2lwcMmqhBxrnAjGmYD4oeaJ3p9b0rZVDpChd8A=|_86e10af8a3b299c0ef8b6bac0dce576d|
2021-05-07 07:16:32,427 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8
2021-05-07 07:16:32,427 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:16:32,427 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:16:32,428 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id1480318443402748311719535"
    IssueInstant="2021-05-07T07:16:32.223Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id1480318443402748311719535">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>IC67Am3fO5b1PDCD8ufNSTR4uzI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>WCQ+QjqYAcfUz9bA3638rMLVlRjtMkIySwgytZ8F00JPWP6XDKz3igKylA9yr8JoYHSmoQz/If73pwENGhGmdtzhdLo8JUEnZx3bKLgQo4wOTbKSZNGVgDhUvC4QMQIpPRaVShPlMl2UH/9s+qXkNpD4ZkcwR8R0txXkVSQePk4SxseX4jXyANOwP5VWZVtbWV1dWivL3Bv3wI6/zv3/0GZnD3mFBtf51IfPGXDY5MvwaviRoAoVrNFix8oNLCOi6GBuU3QOivvurfo+nt7NW7YAYWM/uch1QLpH5BjtZcWTnnA+mPqqMIoMYJu9uo9aiXV9WeDlUeIU21Eh7mPhFQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:16:32,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:16:32,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:16:32,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:16:32,433 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:16:32,433 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:16:32,433 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:16:32,433 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:16:32,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:32,434 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id1480318443402748311719535', issue instant '2021-05-07T07:16:32.223Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:16:32,434 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1480318443402748311719535"
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1480318443402748311719535 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1480318443402748311719535"
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1480318443402748311719535 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id1480318443402748311719535"
2021-05-07 07:16:32,435 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:16:32,435 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:16:32,435 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:32,435 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:16:32,435 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:16:32,435 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:16:32,435 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:16:32,435 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:16:32,436 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:16:32,436 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:16:32,436 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:16:32,436 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:32,436 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-05-07 07:16:32,436 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:16:32,436 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:16:32,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:16:32,440 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:16:32,440 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:16:32.440Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:16:32,440 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:16:32,440 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:16:32,440 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:32,440 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4 to 2021-05-07T08:16:32.440Z
2021-05-07 07:16:32,440 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:16:32,441 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:16:32,442 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:16:32,443 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:32,443 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:16:32,443 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3d570da4'
2021-05-07 07:16:32,443 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:16:32,443 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:16:32,443 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@883fd84' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:16:32,443 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1651907731097' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-05-07 07:16:32,444 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:16:32,444 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:16:32,444 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:16:32,444 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:16:32,444 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-05-07 07:16:32,444 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3d570da4'
2021-05-07 07:16:32,444 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:16:32,444 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:16:32,445 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:16:32,445 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:16:32,445 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c9d5edceb128d320867b2e3c88fdabde
2021-05-07 07:16:32,445 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c9d5edceb128d320867b2e3c88fdabde to Response _c0b8a6e431dfcbc61ad54296822235cc
2021-05-07 07:16:32,445 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c9d5edceb128d320867b2e3c88fdabde
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:16:32,452 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:16:32,453 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:16:32,453 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:16:32,453 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxgy+sR/apqRMTS8lyH7H5OcDR0RQ3o0OeO7QYTDOJqd89ldiFo0ovKvgExhSxZmb+zVlNEmbySmAPrlHQmo6SnEM09GapwPbEK3WwmZFi2ZjTnGjytq1Wp8ecDSZDbFFVT/JWgd0Uvttk9JUw9XG8dTiJHmNSRvLDvu4w5qdLuupk with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id1480318443402748311719535
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c9d5edceb128d320867b2e3c88fdabde
2021-05-07 07:16:32,453 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c9d5edceb128d320867b2e3c88fdabde did not already contain Conditions, one was added
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:21:32.444Z, to Assertion _c9d5edceb128d320867b2e3c88fdabde
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c9d5edceb128d320867b2e3c88fdabde already contained Conditions, nothing was done
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c9d5edceb128d320867b2e3c88fdabde already contained Conditions, nothing was done
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:16:32,454 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c9d5edceb128d320867b2e3c88fdabde
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession f87657db90c59c58b2370018be104c817684c12c8904b33402c89e834faa16c4: replaced old SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxJJ4JA+Lf51GX9hpYNcgSjKdX4SoIirgHP9ycNGkypzvLaaAFYdYEpk+UWDQAmrxnjzjP1JbOyeVtwqanNHqLFaij1bqdbg6PIXVV9VA0r5clNgIEcsFZmdCEFU/zIKyRfCPxnnrCw2lwcMmqhBxrnAjGmYD4oeaJ3p9b0rZVDpChd8A=
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxgy+sR/apqRMTS8lyH7H5OcDR0RQ3o0OeO7QYTDOJqd89ldiFo0ovKvgExhSxZmb+zVlNEmbySmAPrlHQmo6SnEM09GapwPbEK3WwmZFi2ZjTnGjytq1Wp8ecDSZDbFFVT/JWgd0Uvttk9JUw9XG8dTiJHmNSRvLDvu4w5qdLuupk
2021-05-07 07:16:32,455 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl was replaced
2021-05-07 07:16:32,455 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:16:32,455 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:16:32,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c9d5edceb128d320867b2e3c88fdabde"
2021-05-07 07:16:32,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c9d5edceb128d320867b2e3c88fdabde and Element was [saml2:Assertion: null]
2021-05-07 07:16:32,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c9d5edceb128d320867b2e3c88fdabde"
2021-05-07 07:16:32,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c9d5edceb128d320867b2e3c88fdabde and Element was [saml2:Assertion: null]
2021-05-07 07:16:32,458 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c0b8a6e431dfcbc61ad54296822235cc"
    InResponseTo="id1480318443402748311719535"
    IssueInstant="2021-05-07T07:16:32.444Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c9d5edceb128d320867b2e3c88fdabde"
        IssueInstant="2021-05-07T07:16:32.444Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_c9d5edceb128d320867b2e3c88fdabde">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>MgSO0WhElbH5rG++ELAV3kMaPtFY+XSYKHQzl9w9Q9U=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>oYmyvSnDQV4QRN+naSGgXwcXTEkAzO6o0viOTqVvpiSYGc3Yy10IErq/4/f9wbnqBFP0eaZJA5iptgJO/RhGXWfUvJ570cXGZ5dJqS6S77Uevxv/2x27rJxzcYLJ2kjjKNYsntwu7zseP4uxxmmembIBBz5l4EC2KxD4SXsfXqFKX0rjoNsVCPEIUzX4rEYSWCCfzIGxghdA693ZkQEBWZqjhmyvQf2wjjM6zvkc8DRoo2zcVaytObucLYxzNBP3C5CC8vNKV8qYjERYIwO3vFrDVV1P/sAmyWGUeFTWknEhNh1bSGZFaFIYuw/NpNUH35+pooK0n00S5b4elZ6OOg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxgy+sR/apqRMTS8lyH7H5OcDR0RQ3o0OeO7QYTDOJqd89ldiFo0ovKvgExhSxZmb+zVlNEmbySmAPrlHQmo6SnEM09GapwPbEK3WwmZFi2ZjTnGjytq1Wp8ecDSZDbFFVT/JWgd0Uvttk9JUw9XG8dTiJHmNSRvLDvu4w5qdLuupk</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id1480318443402748311719535"
                    NotOnOrAfter="2021-05-07T07:21:32.453Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:16:32.444Z" NotOnOrAfter="2021-05-07T07:21:32.444Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:15:28.650Z" SessionIndex="_ec2c9f64816ea09a671c715adcb6a0e9">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:16:32,459 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:16:32,459 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:16:32,459 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c0b8a6e431dfcbc61ad54296822235cc"
2021-05-07 07:16:32,459 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c0b8a6e431dfcbc61ad54296822235cc and Element was [saml2p:Response: null]
2021-05-07 07:16:32,459 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c0b8a6e431dfcbc61ad54296822235cc"
2021-05-07 07:16:32,459 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c0b8a6e431dfcbc61ad54296822235cc and Element was [saml2p:Response: null]
2021-05-07 07:16:32,461 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:16:32,461 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:16:32,461 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:16:32,461 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416&#x25;2Faln177a159h7Zf52X0g8'
2021-05-07 07:16:32,462 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_c0b8a6e431dfcbc61ad54296822235cc"
    InResponseTo="id1480318443402748311719535"
    IssueInstant="2021-05-07T07:16:32.444Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c0b8a6e431dfcbc61ad54296822235cc">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>lWI7j0FLtLNjtW7WW4XBtU9+GS8uUzbpEtOTJhOi/D8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>SogMp+GcN8mXI+dB5PVV5ZtRWFmi6s1VTVtVNxKLtzNhJeM6FvETOXngtfPXAXVj8vpPF+mh16UIavu5sM279qZkUreeBgxledxkdKvO8eoCy5YxlVQfJs2BelSbP0vLUK1PvgjY7ZpDrJ+buTNUqufaVlwTiU3DWRmp6Qe0pBVRLF5pMy/w+X4A/SZHUQo0UsCMZw3we1ESFv6GIO8IVSTATcCes+lKix2rov54JTUJFq17RzNc2KA8NCY7cpwOJmQdgcPvNRE4pZjiXpRGs4u6577DxRBjDxfUfLK3Fo1bbECaK+yyGhAB/G7/s35xsDeMdm2HupIeX/T0+OYDRw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_f44437f7269c2f55c36bb1533a529891"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_eea720b4faf87854dfe25aae868ed1cb"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Pomm2pugjP31b+j9mulJ2fiB6yQjtY7VKoBAE4v6awXQvg4slb7nTrJ6VteP0/W/wQssb8oaGcCdX3YUq7yoa84FSC/cJkr9Rz9Pz28ZGqHPHMV7yltGbMmDXQAU68sJQVkDraPN5skfC1X/p/aGg5N8LhXNKN88xVcum6DiWB6s7rRRxUomQ8XDPDTGyIApcWMQe/RoVQB8mrDTqqXQImyXfsenqFfoP10qiSXLLIi34NbfS4porGZswOdRQyVo4dz3RHJVCgd/ZImhnGGV5TQ7MAPxa4C3G4Jm8MwUQPagoWXoowa3jrqDQEsqGvAMUayRKgBTSwFvpN8WIk1GPA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>eVspywZTmLm0uRrxGIG6JDj2x/GYG8uZzO+c57Tj6g1ib4B1/xfrOTgBpAAP1nRbBAKpwsOObS00MU4S7SK8LUaHHYgnML54/x6VIchS9yRDEq/KNltY/X/DIJtwwju4T/g5927ArmwBZjqO+pgfTFlbOHIx7NYjZLukqVE0+k5uVnwufWCL5PeczQK7owku9ZHYVpf7nRBJMb2cKNBGNDMA5WShCPEzdrf2pA2q+ZZY8LBL3P+ubCmZuGrUaga19tMnfgxsnG/acTOKqxn72Ef5IaiK6qTfyNAb8KXktGMN5uuijj/O5y/uEvea39lkIF7R2LlA7gLuHcU+3hoLMdERBCc2WxHp30LAasC1r3q94wFapRv76ZZE/EQiJoDae4pAVhpzyUcWCDMISIn0Tf2piLU8T4RdJFpVvBPKaIuOklD5AdwSvl8Cwxq0B/8OzjSRTWkks1R5nX/JEIaMATStKpy2EpS9sMSXXEmGX2a9vJ//3g98atLny6SCi7A/nbfc0KezBl1r006oCL6sSIxKuKEFDFQ+hBuGkZ1jwTtP5AH70sBWlpscFDD01Qudq4sFCxcoPSii6t/5SAygzGU6AUN3+n/Q5KJHixxM8Uej8elS12uHvwH8z9v2i66aQZs6+W3sGXdqjoiOF3VUxsUWjmZsIBpq/BTiiPrdG1ary6TGmo5X5LuExZUuMt/Z1PSQ4PGrzFPtFzhb3RicEuu81BVSfTW3bexxtet867QxnxgzVCcfYicqESJ9PVND5fh0RhR1Gg9zTIT2d6SKSkeeX5h95HOF5lc2AqpYsonZVS62XB5YAr7EXV18w2ykfCOO85YaSqVGGWc3jFBs6Xv6DX0dtOzq0P29MYDs9lWzvtVp041vMIWrG2IJ5YR5E9bQdEABUn11XmCFaZ0tEYhGq3FaPYEv9g72QHEbG5RhZb4Q6eFYzj+g1G/N53u0Mivfn0+UPI5Oa0hv1oUZoHifTBzok4LzlZn8qivnI2jZlUTSJf/fDOQuS7EvvRX/RMNY71wdlc8+tlAlFzZnmji0VgkECrIIibOaqqKN88Cl3UIwSsG9KA7tL4KOZ2H4gclnNcceEzZ3ZYWH6uyR1IDUGoiLs+UjOK1MquLWdBEJ2PCIIcDa3iG+3sH5xwaWMLLTmN0l100KpPJTqB/L7HAMzssN9soEj+PYpUcOFPkRSq1e1tcPsp4paINdC3r/1BQg1gqazmQXMIDIPPZ8ZHm0EptPI1B4dWuJvpzdrTBJHqvstYOkoUawvXGWJArU8OdSpD+kr+1kDpyu3IPz7b3R0gpUVMLcE+uixFo5r3QbIg2id0nBMtgg8rhoGpziyDzHWoAE0im5iPwGR92ZGojGCGI3ru8kxiN0xY752zeeSdxLd8WbZehpQjthOIFEr4qGhCZYkwq8DbCWki8pxSV0nfmktCC/HRGeTa455XZA98elPpzrPjsxMg4UKkWmxhhWFUOIsCY8PtZ5N3FWq52/IZDYFGPgOn0p65Sj5eTHldoTDrZZEcEFzR+Ub1o7rmwWyPrBXDt0Sbmf+afCr2mUUdrzoha74qhuNglzN74xDJSvDRNeqq+QbZZmvFPFF1I3hT6wR3ak0FgOOMxfZyuQjT44MLiYCUwDHAlvZ7RqnHCSQwOmzAoBsRo469zlJ9QdQh2vqbUGut8XTH4DVJyzNSqEClNr5or2ilUxbWP9aRpV/rt9JA+JIPyammL+M39YIsoHM5hw6XaODzzocXOimvNg9GbFaRm99ujwEzdzYY8266zOEFbqc747OlX9cyXTopxjH3SS+Y7Dv0NCGmR/sORus1jl79LW7wMFPuy0ZICpyshXCYFfgtOy63XSaq2P+zNBJlP4tEe8UjnVBhUbmIaadkEnosbg/+s4SnWBaAWJ47stGlRK5uxUuQ9v9yg6IYqrAcFb+FYM6a52lq8JaGd+2Sw7p70628GdqX6KDQCiMGemxvDBKVoblg8LqUqfNJHkKEJm9dVpnz7cGyKHfKVssdoszYBG12i3qYIyNhJLn9am9CIHCdPulT/h+q2FAa06j63Y7rLfLstDztKZErkS208KeXclkLdIS5bOLH95XTBpmt1e5rRKg/r5P4loqfqpTgr2DWamhGLv1SsVdMBY0HKzJfYrbrb5yjH/ReVylWRPOHF2pC5NZwUKdKcXxO9rA6pZwLzDUsBT/ZZ4xNl9FWWmSbgkuAxKvBAW8WCyRGWkRYrKi8OghPPdLiQ78UkiozVw25U7fkC5OF7xLl7mPIAixOukbvWBxfR8+OV3wwQ6rPRkzpYzL32FKKjJlPdN4WFlqSm/Ir36yN5Rg2sa25SF+u/RqOipMysKfu08/i/JW+XrfDiIPsFHl3FnGk6+K8y370WZ0tkaXVJUI8ecKtaSQW6tCEUIFTFRr4qNH7iK4hncAsGV6IAfxaZc3f/zkiqZb5E3rVMMb+QjswTzLfEirO/6t/bhRiwsE+hj8vlusQ4Z1q9/wC17lJpoup+oen8PE59z2TAjPZPyXVwXEM1dX8xmiHg/s/l5kFmSe0OKB/YASRywExLnkPmXTcz1BJhjoWYNAyVDml11vZMUs5qBqPQDv5CviKYOa7h030yyOQ9PmEisvclcwYVDHA32jyjEGTNPmqEeIcVNrM7/AqZrfpZiyDp9Tg/y9Y68/o3iZcPkd0E3fu3+NxoF49lWY2jyULa+Z0x7Sa+6WRNa7T/DzD+7RxFbjZ4y/PhBDbND76ecz8lYBVKMk+1OzaqHC0dDJLVW+pSvFqMyNfwZqxjoZBpe9yoRZhRJGQJEkVjB6KgrKEfY8P8DwGvThWWu+6HmsTuGxnqbVoygWRh/SBsZPbc3u5GplvG+SDUyxYb0Ljs+uiNMknoagAgU/tkokdxAzFKUo38amA0ZWdX8AmDwMRxsaWoqoJBBNOBW+DiN9dGW76R6XTdVhV/1YtQInoX9CQ2yS7t2zkENwT6W1eOt1/YjLa+4cQzvs80mEHdBafr8adqy7mW/xVuSbkHggB/PkelkQJwxaReAeF9SpDigUOzAeqORZ/fiXbT3mx5MewIYgUIy2p0CxFrz6Ljo8LqKSF/zFwm9EJHRPyJPM0aSRy7OzHvWbHhREm4oyybycmsCFspNCHeW7z2jPpTYpdwnZrbbbBQ4ciL5X01GgpIFcx3fw05Ao3nrdrOD5Ef8BGhDiCXZFRpUNRNVMdWcMjJvmcjrqgyADTJ47s52m9dd3At5hapN0AM8nCUc3OTGjRIpTMeAHQQNwjI4Rljf/8kQ50SavPJh5pBlGDqCmNMJBhWsQN4ea9CHkIP/nWUfcJ9WWZzgR/V293Iulss6gEyw+dfd3bHNu4u1HTQ9RrjKtg/PARvakLPcVb5wVSmD5MV+hy1JmzqgSnAZ9Nfy5euJSBKfvWZz70Wa43MkYfSmYwBNHG9rA2lkomJ7VUsVLp1bS7loovvQTxR9Wf9DDUZp93Q9/j9uAKA1rTIfCEW4HIn5+tYpgYeg+TNlvAYk003azT3dg5u0D7sarKEFPYw2aKNyLwnoFFxBjemzzdRdAi3PGb6A59VHmxjZ7NpNeMS4p8fC9bSWghS5CqJ0dhTf/mJlUXcdkn8YN38Wz4w3WPqp5hm7d/7WkpgZ/lcenvznZAWiRzyYoN3QPe3SGn98iEYpp7Bv0gptnCMU1ibTaa4OheFHDT5D0w8dmWSnFWcgCnQ2a8bdI6lSORSmHJp1ERqVBnkPUrmEZVzI0CdVkmt8NZ9/LXCV04XIb3PycagzRLHojBol3eCW9KasU5w8ZEJXABimKkMYi7xVFT48rSg2gQe+hlDjaVzF9W8bRf//2qAswWhk3C1/sFC5YCKH906r7ixPrgOApJrt5TfiiE2ltm4Ch9V1WaytOXzvkNW1PZSI5wRhkf018rSXI3KWCt+GdQdMQFYd365R7IPXZhLm28CWnfCX+s7MwRAs52QxhB2FMYweICcMNiGenXuk0qNU1PTN8NoQbcV0Qa07ebGCVwAli3ZmH68ZWng8d9/P2znLtajrwe+wv91yjzMxF7lMUmCVG9nr2rK4H1ShMdqL4NouOP1PeRFj/ASnuh48Ewkd4S7yCuOqIp6JwCGqXFP3/HjsE46a/osXnNwmefgGl/4pTo3K8hgMeKzIN3LV184i/ppS1butHFChjv+byxOzsSWNuy+x8aA8fd/YlpD0ETLwzFqyhYLSHN+gzLnjv+a4x9yjX5cN+6GY+gb5koPt8Rm9CbPFySjn/DrW1QJFHWvEGQIW9Zy6DRB3xfuTMXSO115Q6LpLBlO+4ePI/poKjqyuQFGwSpcxOMC+z09eQUfUU6XCtGJV4pbmbcssnRt+JWUcw/PqNMdh56MGLnAIFBPp47uT9YIo1KdDSC98ndZrT9RrnBZBSe4nyooNjCvg93fQrdw9FSkt1X2ExP1b2jAMaRF3P178ZsRErjjaR9GdIfFK3mCAwXm3v2lTxy5JI2osdtrceF7K6xiF2o0kQmn7O6Iks5Hiv1+74g7pVvRWLE7vv0bTKkPOQH4iHAZWGjxeT3jEvPY0g90zD7S18balFF6zN0Aj8za5uepL2tb5sqUBBeg2X9GK5mjqW4KlYhrmHz1b8xnGU4S000wP3oq7u8mzsPSzGkwTmulmnijeMWbQ6W4hV3Na0HU1fTMXaI7oWC1VNv2U+EITpdp4Wdf2vNRSk84UmGbDgIRmLvFUH2nLF81lnq5AlSDtcsyTuwzaD/kKZiSdlwo3Oo+jOu/66dLB1Jr24Vf2X9zvReDCk5QYfS0wmZwqYCHlpl1ceDcoXQoLh9WUKMngykDoSmfOA+47IpqgaFTrUgGctq/UKvj0X5r+Iya0XjzQB1KBfN1/ajW8RS2Gc4AhtaWc6igAQ+q4NXEY0JXNg6BfRaMMsW33LBnykUcTtZQYAQbkRTAZ/RhERv3etKOUw3bggz+DMN5ybrwAPZr5ltQrsSuCsS5HNs2SRuvn9h27ogw6/svf491kUdO1klFRnW7/tzfWYKXyXzLzsgOaGtWpX6cn4xS3SRNtZunc0XxDgMbRDd0bC/U3khMQLnF0/pwGs6F9GoiXtOQ72d/fcLdPX8Zm1qKUSb2gLkv6rCCSsj2oniB5/crM0MPN8jn7UDLfsgyNgQgcKJkJlJbRXa1P4C3DZMnPnhxdW5AK1q84KWcbL/ywDTMlhtlJqHmnodW07DQiTZMNlIOVt6QJSqjJW6DPKYWgdL/Pg3vXH36irMgoWWUg7Ai9YQQv44tHTlIsHyyNXK1/uWdyv1EP7S7gp2unA3H9k/H8FX30Xl6+tlUJc8Nh0/EuKdMza+lxy5HGyMZRAGWU5YMP8NOlZS3vWIQl0BXLbaKhAgIS6FuAu2Y+AOQBQS275lVu78futGBbFzOorGns4+Fh1gvWTJwMKh7ZVkaR5QrHsk69Hzl1nrUHFPylKAeJ9qwvFFiKYPqzwqPi5jzTlaaQiB7gzgTD/2CEEvU5tuh3bwo+Q3k2y5QJkShiDAXJLnPCVj38/nZDTyxM2o2WXzdKWmRGRgKMG9zwzX4HybgVmOxU2cK1aHXk30fVBCvAjHWzWS/jBjeLGPMTPRsBzBYOdgdeIDIMaMnCUOV6UHVlnXxf/KtUhQsOUbJawIhJ/Ca9XTKf4Nn4bU4r9gGnVrmtaC4dGn2geetQe+9rEEQmkxBz0yHr+egFG1Fu3r7DUN+fyVmA8rNTBzlE4MW2Fu4kCtNCCKy+MbtfZYqei5KpLKT63dIqVeNWOKPaky4Mtc1yK7ThDHDdIZIKzZStm68lyZFQQVS9OeSYhKHJBsMZ/U0Lasm+Dks7z7Gq6KNx71TV0O9ibrdtAqQNL9vnBgPHD4ot5dMQyu4sXzGbJio3ly5sgurOZm00uz6KM2/9AhjML09DEXZcuf0L2CWq2d0AFRPyOUGwth0759PFJxkJsMsKfz6JsaKKiFw24rWiy3/AOgbl1WV8XRzEbzpa8IkOexLsESVOxJGX9qB3F+QTR5myL7g2gOvHhgTut+/O3Z94SGRzwKMsba+ASq9aNqcHpEPOuz/fL/QNORpYJsAxSvnSW5me5fnjRJFZ+OXZmHXDYqUod57mOaCxFYXzhquoT2rt8uM6OwedW5tNphCsRthPMBbNJ9qZ51sKXehq+58DGeM89RCnne+glss1ZXzbj2Qcc47f7xMQJMYLlcasJAmF4MENz/2hI55mtQ3bsocpe9CN18MmDDb021e/6wagucXeuNzc/YQZOkbKxwQw0XKfdHCPrJLUs7KiKP8JoULEmuKrow+qwlSBipdir9wK9DGi9GMkaeSUHFI2jDykU8IMOULY7Y1wFOWxPBnihakKDSJ6wPJTOf1KpDznemvPLKV3gZf7xufscXe8+jtcEMK2k0BjM28xt74SBwd1m09GLAprUeje934Sx42T3suTtSFuDxw+HyjA/w1WUTxZ8CQNKweGElM7XwoLlx5rufuuxtbcAO07MUUIdKKoIJejV+3FlEFMXjnY9T/LcN6VeVkxerAbsbzp2jqoSYjxNvBQGFqpAFk8541N0zrtH+fMXB4EEloeKfNadrg06YTbhxmQaVVd7YA5aXubOeDasu9RLL81kyIzomjh92566QzN5iRB9FkRxOlLQSZPkkDzQL3xyAbgyGb7cyQymwnusfSZTABgO4nkQTbFGRIkABXiF6V8GBcvSLAnrS0HgFRm0KMqd3u7iHjq/rnZ1N3kTAKR+dXc5thxpi13vLqajGMHXMgISwXHkkLPYsVvhVv4MzUAdCyuwUMNvAc5dQ5y2kNavpegzq/LHLv3lyNdXgtI6oyLWLiu1YDTW5+8FEHP5M601y/9LsROiu++3eOoenoPl6f6sJ3d0jXu7P5OazWEcxI030yIB4EhYf3WCYkAZjTQwtlmwZTne+xc8h5VdvIid55IfO5F5hGvdbv2cy6p03hmVq3dUeN7fL+706UdKhclenmzSfZvkJZiJ6rL7mFNu2IbZd7Ems7Oo82+PLYMt26/tDCQja4tYAiOK8Whw9GO3gWq2a2arrmXQUlVKCfJdawHBPGE9+12dGBLCa35Yo7Zyt7nAS9gmwK/MBdLoo1P3tF4doPbmfHLy/RNSdf2y766KpQ6uvvc3xxSkfR5D3edSrTk9HHva6vkvFkKy0MmrZXNN9+++OcYB826jf6oFQR4CuabCc6oqUrkBU7gzixSn4vSNazXkBFG5YldW+aFCKb/4rWqAA/qAtdRjMm7stLJT9LgD+FKwiQ1Z+pU8QDzIrYUyPsp3tKjG8fpat1/4T/1Fv//lNcIoO/SdlUtWNvlSF4Y5xqQ90o68ByI0NK9u7BT7Nxb7rYvcBiz3lKXnHQHLtrKlKtDKraIT/RarAQDp6FA7RVktHEjBYoG1swEdPDR44/Ywq5yVyuoys4QOU/IwxgPsoD0FDRKPpLPaBjQ1MI2bXJ3LN+7a3ObBHq3QSfd8EfWEk/+ilJ0wIwRxDxoAhX3oGyphSVNejAaspUbiErmrko9yVJ4xerSTnwTQ3FsqNMjVFzbHNiHDor5glv73rdzgpPKbwF5mYF3xMXfBBHFaN5lHA+YUz0UJ+8OObyRZYmAlB2fNY20z+bVC8xqQ0+Vl33yLBXHzQKu13+FDQ64fuGTOOoOQANNychebdbvYIEV4UyWR1nbndvsw7VIEKnc2pTaIuf20R4wfEueHHBqf2NFFmtUzL7FE7K2umjvaoMlgc0E4qAy6eGP+fH/hkN35O0u8wlNoBoh1c7iPywykrmH/iNpTsV9D82d3s3kZ0Q5C7J1qCTbNKuhwJjzZmBOa5bHG1RNbFUFXhYTFQch9qAgOAQAu2zg/fcJeeKHdIVFjrZxheJTm40rIfq8feyYHHXEVxFDAshpiwumeXx+2QdRPEELKw/1hxaH19ffSGKojkcvq4E9XT0gZwo342hC+21UNY8zjFRFXLhEY7j+UAfMDlKWsXCq31zpa38N9/Axkmrgb+5PZhhqRfWRbhd9Xhtvi+Pz8qxYxOE3ffPM32+2e90s8c8xLFNEltw+eqkIefzBSZz9vmXB6GWjcfs4oI5UQ5/f5CkJDGgS9W1pzm6xvT6uDqzzKx1GULt4csZBeiYJ3/CU+T02eqiM4GIKUnXEAzLcFssQ4VRiWdiuwq64q4hHfHawZM6uHRh7nt2C+FlS4jnh5fSgh2Ty3r/MUvj7P0beXxMuXjFd51DbMnIDhOUGNUnMZf7fmA2RPEq9WIeCKqsNsSXt6y4SH+n57yPcMuBQPIu9HuC/ZfmyGIngzATjAMJV4uaE+y0U+ypCODLz3bNnYZEk4zPn/TykTvoyIsQEopXGSxiPvDfxbk0LenvZgCJkXyBxtuF2eywPbsRRpZOPVuw4LjX8ZFZ+xm85oJnECyN7+sE3zm74ZalCgHNnMN8BxaUloTAr0pBkhAEBZGWOSH3Upz8Btz5INTwS</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:16:32,462 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:16:32,463 - INFO [Shibboleth-Audit.SSO:?] - 20210507T071632Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id1480318443402748311719535|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c0b8a6e431dfcbc61ad54296822235cc|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxgy+sR/apqRMTS8lyH7H5OcDR0RQ3o0OeO7QYTDOJqd89ldiFo0ovKvgExhSxZmb+zVlNEmbySmAPrlHQmo6SnEM09GapwPbEK3WwmZFi2ZjTnGjytq1Wp8ecDSZDbFFVT/JWgd0Uvttk9JUw9XG8dTiJHmNSRvLDvu4w5qdLuupk|_c9d5edceb128d320867b2e3c88fdabde|
2021-05-07 07:20:11,129 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8
2021-05-07 07:20:11,129 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:20:11,129 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:20:11,130 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id14868205110671382083446997"
    IssueInstant="2021-05-07T07:20:10.307Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id14868205110671382083446997">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>5r2jyQvreMdQtCczYNZn2XjsWvU=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>kEQUydDfy4NgWWFscOxg3KJCHgXmPUzofs8+lyyDRyNFyyiSCzBfuP8UBubC02MMoNmJ6vHlJtiyk26nhaQCnwMHvPN2koAdoxUPRZc83je2/vR8EE6HgQZ6wSVPq0PmodZgpaykdEUqkcGLlSvUioF8VH68OVRnS6KFRWNJy5uiZqUR35Og4Try5otkcI7FDuYtPPDRU4dOwrb8XWRvj5ZC9FnjvgohqRaGKxGLALjRW6pk9z/JbNJdPaK6yGKCwE0ZYkk/SzxiUAoAnvueXLc7BPU7f79+ONmbmPQ9qa7AE0H5UCit4WmlhbL5taHnghUNqb/mJ+GMKs2SG+RjTw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:20:11,136 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' from origin source
2021-05-07 07:20:11,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:20:11,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:20:11,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:20:11,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:20:11,136 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:20:11,136 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:20:11,136 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:20:11,136 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:11,137 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:11,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:20:11,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:20:11,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:20:11,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:20:11,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id14868205110671382083446997', issue instant '2021-05-07T07:20:10.307Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id14868205110671382083446997"
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id14868205110671382083446997 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id14868205110671382083446997"
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id14868205110671382083446997 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id14868205110671382083446997"
2021-05-07 07:20:11,138 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:20:11,138 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:20:11,139 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:20:11,139 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:20:11,139 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:20:11,139 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:11,139 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:20:11,139 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:20:11,139 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:20:11,139 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:20:11,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:20:11,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:20:11.143Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:20:11,143 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-05-07 07:20:11,144 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-05-07 07:20:11,323 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SAML'
2021-05-07 07:20:11,323 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:20:11,323 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:20:30,219 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-05-07 07:20:30,220 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-05-07 07:20:30,220 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1155746370::identifier=rick, context=org.apache.velocity.VelocityContext@13660a77]
2021-05-07 07:20:30,228 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1155746370::identifier=rick, context=org.apache.velocity.VelocityContext@13660a77]
2021-05-07 07:20:30,229 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-05-07 07:20:30,229 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-05-07 07:20:30,229 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-05-07 07:20:30,229 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-05-07 07:20:30,230 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-05-07 07:20:30,230 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:20:30,230 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-05-07 07:20:30,230 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488 for principal rick
2021-05-07 07:20:30,230 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:30,230 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:20:30,231 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:20:30,232 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:30,232 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:20:30,232 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ecf4ec0'
2021-05-07 07:20:30,232 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:20:30,232 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:30,232 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:30,232 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:30,233 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:20:30,233 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:20:30,233 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:20:30,233 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:20:30,233 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-05-07 07:20:30,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SAML'
2021-05-07 07:20:30,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-05-07 07:20:30,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-05-07 07:20:30,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-05-07 07:20:30,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-05-07 07:20:30,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, tecalliance
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-05-07 07:20:32,576 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210507T072032Z|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1651908032576}'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl]' as '["rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl"]'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ecf4ec0'
2021-05-07 07:20:32,576 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:32,577 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:20:32,589 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:20:32,589 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:20:32,589 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d96efaea6667c2d784883e3641aeacf7
2021-05-07 07:20:32,589 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d96efaea6667c2d784883e3641aeacf7 to Response _7e2c463fcfa0ca5119d226a7b1de47c2
2021-05-07 07:20:32,589 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d96efaea6667c2d784883e3641aeacf7
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:20:32,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:20:32,591 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:20:32,591 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:20:32,591 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxKRcnpjjJuOY6TpKOGEfAZg0lIJLgB/G5IhlfwVMTdv9/4djpzCRfe3b/r9QGQViH816OLlyzr9Wvv8/5vIql5Rk14gd0JaIp2C1jAsPjIrHytL+NNot6gPaEx0QB76kQ64WW9v7wMIdRmydZSwEKhiudZKpbdQ0TAM2Xj9DEFzMmmMg= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id14868205110671382083446997
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:20:32,591 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d96efaea6667c2d784883e3641aeacf7
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d96efaea6667c2d784883e3641aeacf7 did not already contain Conditions, one was added
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:25:32.577Z, to Assertion _d96efaea6667c2d784883e3641aeacf7
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d96efaea6667c2d784883e3641aeacf7 already contained Conditions, nothing was done
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d96efaea6667c2d784883e3641aeacf7 already contained Conditions, nothing was done
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:20:32,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d96efaea6667c2d784883e3641aeacf7
2021-05-07 07:20:32,593 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:32,593 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:32,593 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:20:32,593 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxKRcnpjjJuOY6TpKOGEfAZg0lIJLgB/G5IhlfwVMTdv9/4djpzCRfe3b/r9QGQViH816OLlyzr9Wvv8/5vIql5Rk14gd0JaIp2C1jAsPjIrHytL+NNot6gPaEx0QB76kQ64WW9v7wMIdRmydZSwEKhiudZKpbdQ0TAM2Xj9DEFzMmmMg=
2021-05-07 07:20:32,593 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:20:32,593 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:20:32,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d96efaea6667c2d784883e3641aeacf7"
2021-05-07 07:20:32,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d96efaea6667c2d784883e3641aeacf7 and Element was [saml2:Assertion: null]
2021-05-07 07:20:32,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d96efaea6667c2d784883e3641aeacf7"
2021-05-07 07:20:32,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d96efaea6667c2d784883e3641aeacf7 and Element was [saml2:Assertion: null]
2021-05-07 07:20:32,596 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_7e2c463fcfa0ca5119d226a7b1de47c2"
    InResponseTo="id14868205110671382083446997"
    IssueInstant="2021-05-07T07:20:32.577Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d96efaea6667c2d784883e3641aeacf7"
        IssueInstant="2021-05-07T07:20:32.577Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d96efaea6667c2d784883e3641aeacf7">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>oKtxLAY6GtfEJn3lD/Gl83nhptkQkMaNI5kemcRpkXs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>THu2eiR9XTIYz7rBLAmVJq4RlV7cww0CbY7fYJTcCoxG4mzB/9oDfgcDoFoOC1IzAeK5xDdTAnBj8rhONHKpILFgyarc4v3aD1zF1Ee36n7wTWlpYX2umfxScP8vIrWbiCyY2FsaaOET/N4JfDUtPf9bRR1LQk+MUgSkWhmM5zjG3ZySTF5kuew8bKHGCpyBORQD8xp7bcWFy1RQJMTRsSV2M/BVBpVDAl3uQcmFqfFEXib42JTCfoRnglmw6/JzwEHpe7kSnVRAQWS0uS+bMn+kabCbcFNsTl9XGzu69reMxW2gZd8p5Xvg9S4/wcNUCPuA3u9qm0k4Jm7zOn8vHw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxKRcnpjjJuOY6TpKOGEfAZg0lIJLgB/G5IhlfwVMTdv9/4djpzCRfe3b/r9QGQViH816OLlyzr9Wvv8/5vIql5Rk14gd0JaIp2C1jAsPjIrHytL+NNot6gPaEx0QB76kQ64WW9v7wMIdRmydZSwEKhiudZKpbdQ0TAM2Xj9DEFzMmmMg=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id14868205110671382083446997"
                    NotOnOrAfter="2021-05-07T07:25:32.591Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:20:32.577Z" NotOnOrAfter="2021-05-07T07:25:32.577Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:20:30.229Z" SessionIndex="_0b22f6b25fb6c7bc37948df656eced98">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:20:32,598 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:20:32,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:20:32,598 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7e2c463fcfa0ca5119d226a7b1de47c2"
2021-05-07 07:20:32,598 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7e2c463fcfa0ca5119d226a7b1de47c2 and Element was [saml2p:Response: null]
2021-05-07 07:20:32,598 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7e2c463fcfa0ca5119d226a7b1de47c2"
2021-05-07 07:20:32,598 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7e2c463fcfa0ca5119d226a7b1de47c2 and Element was [saml2p:Response: null]
2021-05-07 07:20:32,600 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:20:32,600 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:20:32,600 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:20:32,602 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416&#x25;2Faln177a159h7Zf52X0g8'
2021-05-07 07:20:32,603 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_7e2c463fcfa0ca5119d226a7b1de47c2"
    InResponseTo="id14868205110671382083446997"
    IssueInstant="2021-05-07T07:20:32.577Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_7e2c463fcfa0ca5119d226a7b1de47c2">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>jEpNvOchvLynzEfDeRoGoU/wCLc+mbeMAvGYlqPm4XQ=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ofmQ5TItb+P5cTc9TFid2/I/QDF1VNQqFMl8DsVleqejKoXrg7LyIp0jvtADoX9Cmw5b0M2+6cYuTuwWHKvLJAgguGmvY66+ZI8VDeMtPLmzQrpbh2yiwvq65LW14TMXmYsaYeD5P6XcKmRENxw2zzoqH3y6mpaUBJrsIuhICubuN+ZzO0ec2nr2retrKfwgRahNgViT0wl8YTRGP6Hf0I/a/HpF6bXLdchOVMOvzNNkWEJH6Xo58vaQRHC2MpdqYaIivI9UtXNXQ7nTAfw9+1I/WMfsWKsK+sji001BzLbxfBTRuIxGbCyKNpsilZI4GadSh6l1boNJdVePb8ZvRw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_419600bfef5c062d4f56f357814445f2"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_d842d1b379d19cbff8d0284cd9506968"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>cewdkf3SodsTN5XVdica15tv8rQLgs7C0f1T4XgvZFPJ8Sb8eM31gRZ8uzryjTOyNKl1TsWEahAWvonvt9JJlNzcK1S6k/ZMMv54DUEfBP4U84/Ya81XpEse3y5cnMfa2SkpzaPxWCejl6hje/T3+xALh4y2wti8q5svD4iYYvjMRgNaZMX8wzW1KXCCMqkBzVfWh9ML+df36yIeGte2UNc+6Q9FcaLAP5guAfJX41sMF98fUmlfjN/vpoeM5HbveDEySoMRZxvAqJCjIWW98EC9w8IbXRsNRPpu8y3FLJ16y8Su1Xu4sx7hVVeiBFfWO+KiOMqxpjxM82aAE4bVRQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>y1hKpkSQpZ8ZQM/FJZfwdAtxHcnm2kg8tWek3stsDvyG93iqdpX3dzw8JG0SXoYg1ILnNpTWSbPeZrE1nHMKbvwoz9vXXsZixwMe9nNqfiAAgcbiJN+VE0di5nfcepmGZFOrZleOoEm5MILR6syS1HV6btW9qvAtebwh45xvuVtuuOTtqafFMlDeX8Z/g8GFUl+lbb6oved6oOrwkogzwHJsVSBZ8E5fJw8lRQyuAL+j/OR+1iN8eqhox8J+iZ6rVd84kSKX8+qPOBnaqB1oRNQQz/1YaEfEenx+6chXf6+nhTpslCbcWQcYK1cRxx4Z0DxvrXeR22Cqy8Gb3epa1yTVbtO1LQwa3NBljxKZNcegly7L5m0q5BjVbbXORQLeWByi0wINUozRNseKhB2UwkvbLSv+ACW8F5zxag/Uhjw2D8s2/eCCPh2TpqZSXUvirpRkea85/lorpeh+phih8U3wbTqvyQemn1lKGaT1KmK2AN1IPqXO3bo+IC1x+gtSdlgNVVtcxTsPwxP7leh9RZgfbuuwY7qneY50SZzZSBVhqFf/z0SPgNo9/0RJ8S5WJ+adD63ETJOFV887yZKYqDz2t8wp2JyJxIFKmqLdfX2Pnr6quq5LOswDl5L9UsG0S3rVd87H+n0kSg0HWso600RURNSlIP3jBC5tkccgsWFIJRJ07TXw4Ht73hZiMO99+gBoPnfiMs+uts6Z7YvwaWWinw/58f3/2tIJKVvmRIpR9NcYR6PdIJE/Nvvrb8VYgSjY3bT7tFx52NshqTyJksUkR+iMMuCr58H+9mo/7onMKgjM6AH0/e/JhhsaTDRvgE2hu3szaZLB3+ife9O3xaBqDhAaszQFP93roI3VZi+Xa8OsD905VM47obKsqtnyl//XPANfv4fwP37VtLWt4X3QmVXNNWHIEA0lwa/bf8OYtlBjhCACJ6agOBFDeAQHHBGlIwtOeIOfcKd3CJJQqc3VGmT8rUx2qo2iO0xW+strvs8Asw6zt2NxfbcOrKXFWzXvpUOxqrv/I2cp1ZxdBtZSSJo75oAXJ8kU6ekuHN23pBua2As3wy62FGpslikLvk7FsbBUOJpEwmgXVDIP9XuJVEjdZUu9WlofeQdkQeKKKB4rmsJfnQePXjd1maIuZYtU++FoR5sU8m74Xs3DA8L7EqjdrxD+x+LxsFLCjsK/xt4zdsn/t0D0aFg/8hK1eCZ/4+4VNJ3WPLoyta2iNEl4WirgdKxxDhIAzXjmw2TEJdqspXjdmpfWsoWpbkT2wBUBRDHrpe9yWFxnXwZRZQf9ahvX13gdxMOXSyJU5Fq2cLb33AQXod4TF3dGddXfzQ2zbNigV9bx8ac2iU5JmTgK0bkdvLVlDgej2NZVHzb+fijWgoudbgpVxDIu5qhFRo+L01vWkZFcREMPaqoGwcln7BmL3vm+DO8KqJi9gAUsDxkGbYbjjIZ8Lb1/jdV72Qs+w7Hb03rI2C5v8urEOJ5ORnFEu/7Nv/oQCKZsogUl8ooqJyE8WD6sPNYLLi8Sz+ZL6NqAknPSaEOCd4qd0GUJcq5yz/uErPpmnrKNpGv5MfveGAPmHciYZeSTb4G8ZzrovJlNHmtPjM5AK3sOQMkDYc27U9UOrW+xFr+5Fr/H3FV2ymxQAC3GJoWUvViyNVg+E4OjGZVVsE1wxMgnZQPAKj1netbr8T0xDGAL8YeZaMsYavDMz3HZsfL/vmNsfescHscmzm4EcMAKi9/IgUKmPdUuNUDehUU//Yy+yXf2WqhfRaR/RY5mnYB04+f1krqveBn3TY6PfoaZ57C+z6qbJyPTiz1cVMmg9T0Cu1ZTI0uXZcSrHNo7Kr3LXfShH+mWai+2rM4l6LnQNFPpk4VYNHvCBpMzt+Y6wtJOG3kYoVMPHG1U8E6lTwiRnvfxXDmSRrNI0vb+npufP75E2AAE6rsWMS2FXnGTdFiiMFhFaS9BgONdiX9OSMjJJJo1M68KMmWu9xU6+8X1m5Mbkk4RCfs83/u+8oYdU6OIwWaEBtsz6nC1YfiZG7TfazGcZRDqgaKZlAmNoCE5Woftj79NzuhTaaOZocXxeWVz+3V394JuodzOVjGs5aPXmmAVOTZw+8aVeR2Cu8onw3mFjjqDtGuJfPKe77eQFPYTqGI6TSRwVJNaYBDcyZULFrtfw0e60NQQevP4B8HuyaS2h3hVCjRRKzGkXFCKrJTFR9RJbzaVV2O4yda6ocOEaKS9fQvGf1ffa/rhAWvlZkUu8Vgi1WXtyxzP0msnBroOG4eziKrGhj3QWo568/eaqrfs8HmHGJdzc6LTRA4b2pkOQycwORArLmehR2CAnwwBrspMwL/cVIAycb0tPV1D5lTSH+3w5zLhMu7563gb86s3BxqDUxyxyrYxAEQBxhWoqyGBh/jx1nRxAtIeRduknG/IeDpJitH9j0IIWKc7iG6DYOJdvcc0IcpKo73zDo3jrNeijgkKn3XdWPw6tqk9BOImIN/JggbM659CWuUKhjZKyy7IeCpx/EzKUWIOv2iWITCjqlgPsQhwG0pdxOkp65hAqiTytkqRDRvDk9g76c6nW35pjiXaM+Cax5zFhDoVbPP66Ha7ErpKgT/RsUxPW1pp8nzHgH7pT89W6nXGxmMOMvmHAmLoLiaV372rr3Ve/pGSCn+311dukVSYUWdY3jQzn5Syi4QW8OFUujEt4uKo9w338HFYTeL1IFikYW/Uq0VvZKBBo++aqVYPdhYmubRepDonxRVS3L67R/pJoaVu+xhVv9rEw/CuBpLilBqCgUDMYjne2MoGQWMKHlD6zCPIjTR3P98WrzP+Dzt156v8tYA1cz/kvehOZllXMLCxOdE365O3KyT8TQjX3DKGs1/UE7GMvY8TjxlwR4af9DI9r2Wso7jrfHzIr6vRt3YH+wTW+etvRG8vN/7TytZg1DMoK4w3q0QIhAR9nt6p6gqlh+7ZsQiDbQsGzpDTV8W3W8wsQTt9RfDqWtWwpuGEJy5ajKgsJrUQzGJNEoQcRMA2Lzc7SEVDvuNet7gRqh6PkxacZ/i2btOMchL0zP2BSkifdvOxOVgfGXk0FIu+PPkVLj8EGKMJb3X8FB5ebk6iqENfxeVu6b9ikXjbOjftb01AE4VxM8LOAA61KApGbshuMWhQjcc3IVr1zfAhzutxGwzuXX3DLtWuLik7Ta4Vvbh4jKULM+VCQtUMqhqcnlFT1DD+Gms524YysCnXRyUlBVnlTA1/A/ZjWUh4oohVePkacc00tMisrfNZdd9ACvQNDJmrTChrZusFKnYlk8v8NqGM4/k3bN15PhGp9MQE4DKRjyTyouAawA9QXe0IHrJ1yzHj4sDIAP6Fw2idANFP2pegEBFV+lJGGw0qbpoDo3tOtENEO42sBRYq8YS4QP+UlfilVBns5BE4Ue/+NMWMHWUZgX3bmSZMkM8OO0EUS4sqvd3HtNxnSklQK0ATPeIu9rYhBQqwbrQY0VRB7fPJTNrkBQHDKOR7mFOowMDfzdt9yoSmMyaRGrdpUeB7W5B4GxKSvOxcgxw1LV1+xrK8y5OpyRFuTu/1q5FNX/PVJRZEO4TcdCZFmV16RJH66scBcdkGo9GKWzpLTrZnSFoR5/KLG8V+1PGoeAOpV3OBZk6V2m3brL/h8rB1EH9yjQUrcQXxU1MlNomw+hKXqxHE4bX7+N/T6S2MM8oWOtiC3pCaaScb8QmbKcLU7PPm26ukNtz8HZt7Ifj7pHXPDPknXFhNynhIqUeOvHEEgdwnsDnclLD6ylcyp3JqjbAPSzP+B1nv3B17DMtaJXoR4a4834QAeeopIB1qtOM+KmEUNhBVeHMDyLZ3PIqJsNtgAISNAWHR5svLFgDyL83zjJKtk8ijiKVxrBVoLlsMi9sb8rlBnRPFa3SWkeqQdirXzgRgpcs3RYnOhDrAAajR5C0iNhrE23zxGxZReX5oOsIUdjRo8o4RpYPc8ZZU1AETadKTj1MrMyf9MxD66bqTyH2TBo5ZqxRgSw5oV8RMFFQv/5dm/0SPxbv/3Jc0V7ME2Jy1W1IBvRlAvHdh+u41iOc1WcMYBnnh6kVnY5TS7KeS/NEy5hTMCJ1N9sNrirp/1Tx4DHEyKK8gPyY52p97/297l+Hu2g+9yImC/77MvBrUfdgHLbFcidyAdu/CY+KXglXqOOvIiM1mVkRtLuzCMgDpUy4jCWuooXJMYaL211t6+C0nSJkkzYL7x/KvT6QrVYbXr75iJeZ5SeA5iekTtPwfzvQ6FwtkIcfLiB34mqEWRJIVnV0yvu+kc8sHKsuQR1UcOrl0Mr5k9vbSP0O4DG0O/JbjELJ5PB76OroQeuEqLyqxV6aimRyCPiMdf4H6LpwXDhKhieClDj80N8xLNt/6a4mJIWyIP0f0sN9H47xGwovBXhudXYL5qnmOp0QLtOhtucCMfzTWzGBdZKd+tZp4LTj31xX+Uuw9O7WLbRi7Jkk2O2wbjNkwUPhM3DK1Qt47QPw2322r8HssadaBvLLB17ljOcjBJbrTtNVTzyyuYDGhDwaPJWg/5jNZsmssAMeqB/MPANvTwEg5YLcEoARXMbdPN0FehvMIRMiXXNC1V5EEZ1aKycQ8oWJElTwmzX0H3jU84/SWajk2nViBG+mBfO38TGTpksHZ+pRpn1wpCoWe+3jISUxCLS2A0oQviBqmFOoqP7JcVi1c7yXN+eIMwtWN++IiyqfBRZOQ1dJ4B1UeYyViQ2nbVDOgjuJl4RuRgDwpL0lPkYVu+yEOc1HsgBjb8cw8opygmABjmOZFQ7m3o8fD7sWcqzXT6CfuIy2bwejAnhE9ATlAjONkR57FL955nr3OKB+cKFhZt/ry3uRsVCJt6EsycOX3iQkHl9KC035FwttXInd3lEkOrA3wwW9NUKyTFW9smy9mzKXFNIDIlsyoKZ1vNHFidVML4lnEs2/Yje0KKl40a+7JycsPmdpkULMH2MOG2qhLiE1ogpAISq47l/8b1/qENgAEO/CJ+18UgXU5KcL8N59CQjiDPDA+H0XClrv7l1rN4HZ/DV1P3fvGVqDd1Nkulm5ZcXii2dKorK8CV7SWy/VbmE2hoIDqwRm0ltIBWOudnBS8zTDN4e4YhBSwseKzKV/1LeK89088WEckkjSycb74W9Pk0o4jYfn+sXNevCfvcivgjUdNZUC56y77gOlk9G6NyNj/j1wBWZhtZOIuX9gxaGthB1gYrctwH8LMahvHki8t8Ng35KGYduvaDQLRIjwjrYti4ADomW/f1BGxXD0/9JJ1ihor7OjxyG2eO2QoZZZqBinPjfITXrgq9iOSWin+LTC2iA4UOihcCUcZx62yXeCeUHbpkjRFJUaPZH2NYz3tC8Locl3WQw4LXOWsK27BvnPLsIilpEmIWip+i5mlPs6zjzLtYM7ar1tOgt39yvQzQRm6QDl08uTBUNPtyEeVMg+P91tRZTv8hBDnd9CbJLR2PsRvlqGIcoYpZHHiESmZCofqpiVb9AvUgWdFoEciKNEt5NaAr85HJKcJzCpqFG+KXq7pmVN+a85vXveycmiK2nvqt1sbBPpkZYHxVkvckA+RJJLoZhTG5S1KbEioMzW+mA0GoioHlKEKn+i+QTNhISwL8WVY0dcDgZxM5kg0evtx/ipvbEOA8/r13TpSCqJVIjVZCLA1C8pOUnMrzcgFgs6HTY1BxkfUjk8ZSmGqgxWMCifTISlrqSRtgrfulJsc2Eh5as1YLunl/5Kk6UKDtOzIv7VdyP9NGDyeGKEpRzPHsWx7/tN69jSefy8rbejSytVXk8HCEp63lj/sOh5WKkz0rHLLm8yEPerdSd/YxXH7WExdFE6Xn+HKbNVQk+JWqwqXFDHjwZT3yrHzgFt7rfyg1M5HboG38Y/uF6LJhISrogOT5yibR3GUQSosjHuN1NH9plSfPSrJDwAcIPjMSEY10o4Q0bgCRUm+A06RR9hdB+Q/1OdsXZiyPj+06wrAH+6dRkLQOGxkRFHkxhz6zQev4J+YU0DnQRsTLDCrbdfAfDQR7fuj+jsn8D6dEt+PVsCOhTcpH4Dd88Wz1jm6A7TzqfaSVZ9d7Xz9oBiyoDly9MVzHDTOfJs0yUjkAJ0qZr8Kgsx2khVmQWP9spS6eV2ge0R/cyzGB5JH+FJ9zFg8iIzdqtN7CiOgwMI9Z2mkOXSm+XAxFwW22UKkxMkbc5tJ15I9LTVNCC2qQ4MiuReAUL8YsrxQlmvLj78yOwgdU5gUlkpg14Gpcn0DdXqezYnFVyFwm2rMtbGEuYbunS8tLqqIjOhTOIBdvOzHc3+aBK0BLzeQaZOcRKOZ3bCJO05kIG81uoyoUMbE+xFezPZiS0AyBEH9swQv8VvqVNVroEy+CdwY4NWik0hFX58Hcdt6wzJ1eB8dlJy8ukT96IHslaMM3A1RUWUY4nWxMopfn1IDpYXxFDo6Bwao9pNZC0KygThjIIi0tHdxanpmfCg7fu8xVMGqCmFagoNvKan8+kM0g6Gw8froNYTiwlFgjXFcshL/V/B86icEAEA/EGb94Tc4q0rz7fkhTDV+/THMW3Zarw3gxXR7dBZsI2fjiaI+FNp41NuNrPIfRUgB6CVjyCpD7wRWJtgXklmW58jCt6QvjS9BbAauv6sPOW/0E41c+q7q9be6g1FfVX1gECZssq/+EeCA5cwgqKM4iI3KzFkdlbIwVRu22mdagiHm7p4PsIBimd0pQeedSmygsRJDyBPNii1Vax8rlnJ5pAU3Fbd457uzlEjHi/sHzlQA2Pvw4dmhdjQ8j2l34N2ddlCP7J/BlNOsnG+DJ5zcrEq7gFOvs0+fvlOjBsYSrQ/LAs46H4C7qKzZhotVuVY45HKpnGl2vGmAK9f6oWTTBAHJp6tTNWq5g6vbfJPjRHLQml30XAW82iMAEuMlITEbCVQEMCxAtNwbaj2gePMEqufHO3v9Rc6jxZplXWvPaQ5Cu8YQ0XH9kVlIRWy46fe0v/lWMrLFogmBvXCkTwBgu3DezEFEEIr+wArwxC7kO1KkPwh3rEjTbmJM+P/KilvsLiNK789RDXDoieVnziLpRE5At2VtT9CrODyMTEJDXt4ak+bpK0U2JXVClCp+uiTUIIQM+GbWK8OkztMboqmnKQ053m2QnAg9Q78ZKkUmwvNgL3O5uFp7/NuBOif7u74IW0TPT8Hppdldww3NfR7xyAWvUuP/uvNsVGleuthtL8PVLiHHqwtPPC6YzNs6gxzq5B0IElwU8FEkIBbX2uchuohc5msChKsxbrDhrd3gTzAnxTrNUf4MY19WU7OuMITb1JCCh3tAibfJhQK/p+OHKHkI3a3Xv0wP6SU20pFbaycDMCNBmTKP4KazH6Kiuz0sKzsyYjxD5rjUNjUJPCEUQF9LAsIAa3OaIdb1kKXmwNdxroozNgFz2JnA4D2GyJxz2MigtQIrMdKtG0ACKzhGH6Ta+9/6u3NYEAuwF1UtTidWef34sE1tpOEDgJWoheh9rHlGulmZ94CUntcEnLsJDnWv1yZ+L5PkmEEHy0vhITYMTF1wmZRIWeUls5pmVoc+61atlo24fsfgRGJUTwfMpGFvvs+qZmc+CBcsY7BwXB2OqwO8qcIqjQIoj11BzimiwFdDh07DEEucDY3E3XuVo+cKZjFR2Hh1qfP0jXz7VwSIvo5mqxU8dalb5BxGAvUq2El8iA0FQjNYqPuBYZq0ZSbKBKidqiqrbUOqt/kfEVdQs9A6TBAmkoUj0bQUAj04tsoXX1QxiQPcUo5LbrIjKoGFo3nMKJXp6ux5LeS9Iyjz33Gqmy1Wb/Rk7HAf+ngZuhsXF9R7DMsm95PfKmcuCo9+V8kvp0HQEV/QE9TvGpZN1dZx/TdkhW9nvzGLrUy2ZD9sOQCu+phMCXTg2wefGB7kgGeexAVxBig15tQpGgiqFHeH9W57Z0QA8WFNdAGO2vLH8kPtQusIFq77C53vjGFI3BAuv4E9vx6ecGH+254/4CK6LZoK+Mi60yDuRli5QMFEq8LpM20jwTbykmXyRyuta8Cvk4ykwLGHlD64IMk3ZM0gf7RkWfmJ+MFh2gcDbxBnLOJvMLUad550wYagtCqxhZCycRUKVu2VRe+/uSR3+iYr8jxVoNwEdO3hD3mBOBgYWlFnfB4VhwQqkKPdlLkjNfE/n0+y6nEHqWBQH6i5Yl0IJflMwG+L18iD3IIwYs85HLyBPyNV0C3hqYw72MeUNBAYX8Fs96UttgwmXdjzGPRXeOkF70lxdqX62uL7i2TeOE9nvqjEvdXnCRoLU7uxyK7W5GqfH0WNRxW7i042LEmTxbAq8eclxcsj0KVL1myQeWLd9bJBcuuEP5YkWWXoglAOl46Ygt93+q0QTIjp3gn7U8h9DQk0nroX08q9O17igFfxmGgEAqxD8+88Jrp+uZJBtO+iu4HdF8Ht91zDUAMZ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:20:32,603 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:20:32,603 - INFO [Shibboleth-Audit.SSO:?] - 20210507T072032Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id14868205110671382083446997|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7e2c463fcfa0ca5119d226a7b1de47c2|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxKRcnpjjJuOY6TpKOGEfAZg0lIJLgB/G5IhlfwVMTdv9/4djpzCRfe3b/r9QGQViH816OLlyzr9Wvv8/5vIql5Rk14gd0JaIp2C1jAsPjIrHytL+NNot6gPaEx0QB76kQ64WW9v7wMIdRmydZSwEKhiudZKpbdQ0TAM2Xj9DEFzMmmMg=|_d96efaea6667c2d784883e3641aeacf7|
2021-05-07 07:20:40,607 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8
2021-05-07 07:20:40,607 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:20:40,613 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:20:40,613 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id1486852458837337828491529"
    IssueInstant="2021-05-07T07:20:40.228Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id1486852458837337828491529">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>sH7nzCwXsktlGE6Ic2XFr7LfS1U=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>cjfyMjsZGho7oqhKRnPreVZhXJkixnAqtSirgRLWeyNRbjcW4/3P8/O7eSIpQCKP6dUuScmJHL+l2duUdH0+7rdmQN9+R4xi1H8AEP7ZPq6WoKV9DwdobFWELikG+VNYrIpbWpMn+g682+kJgNIkV6MTVdbm2DY3OFB7RivqaJVtv+aQOeILPn7ZuBG2WXnsdPXn7yzHSajFtJz9GMe7nrGMZ9w5Z6IjrLhs/H7uhiamtikcNTt+b0UPkZU6G0Iwx6yqaLVKvfGeSdPHHg+JI4DidFGKZurgNkUuQjNiWjBvgeLvP9JqyKHWyiE4a6dE6twlXLnSkqD8k+oM24JMWA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:20:40,614 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' from origin source
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:20:40,615 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:40,615 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:20:40,615 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id1486852458837337828491529', issue instant '2021-05-07T07:20:40.228Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1486852458837337828491529"
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1486852458837337828491529 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1486852458837337828491529"
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1486852458837337828491529 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id1486852458837337828491529"
2021-05-07 07:20:40,616 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:20:40,616 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:40,617 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:20:40,617 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:20:40,617 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:20:40,617 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:20:40,617 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:40,617 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:20:40,617 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:20:40,617 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:20:40,617 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:20:40,617 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:20:40,617 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:20:40,617 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:20:40,618 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:20:40,618 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:20:40,618 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:20:40,618 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:20:40,618 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:20:40,618 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:20:40,618 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:40,618 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:20:40,618 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:20:40,618 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:20:40,618 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:20:40,619 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:20:40,620 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:20:40.620Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:20:40,620 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:20:40,620 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:20:40,620 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:40,620 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488 to 2021-05-07T08:20:40.620Z
2021-05-07 07:20:40,620 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:40,620 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:40,621 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:20:40,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:20:40,623 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:40,623 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:20:40,623 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1f1c613a'
2021-05-07 07:20:40,623 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:20:40,623 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:40,623 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@43d26013' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:20:40,623 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1651908032576' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-05-07 07:20:40,624 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:20:40,624 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:20:40,624 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:20:40,624 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:20:40,624 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-05-07 07:20:40,624 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1f1c613a'
2021-05-07 07:20:40,624 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:20:40,624 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:20:40,625 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:20:40,625 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:20:40,625 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5a65162e6cbce9bd81cf04ea8817e946
2021-05-07 07:20:40,625 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5a65162e6cbce9bd81cf04ea8817e946 to Response _00e2a6c82cd7d8f8f9aec1b55a5428ee
2021-05-07 07:20:40,625 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5a65162e6cbce9bd81cf04ea8817e946
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:20:40,626 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:20:40,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:20:40,627 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:20:40,627 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:20:40,627 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:20:40,627 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:20:40,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:20:40,627 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:40,627 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxdiOFCGci1Gv4UesNMqbxgDK2tu814BCy5zTRWy86SSjCjgZIpv1C3Rc3lzAo20auE7vo/2BCDZ+AeaaH2ufvkx/sfPBiJED8Z+J8cZW9ehzvWLZ3hd5XfPDkCLnuhbPmGKGXjeTG/PH1YE/XtG9vl5Mm8bQzT9TwyGIYy7EowgnkSro= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id1486852458837337828491529
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5a65162e6cbce9bd81cf04ea8817e946
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5a65162e6cbce9bd81cf04ea8817e946 did not already contain Conditions, one was added
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:25:40.624Z, to Assertion _5a65162e6cbce9bd81cf04ea8817e946
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5a65162e6cbce9bd81cf04ea8817e946 already contained Conditions, nothing was done
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5a65162e6cbce9bd81cf04ea8817e946 already contained Conditions, nothing was done
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:20:40,628 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5a65162e6cbce9bd81cf04ea8817e946
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488: replaced old SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxKRcnpjjJuOY6TpKOGEfAZg0lIJLgB/G5IhlfwVMTdv9/4djpzCRfe3b/r9QGQViH816OLlyzr9Wvv8/5vIql5Rk14gd0JaIp2C1jAsPjIrHytL+NNot6gPaEx0QB76kQ64WW9v7wMIdRmydZSwEKhiudZKpbdQ0TAM2Xj9DEFzMmmMg=
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxdiOFCGci1Gv4UesNMqbxgDK2tu814BCy5zTRWy86SSjCjgZIpv1C3Rc3lzAo20auE7vo/2BCDZ+AeaaH2ufvkx/sfPBiJED8Z+J8cZW9ehzvWLZ3hd5XfPDkCLnuhbPmGKGXjeTG/PH1YE/XtG9vl5Mm8bQzT9TwyGIYy7EowgnkSro=
2021-05-07 07:20:40,629 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl was replaced
2021-05-07 07:20:40,630 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:20:40,630 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:20:40,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5a65162e6cbce9bd81cf04ea8817e946"
2021-05-07 07:20:40,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5a65162e6cbce9bd81cf04ea8817e946 and Element was [saml2:Assertion: null]
2021-05-07 07:20:40,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5a65162e6cbce9bd81cf04ea8817e946"
2021-05-07 07:20:40,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5a65162e6cbce9bd81cf04ea8817e946 and Element was [saml2:Assertion: null]
2021-05-07 07:20:40,632 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_00e2a6c82cd7d8f8f9aec1b55a5428ee"
    InResponseTo="id1486852458837337828491529"
    IssueInstant="2021-05-07T07:20:40.624Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5a65162e6cbce9bd81cf04ea8817e946"
        IssueInstant="2021-05-07T07:20:40.624Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_5a65162e6cbce9bd81cf04ea8817e946">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>tw5oiXPlTuTNCdfaLgTaEk6ZS+XVtbUkFDMG3nLK0kY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>kweSVDwH0fS84QVEPrhYm9/Chp2wgZgkdNYwq07vREIcBy5Cd3PAWablsUYvuT0DOqqjxGH7AlRvntj+OBCWABbePRxVfYv3AsqY1uuA7h0Ip4JbePEoRKp3iJZJx2rzePSO62aT7bznuqLUimIFiHqZdYfkQO9bQ5Q2LYwqRTGvaMV8i/Xq+bYZY7j4ckpG2RjwjpTAN6W6gV6bw1jCH2AEPVx9AX8sp6k6N35b5/IqK5UK2re4o3qDTiV6cBgoVmZ9oxNMw2ErQx63j1j6LUHrJ4AGKrsyrSfuxxwvGYHnlGCuO7LpfJQBCOIXx+XTgqhYXtawR8XYmgMbL8zEhQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxdiOFCGci1Gv4UesNMqbxgDK2tu814BCy5zTRWy86SSjCjgZIpv1C3Rc3lzAo20auE7vo/2BCDZ+AeaaH2ufvkx/sfPBiJED8Z+J8cZW9ehzvWLZ3hd5XfPDkCLnuhbPmGKGXjeTG/PH1YE/XtG9vl5Mm8bQzT9TwyGIYy7EowgnkSro=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id1486852458837337828491529"
                    NotOnOrAfter="2021-05-07T07:25:40.628Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:20:40.624Z" NotOnOrAfter="2021-05-07T07:25:40.624Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:20:30.229Z" SessionIndex="_1f2c9c7d29aab9b3a321c9a3e4e20299">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:20:40,634 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:20:40,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:20:40,635 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_00e2a6c82cd7d8f8f9aec1b55a5428ee"
2021-05-07 07:20:40,635 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _00e2a6c82cd7d8f8f9aec1b55a5428ee and Element was [saml2p:Response: null]
2021-05-07 07:20:40,635 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_00e2a6c82cd7d8f8f9aec1b55a5428ee"
2021-05-07 07:20:40,635 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _00e2a6c82cd7d8f8f9aec1b55a5428ee and Element was [saml2p:Response: null]
2021-05-07 07:20:40,636 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:20:40,636 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:20:40,636 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:20:40,637 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416&#x25;2Faln177a159h7Zf52X0g8'
2021-05-07 07:20:40,639 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_00e2a6c82cd7d8f8f9aec1b55a5428ee"
    InResponseTo="id1486852458837337828491529"
    IssueInstant="2021-05-07T07:20:40.624Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_00e2a6c82cd7d8f8f9aec1b55a5428ee">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>g01KBvc4/H8XMDQzWb6NrUtMaE8FSIjjeVSoEDWp6Fo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>HGcVlefw7i9w1wbQVt+uLCCTiLher8aCkamvxmopj8tiLBmLKzrZdlNrRHqVy3DqBfmjjP6dxjEdovfR7/AbYIk1JmJYkt1v/Q7Wi3JqgzXxzVrx1prf+nC1HeJ24+IuBZ53RYRxzcspN82gw3Jo+p5zFb4giygGgE4MrylUTNMFZBPj49OykudH47MH0UAyg6jCeSrRSJ3ruNgQJe0MJfaUDF63gHlsAkQZz7Hc2jC7b/wwv+co5eW6PEdxpVqlrf5FVeJp5F9RSp5ko29x6UQ6cwOnWBiD87wtZs4RK/gI0HMHSeHGsPVk+zOick/jxq3UJ7QdqwkGPw5neb9bMg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_eedc12c45ebf60a3eb681286a54309af"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_6853dafda2410e5a184f26d9a51dd400"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>KrQh8l/0lr6RlUXqSShCsyyf1J7k/yjuWLriCKTMZ0KvbcYthRi6HbvFZZYI6taxEySkGl0T+ndxH63H9VVCB6fQrMtSAqa/stZ1mHtEvSx1vV7gRmMMluQ8sOEAInlea+yTS/ysqwrPnE3Qo+SnQnOTWBtlBzVW280cahhbQZHLsBOJ5r1JsVzXEEQmR4vxv3Hpvpz2MFY4V+3DIDVhtQa9rzfj2qPqEZ6WZQ9WWZR1QcoFEN2V5GK63Jxy+4mBQYqGV3qhCJ6t3kcnqrZBtXYz0Kv8M4v4MtZc7REXRJk9ipvPeCMXxROsBVWOAIryiL973CF44aJytZ4FIJu2Ew==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>H7/v+oKlxOBsGRElzKyhXvuKV81EMkKh/ENb7B39t18tN06YUOp5B5zSdVfNSAeKcA/gP+YNdrFURXtK2KYaCjrMnM8q8StR8nHedRRcU5EpXWRKSyigHoCtegN0Gevf9N2VshPH2V4q0sJ/cD4M+fVV9SQvVHNb20jNQzir8qt8e/1/4ORRqCV7+RzX4OLQSalo5+vgzvGSJU/PEs39xnJw5zlxe7vFDQdd0ffWqF8j6/rqUpoCY2EvpBwi56MLpqzckjKa0wu3wiZYJWWMQAiVBGD4aZ028me/xHln2eNIBc01g5Or8ZAM1lz5UFFiXPaUh+mpIYRt/aLsR4R7Vco+/vY6NJ7r34YiBE60YGUSxNsdjbHAUkhkUVmYHGURSzyC61KaBBvWJh7f80NCKp0EYBu5tL+asmFvtUC99nulmuNVYR2yBENSORAiP30pSwC2u0lIot/UieWj/BtZm6WwM+qtJ2I0Dwux6HCPDeKRlpgur3ew17siOgVh+pvQ1D6FKqBvnv4nqiUGI5zoFNxC55BpBPrSKp7t9PaRnKoW1Wq2+cDbEW40p/7QkXX+mSJdFF5JCvoPMxvJm6wysqQ8kWTg9w44LNRAWhtDeUibQmmHRm9qsoS4WtyatYKFIeyCk76G9roZHuHJtMsAABAx+7wdqEeSK7p5jrf4r+WUkGY+R5Nccmr6JT+jRv3hrATYbEumYwMt633mvMfJeZ7zJMd5D5JErPwN/VGS2q1DxqizBRx/5EM3IpL1RHSA4ERKoZlS3qo2ANQ6+gCH1Hupd0RWWjCVaG0LJnpg0Dib0jC7fjtepM0QPRYkCb0Rq69KBYlAgxhbxcUZUi6/7s7vj0MaxJZ9SFNDLFW+4VwHoZ3wYLIQJIXd1PpeiOZvbrLOJfS0aZJvG3tgkHRsLdJeooxblvCzK3vEMHnDyQvgvhXwoqLrsPb/SaUeiYeXoAV1VoFU4PeVRFg3vRxGEYAVENmCE4+GTT02ThPoJONsZWC3YLOJgIkjyusBraGo+h5ptXJCrfNQiaKsgdBW60uP82xfOrIMjhymDFUKKwT2fHoTWwGbCdGgwXDW+WYHE1iKSbAJukR1yw6Ye/0pDhft8S32mdfE6wEBayN3bQ6bboCpWi4iIhHCij+OtwPVcvR2C5d2QWPH6QbbciAvfSSgsCOGUs4MIujRIiiZl9B4GApudFGZCf3a/YSvXQr8F03JPKm4ij4R/B32O89MQU38URC9LB3WtuHnhEQnwNeWLKFDTl0/DqYPzXm+TPvEP4scsxwiMT44TZXuZltJj5psnOqYNPrktQWtBjCY+1zYU3Q/G3FqTJJ1dNEvgs1LwgXvxU7P+TQ6yRU6KvH9LdfDxkwq61JhlmNT26+zwzyzbLgv7pXCO5XCK0bFuqDSge475blMDo9RfuvMZn7KQ0S1fZ6ymJfHQWehQEy6gw+aGJUiQkd5rewJn0oWFE011L1RsQmTBlEyrUIkIw3sNJSFGwxtOJlyFBIIp1XJKfWkTgpyJTSM0FtWGopoHirNhCUDWuWEkKJqzH833ZB6gYOVD7ealR4gM0HMjNwSLo1dlQ8g9B2I3L5lz+CCpq1nufZr/7PGzsjp4SIXVYfWuFU1HTux9vcKmPGbZB2gV35FUhY2mbc8VbtkNZAtWLKb2EQQpDPixrCLD+1dlHsk0zohC9M8svqictHOZEI+kp9rli3UW9LlwR55zQHYvbU9/LHKu73q7ODjHDrGAl0lYrkrQeGchyRGUFV6kEy3/eUxk7EpycUYb/cEgDz291nQeHk3fW7a+0hecLsg9cCvsvs6KLWiZW9WQbDFma5BzZqCufq0X7cvHWhJICf4OzKvjPvysH6mtacOi2aiw4TFxCJpYvj4giYa3Jsl6POjIGoX1aJf5Z4GVXEz3zSKBVh8kg7sFMV9q2s1M+c1SlTpRWJzcyxK9TI/RT2GqCtSeNPDIbtHstwXzaicFIKUoiUKbGzEsgqmTi1F9Ny1PgSjO7l7sfNnh/B/LSjwRHDP5gLoO3lUxFpIhF1sLZYinhv1vQ9n61K375Kp/I6w0sASYviL/jXyQSaytgvx1JLRQiSTxl3rrKl+TIn4rhmJLu9BkbcUINadjwcJC/FkNZ3WyDAVQJbylXNMyA9dZ16tocVpWmloZbrhCRup3if1mpW8ui0Ary1b9xKJsPtmczuDg2ndL9mEmwJkR86/lt2LfyEJtW2GbZZAQGYAleBotDsquNfFb+pek23J18eNp/W8IgQwAUMY+KHGpP6kh9JDvqeQvsF+bmTaAuFcY2OlfB/Tmo6kzY8IJP48Z/kVLNuWldtbOWzX+4ftHGBl2R/7HVE9jBKB3b4isnE8h0qOalw28h5/d7/78fw9bisza8d5gU/tUYFdn2JUeVy34G//QduTRvbFS8Lg0Dk4YaEIIYH/0IhHRwbryDbfV7HUot7bUJZdvYu5ygb0224USdbB8OXJmD9iCk7AAgE/SiMjw/I7VlWcnkHs1dikePWtHPPYCMCIXT7rVcR1ElN5963a3wzvqVnJjWiws+SSDiS+yyjp8faDIgFEMMZp6BP4e7eFKUj3SRBoQF6kqcK/0r9P6IUh4SdEcaANUrsiXWIHQCRpWrTx9zVkknHre6YP6FGkSeXUIzKRTfNZE6pUxxjSkuC9heid+mNfWerZxIpzeQTtKSgIaUjgGqTfZW4Hc44DDoHU+1D3hXIc4L2PhHRO8RsVFWU+snSDWjRH8GvasMM5MNZZwb4Z655hjJomJ8bQ259XOxOr7sbNgKkSueFpk/sFSqryhIDTM43S6FbBTtvPZdmoOJ/2UFmSvaldXRyK6Tz0iTn8RTkG6H8wuQX3rG6JsnTa2ymrAdkN/1vKOjZCyFHmE7Y03tkdzsKLWgn/R7Dh4CXLeC+sLmYQTAIqtHCTiOGpaHYNeyAlWjXoUT+5Aw1r4jmtoiSFuf9xPa8XzJl950QUfcLRdEXwMVrxOVB8S+WbIzRamiGWilfHTVjDo1bHHBbPqFs2JI7uYq5qsLOAcg+YMv+Jp60NT1hhd//9QhK2E5mSRGvyoNd8+tSxUUqZEc36SjSEyDoS0Xvb8Ff4bNFsQN1/vojduECSPfolm61JWNkKzQbEvWy9pFuDAUG2+xwDFSiztFydoqxU9K6jb3ebVczo1qTm6W/J1Mko/jMOuQcqwjtIai61FOG2ncG2CpEEEZO8So9NnZcPllsQR0jLQfdMGraFCgsvPPlcKVb1UQnftc6q1zw1NJqajugyRCxmWKodpks/vtJyC+rQ6YtepglWFPGLz2gfbk/B5w9I6mGuPeVF9uohlGxxD9wSDcyGZJH0diX3kqfhM1FTLwqoA8Y96NsE2goDVJMLznVi3uGzhrfZWsYOlsI38qJLe80S1BGgXUBzQ5j4h2auuMYkqDRwx9OJsFneC1k1O3RZNW8pBDM77Nqru3AUnAabePHVUb0ZwYUWzsgFKH8XLMwuvbjyv5LtKmwyuH2yIcmjdpjPM35YlkYP2/t4Xr5I/RERaFZwJZeAwu6TXtfbRXttPrPLyqmsHPZNTG/lrYtkVuTu1ClYwBJUYLGDBRmOFTovTKwYkZzdBvHNyy48ndoCYUWYjw/cI4jKyh2dtVrHFN0Ve1qAaeVAkFpfzoPrDPBAzCDdMYTiIIXCdiuw6UN1RMobQxn9/PemgNeGFSMsuCfIdEnFb2JEXw09dykhEPkxvpemxKxTbvBr+CqccqBKCzRWkx3PbOMpUZ+BS26UiIroyVJF4b2YbNpN6++U8qHjHEeT2gV1SBBHxvt5jSk4yLpLkZv9vyJaO8kzOnEKS/Sl6PVXrPJwotc6//9NTLIz0ebKcAc4u/Ylx8bD8h+QLA6wQind7zoQOQSxM+A6kZUQOP91MSN0zFuU05vM1xxy1JIfzklVqmARTKXCT+O9OVsBP8tBWXiXn8rHebBMo3YwyK6816jNfLtY7ev9FawPefhRx8VOWcSFwDVQ+tgqWj9VvLk9EMW+95EjIja1mdqr7hLmG16KrYeUKML4YoJUthNsdlCaasSOBZA0RPMN7XUG0UIg7OAJegvvGTqyLECZz4l4mkbIj8avPx2zvb/NsP1VQtVgoxJ4ZQB21rrNWMEiQx82L6vet41QlhbweGtctwZlNxR91V408/oPm/UKBhRowKVRdsnmiEp2HFlvqyOO5aUaaz0D803AhmO46irk5D5/yC4o+eUHLaUWr009nRFLW9DUINmAG7LHx7nCMgL4b/Y90phXasTihDqIuEohvTaMSfpXvOAX4YNBx4f6mMSIL985jxCvCG+iESBbkLpuA1/y8T8PBfjSRlXEelTy/QRqZtfxCnwTNTKT8Df3cpSCqyTY3s1sXk4D8QeXyHCgmMot9gvhTMEQz7PLm62u7w59FvJGGLj5RFUs/jyAQDxhcgfj1Nbc/STnXp+a/WG3DULg+3qK/FTFcrvXAdPYiReehoGUBeOINc0ffH+6lsEewxcW187Mi865gIFWkYVFvHuZe8kcDOa/b0N4oZgSrqBiG8tnWjE3p3M8406Wdj47drB1Og5Bmeh+2CHuAeRmH29Da8FnfiH0ikGXLx5/NDEttZa2QQSSl+CAIzz6esabVxxnC2tqX8QLp8Vb15MhPNVJamTrCG8HVpncygf9oQEXeaS6eK/upvMpZqH9+x+dOAd1dWP5R46pTCMxbz1pM0zyomlVO4fdE8LJc7y3K2HgKb9KJVddO4DHoo0icz+QiLVQVF0OcZHnX5F92rUIPnKZne66FNNsr8em5ZtwvwMs9VMQqeHCC4DfCigFUNErUotSx3alaj7VNv/+Vuo0WhNqa16bvk1O/4g1bBeTDJNdJtMUw54936SzpxkRlY6CvmK1OlzgygG7whYUOrfXCwR576NP+QAETs4SK2HyLwgINKxXo41v+WE7yH6kqBEn74PGSokhndO/ZuyCY5Aju/R0t2qYt7tI2txQvGcqc3BXih5uBy/Bovr9/0zcOa1/TfAHX+DbBcY1W7S6kTsFHN+YFtqMYQhB5jay0UaC36CGTmDiKcndsuwyTF4hwp+GzSo5nJ4ba7oks8wcFri4mBJp/n7pt0U5IYWEzkIiP9G6zvsWTBb4CBLsZ3LZqH/DFZV1CwBbzDAMMIuo6nCpGal0ALUv6kbSyQ235J0MgwofO/isuQVGs51XGLjTMgeNND/e0DoG4VQAL5yoNLZ5gTdPS/xgacYCi9i1z4CeB1kuCfCYIK0bDtFytbi5GqHRlLkJVq0SirLHkB3N/ReZaxyKgOru8OvcvfpWjKFjes0Fn3Lk62xc3uR2rrrAjsHYemew/RoB1ONeROFaS7dLyVneJLUysV0VNcZBaGicTFYe2y0QHWw+L8KbqTYE19DQVmhiYeESZorOygcBEKLAMB65vvfodleUzxJyKdGXIXs/zOzTVxa0pxjTcQFTut4bU9q2tUiVj7jmjJTXPsGSq+9JUyqnnUq+VrC67Z/KvVSJ5AzcxQ9z5lwFf5Lp4SjI/KdOLlJadW3FOrhGeAGDG4WAuF2V/3CGngz/g3kRw39t+cto+VBxT4gAqGrh0EYLnkCtxEUu873GeNF8IfSwgInXra8/2FYc3fRMhtUv90Ze21zOPuB2UC0GSPU20wXvoqX1+mBnf4W9EnG8muO2rKXLCJKzr+Kg1Aka3qLVma2PN1C9ze6ZN83Yog6zGvCHRw/8PmsH85ZIP6ZXwZ2M0ZhicucBubhndL55qmq4zYs/sDx9hj2Yrj+MlOg4/F7u7DmIO525ESGw/oEdEYt1r637xbHXTWvsVz0NMUjqcFgf95wMsoegNf27SZdOTs5wLazKaXwUqLMjYLLVezfXbJWH042wPzz9HeIOO1/UIm2/lwZ/xgdw0u4JFtNfhVQTZkw+YqtqicTdnEE8wP4Sqh12AZ6W3ZEgnsrz2nFkBgiLQzXKWByl6rdBK/4wNPKfW+/umrringBfBiHS2ZPqQ+DGT6M8IfxIUSu0sYK8Zcj+Vtnx61/aEt0zRdNKMLDcC98g5w5xPp3HKUdl6mmPCd1BEdH1HsZU5KVHc/izCuUerD+ugWy0OxlvTqLQ7VUDUl6iwnBFhtqAcC/tEjpoj5Rfh35mw9qdn+0LcobjR/597RMMBdpB3dKmuAOEJTskjPg5tZCJxdEx1AOH3OFz/5BZgoBwG9fmef4IIZt8ymTvs3LHKbhguC3yJ7c17Zmtj6wkz/ji0B03q9V5jBwcfSzN9BgIKFlMGvSYqSprQaUCmR6Cw/3OJBazG+KoGTywIZE95QuHbTyS9n+wFohSieemwKjufq7B7ii/HK8EDAHefmG24oqMh7k6EsCpLhpJi9E9whDqJAcKQk5joLiTBsOI0WTnxbgtDMX+7KY8dDCxwI4qbI4eQtsytMc8y8p4TlytjX+742+4Mz4DlkFvu/PdIS7MEg9++jfCoExc799SQ7i85GAyEPWWMymhUun8X/+Mu5oAKhDnwIM6ykdjyjErN3IWzjYbGavJ1se9xZLzCYUHpSCXURZvm7pDrIVTXMvOume7oEkp2KkT00CgzVjV494QRUN6MxvF0rxoYsatiS2fNg/bPGKhtHv1RArVQyyQ/tQeOOkILiJ1d4DWQf0IomR24gEw84Glq6qTECs7EgDS93rYLhb9EEAlXcvQVdjX5ctLzFv5fTboPSI9qZiBWDfaWKo02rFGT9PPwE6hKY54Xg3ooMxsyZVtqXy7GqvSuRN4T7BQ9dr1ywejxbSGb4mTSTXo2H3GCAvfAUrbkyHAKqCmcY7BwJGY+2oPf6UiGbWm46N+guWyZv1aq2gGnRw283d25FtYaJm0tzGnWL6preNXIg8sewPFCk2YcDoRjx1K4uHhbxwI+fNnwRhQKqoWY52q8If4REv4gGqHXyKnvf4b1bhIoxiDgLTkLFLCzFJT3RzB7QswPkymg/QC8px02fesB2Z6kMDcypobmWUq/hpnp9ZvicnEDEQMfL86xhIh31IdkudvgwnN97lU9ebjVLPwCUG59Z0jI+gqLmmlrzDHIaR32wE6SSjn4bZRKTm+jgs2nkME3S7pBGGvA3zYiK2VZ7QgQ/ULsZhOnS9BjeeUBSujgSuVLraZCtdttNv4uLQG8EebxYxhdxMnIpE6HLNdL1MwN2rLCh6+ITXFWJLQ8AVK9iSZBC67Hve4TTZIhkzfctQu6CY4EgPIrU+2gumQD47lndQxf79An9EcVnQF0Mj0v7Ea5TiOCkI+U/lPHkK7nZ1Jj6EJtnpVg1x/ROpeZUoVMtioq2AhbWQSJk5J3IBnwVfwpZkitUtO/F6/dXC+LtELjoZa954x4h+7ncQsIP03/jxk2t0lamPPbMno7+O18galKhOK51JhGEF67fV0tzvZelMAQPA3Vh5eoxt6FC9r1itP1ESjEpO5qc4byhtFR8/3d8iZuTh6CbgMg8KNwAQiNAw+H4ds9mflfrO3eamiVs6G+yH2BXcoj+8FHuj0vqVgVnk5DEJZAoxYY+TXjkH3lhmnucridWvJZa7Ju39lW/8jrf98TO5G0GRuaI4ghRaadcDLvqWa7dfFMdpTGMVs5KTgQGvtZVmFr9zKXdT4y803OffFTvUQn2Xq1ZNPCPGxf0KHtm6gtq81RILOztjqWDAvYHtx9uiWPiEiaqh9Ln/Taj14nC2RUk95IRbHaq+KVy6XXhRMAyfFHb4plZcf8T45TqTzmIUbcxABKk1DxPB4mmJq8fvDUbMypxJHghTZj6TFAGFp0QtQvK+xkNpZMMq2hJpsCv//jFV7GuWVa07Q3vNANq3gNdflQa3QjZc/EA1bByGUAvQdFW97cfdVt4w7Lcgi2pneC+qNdsD1TFh/SI9s6cSpyDAwuVodfFIU8REk3zkfi7FWnG6cmIcOXAmRgRW5t5ZPHrDWd2F42QNWUW8oASmqNUNWUpiIPtU/qyxPH/U8dnlE1N80SZGyInBwrBL/8r+/ByoMtCN9QgNT9OzWw0HYIpt+FsLPVRLWyU+ivFA7T5tjNplfOdTSEJrKOtY1hRwMzxsDQTzY1b3c/NfLedKgpORDgrNN9R0IiFkVgWUpSyVyJ9jPw1aFndd2r5rxIamHcCRzgHI6SG91pDy5A1tUX867Xo02On8h5bBfBsodFeqWXdrnYBwHgC7oXtkIM26kq5wOKNu1UAUsOPhIh0Orhujb9+fKj2jnJxM1ZbkXe4incGmErGIacfdq6ZtPYXdc4z2xq4k3iWGVPS7Pepki0P4aJIZkzO0x1JEqB3KS/99soVz+uj/wyZ7r0bumWvWWCer+ofnWH9IfP/7/j9TEGy/5XThru1MQsrrDi4u0K1o9dHqq7MDvklV89gSJLbEBfQQkyy/OElJ1Mr0aU94uBl+UnaeyPmT6OCByJMTqjOmthqTWMyn93x7eQrJ0UUk9DU73sGT5uSDkQLrfOCktWpYd</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:20:40,639 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:20:40,639 - INFO [Shibboleth-Audit.SSO:?] - 20210507T072040Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id1486852458837337828491529|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_00e2a6c82cd7d8f8f9aec1b55a5428ee|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxdiOFCGci1Gv4UesNMqbxgDK2tu814BCy5zTRWy86SSjCjgZIpv1C3Rc3lzAo20auE7vo/2BCDZ+AeaaH2ufvkx/sfPBiJED8Z+J8cZW9ehzvWLZ3hd5XfPDkCLnuhbPmGKGXjeTG/PH1YE/XtG9vl5Mm8bQzT9TwyGIYy7EowgnkSro=|_5a65162e6cbce9bd81cf04ea8817e946|
2021-05-07 07:21:12,781 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8
2021-05-07 07:21:12,781 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:21:12,782 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:21:12,782 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id1484821572709233529105561"
    IssueInstant="2021-05-07T07:21:12.395Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id1484821572709233529105561">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>s2kYJ0txuAQjEOx2dFHNctcz+Uo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>a7Fnv9PUxJsSPPyE7C+wadLRs9EWErfU5eHcit9QthrEcQFgvww8p2m4hm8zdx4AgVwabt3KbkRvOjLg7QsEoMB9tMIsKcw92n+qwE0e4HCBK3ZtDIudDLl6lg/BLyM5khf20auVu7EU4m3ZIXpoCdNCD46Qt2pQUwnxmA68hXJDRMSw8K6T39LexrDoexRXfJOKvNhYziWSJI+Cfvq8KdMTKQIwbyMHsM8+ub6SjSTOYRPbqVQfHzIICNs4oT10ER17a83ik193HOrYV2mPYCv54DJeXksC6YraUbBb3E6ccttX7WDjfCEvQG6Io6amGL3lh8uaQKjqgE2bXzegUg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:21:12,790 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' from origin source
2021-05-07 07:21:12,790 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:21:12,790 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:21:12,790 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:21:12,790 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:21:12,790 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:21:12,790 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:21:12,790 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:21:12,790 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:12,791 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:12,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:21:12,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:21:12,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:21:12,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:21:12,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id1484821572709233529105561', issue instant '2021-05-07T07:21:12.395Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1484821572709233529105561"
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1484821572709233529105561 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1484821572709233529105561"
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1484821572709233529105561 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id1484821572709233529105561"
2021-05-07 07:21:12,804 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:21:12,804 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:21:12,805 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:21:12,805 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:21:12,805 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:12,805 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:21:12,805 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:21:12,805 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:21:12,805 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:21:12,805 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:21:12,805 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:21:12,805 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:21:12,805 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:21:12,806 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:21:12,806 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:21:12,806 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:21:12,806 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:21:12,806 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:21:12,806 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:12,806 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:21:12,806 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:21:12,806 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:21:12,806 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:21:12,811 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:21:12,812 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:21:12.812Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:21:12,812 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:21:12,812 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:21:12,812 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:12,812 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488 to 2021-05-07T08:21:12.812Z
2021-05-07 07:21:12,812 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:21:12,813 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:12,814 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:21:12,836 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:12,837 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:21:12,837 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4a9b848e'
2021-05-07 07:21:12,837 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:21:12,837 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:21:12,837 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@43d26013' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1651908032576' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4a9b848e'
2021-05-07 07:21:12,838 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:12,838 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:21:12,839 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:21:12,840 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:21:12,840 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b83fccb3587bb2c3660d88e7fe16fae8
2021-05-07 07:21:12,840 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b83fccb3587bb2c3660d88e7fe16fae8 to Response _c051d5702db456445fd4c01afd4bc0e9
2021-05-07 07:21:12,840 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b83fccb3587bb2c3660d88e7fe16fae8
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:21:12,841 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:21:12,842 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:21:12,843 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:21:12,843 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:21:12,843 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxNMZ/nMAZ++CePx5MW01M5ejFOFdy2cE4UIuStH+j6U/ik8D9UTUwkoo/QMxVd7UNTHyoewcPyLOAX0C9TZg48+KIlTqj+d1t/kpDdFXF6AilA+t+IQ0Dp6MiB9hXaInaaqeguIZy9Ue2Rk/RnTMzCPKkZIz56aJL03l8y9zAQzd5 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id1484821572709233529105561
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:21:12,843 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b83fccb3587bb2c3660d88e7fe16fae8
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b83fccb3587bb2c3660d88e7fe16fae8 did not already contain Conditions, one was added
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:26:12.838Z, to Assertion _b83fccb3587bb2c3660d88e7fe16fae8
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b83fccb3587bb2c3660d88e7fe16fae8 already contained Conditions, nothing was done
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b83fccb3587bb2c3660d88e7fe16fae8 already contained Conditions, nothing was done
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:21:12,844 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b83fccb3587bb2c3660d88e7fe16fae8
2021-05-07 07:21:12,845 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:12,845 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:12,845 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:21:12,845 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:12,845 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:21:12,846 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488: replaced old SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:12,846 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxdiOFCGci1Gv4UesNMqbxgDK2tu814BCy5zTRWy86SSjCjgZIpv1C3Rc3lzAo20auE7vo/2BCDZ+AeaaH2ufvkx/sfPBiJED8Z+J8cZW9ehzvWLZ3hd5XfPDkCLnuhbPmGKGXjeTG/PH1YE/XtG9vl5Mm8bQzT9TwyGIYy7EowgnkSro=
2021-05-07 07:21:12,846 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxNMZ/nMAZ++CePx5MW01M5ejFOFdy2cE4UIuStH+j6U/ik8D9UTUwkoo/QMxVd7UNTHyoewcPyLOAX0C9TZg48+KIlTqj+d1t/kpDdFXF6AilA+t+IQ0Dp6MiB9hXaInaaqeguIZy9Ue2Rk/RnTMzCPKkZIz56aJL03l8y9zAQzd5
2021-05-07 07:21:12,846 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl was replaced
2021-05-07 07:21:12,846 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:21:12,846 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:21:12,859 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b83fccb3587bb2c3660d88e7fe16fae8"
2021-05-07 07:21:12,859 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b83fccb3587bb2c3660d88e7fe16fae8 and Element was [saml2:Assertion: null]
2021-05-07 07:21:12,859 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b83fccb3587bb2c3660d88e7fe16fae8"
2021-05-07 07:21:12,859 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b83fccb3587bb2c3660d88e7fe16fae8 and Element was [saml2:Assertion: null]
2021-05-07 07:21:12,862 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c051d5702db456445fd4c01afd4bc0e9"
    InResponseTo="id1484821572709233529105561"
    IssueInstant="2021-05-07T07:21:12.838Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b83fccb3587bb2c3660d88e7fe16fae8"
        IssueInstant="2021-05-07T07:21:12.838Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_b83fccb3587bb2c3660d88e7fe16fae8">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>n3cpOvyaRIgNMbGpSTAPs1q4BpGM3r7GaVYt1AIHL6Q=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Sz3/OjI7zoJMKdH9Ti1+Qm+TQtRpIyHWt3BZs31YI7GX1CmXSaARHmswidPOSG2LIIkSL+IVwkeR5ia6Kd/+aZZBy7rZfT4MV21H9k5H35uzl2D6dKLL/4TpNGHaPsDD+ACcEdZABzOqby6RcavnMyJZUTiPCHqj2xgoHnRC4bLlmLDl6vG69xUxDAEVgL3zrakVmd3SJC0V+SjZ3S8Z2go8dPVPs+u+soYAq/HmzP2rhADhKnnwuM+g6J6nulfrzpSKujNuhnNLywxtDTVTiPtjClTx7h/Zc2mItuZTXyuIQnZslOe9vgpNzq0TZyxl3n5xmgIG22BYtqm3yREnxw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxNMZ/nMAZ++CePx5MW01M5ejFOFdy2cE4UIuStH+j6U/ik8D9UTUwkoo/QMxVd7UNTHyoewcPyLOAX0C9TZg48+KIlTqj+d1t/kpDdFXF6AilA+t+IQ0Dp6MiB9hXaInaaqeguIZy9Ue2Rk/RnTMzCPKkZIz56aJL03l8y9zAQzd5</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id1484821572709233529105561"
                    NotOnOrAfter="2021-05-07T07:26:12.843Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:21:12.838Z" NotOnOrAfter="2021-05-07T07:26:12.838Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:20:30.229Z" SessionIndex="_e231fdee41b13cfe7d77576191e97d42">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:21:12,927 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:21:12,927 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:21:12,928 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c051d5702db456445fd4c01afd4bc0e9"
2021-05-07 07:21:12,928 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c051d5702db456445fd4c01afd4bc0e9 and Element was [saml2p:Response: null]
2021-05-07 07:21:12,928 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c051d5702db456445fd4c01afd4bc0e9"
2021-05-07 07:21:12,928 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c051d5702db456445fd4c01afd4bc0e9 and Element was [saml2p:Response: null]
2021-05-07 07:21:12,930 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:21:12,930 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:21:12,930 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:21:12,931 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416&#x25;2Faln177a159h7Zf52X0g8'
2021-05-07 07:21:12,933 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_c051d5702db456445fd4c01afd4bc0e9"
    InResponseTo="id1484821572709233529105561"
    IssueInstant="2021-05-07T07:21:12.838Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c051d5702db456445fd4c01afd4bc0e9">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>MD3HBKdC6fQY+dGEiNXoCiHXNuywg7APHwERt3/rCGM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>SDErQTSDVt2uZpbACQvY7nFtVl2OliEXMARcMbNvOEt22oJWoABIDZRfltNkEwKFSexuTA7+GKcIE6r4QgHJD268d0AeBWxAeEIUEXIKfHRlDhpH/NlOHzeNDAgtBEwgiV/2xuD1JPSKh8tG1LM5qhlrEoS9iqvc8JdPxbDFEI74TqXa3BM6PjNJk4CaHcazMISgn1sGQXo5k/wW5h5wbzV/Ou/cKzPsGAq2/ZSXsd5W74GOoiWUeIayh7NMRmTAkIeQcgRYIiRnaBzToJkEPxWUveNaY+E0vaNd8QW0GC9ryw6T1UjXP34iu5hNSyRi/huj6o8QDJEV++NOVkPYtw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_f7ed672151e81d02a7fd6e0738fd13c2"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_36553cf82b56060cee7d9d59214ea7f0"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>IRP1DSsr4nbgU7GfT4zdsRt7wg/ltmYbhgGPDIo3j74/DkYahTa/Rs11C09qU82qJ98yCVyz1S7p5L8IO5Aa2VWJq5oMuxBQoAO3ANeKebQu1OxxKaqpQhVOdjTghdcQiiytjOz12tgub2KZrI7F5K+C+MOuqzTavR7z3diKlyuCKFXDK9ymr579ef0oQUk5h4cNdvSg69GudaOkHnNC7a72r+UX101WNPjStoJOS2Iuklkb58EMhH6hI0vjVYDBtm1bsR8HvPALa46OlM6PSMjBZ+58PFQvXD+ktIu0roRghIsPMZl4Pe7p1uTz+Aq/V1e9Ycmos5tM+myjFIR7kA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>xD18NpiMGK4g2/PDOhgMEBryuy0a5DyAm+vMBM3HNTC3JHGqV1TNRyLPuDHrHTu2TGda49bPRvQhesICgC4s+VEZGCaK9ZQXggocKtRNKzvVCF5+tg+wu31pm5T3j5Z4ela+7JGVhVoPYSxHgImmHqMjmf49xWcFZArKKq1u7Hd0PWTQxcfRUF2PkYrCfDHypoNjAl1F5DKPyMZ+WD4NIk316CVgzVhXO8652oGshJdWxAnv+TnSS4qbM6dm1gMtgEGW2r2a0n5gwwC+wP1uKRpeciBTUmFuKw9gKoTaopHV1VoSt8oaHpDorEa93z9oT5xBfz8k30ch6frUMoOjXT0xJY2/ZiQ7TNXUakknjVTaB3zYu19VWRtNwEByjvW4LR9nDx5X2gMdZ5XZKObYSOEy1y2369nxgbDKCH3WfSRAkt150WaeMPyIqw71is37N7tNJj0OJFEUQKYazFRhLt7OJU1eS6BgCiYpIaXqVehFXxxONN9E/M36MegpduanN+oyP30sYGQG8VrKZvZscoK6j7Zkm8WjE6LDF8KHLHHN5IZiWRS5CsCWJZRU7x6Dgh2RLOry4OC39F6AaKcAoJoHsobEFMIERLPc1uEQfX/PsfiBWO5TWS7lgkSez+l4PlrmSn/YT/a12Wuzjyopwj4h8inwCXdKECq32018vV/aVN3xkJfC7mRlalaWWu2fmUT65li/HNEU3Bp4rCrTzLpPYE4uJ1a9LXg/XOoBBMm6tA78+f3iKJnDUx0ZjQvWbFeqPwBJeP+wSuoIMby6rRrfvxGjnG3BfiEoEYehxMuMXYmtIdWGvC0ARDY/Vfx+RMOfxFG1vgUkdObIAZWC27IaIfxY7muNNRHMl47ba3roLPlVFRUaP+xuA0XlA/neFcwX14ucY4DFGjrhh+pEl7aKk896+JU2Yvh8Xx8nHqowZzYyIN//whtL8jZyVqBcxgWUU/DwnKAXxOVnQzo6anz0zmUgAmUSOeBFOG8cDjgbQfkyJnWtCNPQJWcY2TOjNGWIR3XrZn2WJnFQ2EgeYvRIPIz3ZZvvJRv4Uaiib6L5qr1zR/ICp++r0cbTIMtsL8eC/qfvxiYRfce1OqrPDCsDAZ3ASAIzjeVsmRSr5hGoINJ5dl3i0q4dfWgoocQoUBEjO51qQs85k1vQzOK5Mjh7KuQfq+auu+JOQ82u3IohFgLC6xEfF7JlW3Te8uH1HkiOINe3AYF9FPRYtdjWL6rv/s41tHyY+8rckW46LSNcnKyRs99lJwbUt7Y4uoRqxykwDLgeW6O7/0T0GPAomS2iPNozFhPlV1pWCUBL9olphEVQFzApU4J0cAwLXO2ZrrtrFRx54DHJxGBuC2Wr+fju77mA9n8TxHqbgqjtBQKbMWdTzm38ARQjxwQ/UocKSJwAEi4rUUUycZHFsvW2sZF6dtHStADYOe0ib0YnJaKQFGWkQrniq1UShnkmWdreoC0qGc1hW/F0XiJUC2PJ8DuT4A6fgB6nl15iGvma326MlaHIvypJkn+GZnmCi0LFpkRkpODhZ1webUnXDceKM5jczqEFsz3rI7FnRFpPKpCAwV1Br5xtEKv1mXOIvSfge2nl8fTMgjBBvpkwQgMxSKbsvG87R3B1dYQx8wjUq+IKStaKjMgO9LVwdc+0+nFy55xaekvDkz5cl3YyvEGu1LPFHDojcgaqgjjRBbxnXUoFzrcUZQcnqrd4FZPToZmCRvuv6+5HM0CjdOr3kEX2Qfx5xdImnn1Uitj5JbTrlVhRLW6VZwzwryz37tpNWMYLt4k0lKXaGWnAFj9b8MXoJpJix8yDGoLNUC/XhmLPyMVsqWom4/BX4BPg/4etfuFrCNhxsM/J3FlAVAeDTrn4sznhLLTEMldmYnijVMkxLY3B0fMm8sqi2NaAYS3LYRJittxIWedGFhQ7fD4N7zcJH4z3zcVsuoBDr+OffVkOAfDW/Ztf7dhtrmPzfSht2VPFCJcWq9ORJRquNM3O3As1/AO1TeSiQcyAri5Hx+2b4kxxvszcSgSdA4xYY0TgIHA3yYz5Yo30QyyN1CBU28S+B+m6I2ZEcINyy0m3u9abGhyVmdhvBkG7XwP/hNcfbiOYPZiWFca0mQQhNH74lp0O7RJj2S4Ah3VBpRmH2MPOzEYzXvovMPBkYHtYhTx/70lecBo8wv20tfva8z3AFRf8izt6hgj4Al72iJHXCf8k/uM9Vif6RShn4RRdqicMbI3g0kpjjRJh9BiQySDe+nxPMMnxJ7bL/bOiamNwIToZZvf/K8Jklk0yvfG//qfhtr3QtD/c0VgNMG0zc9MNSSMUezg1Wekx7QZkCtni+UVf3l4U+PJSHTNkH4MjoQvuj694cxDTFw5OfLwqGOlEG96xhAXR5cnDhKLt63qICo+LtNSfgCmdZHAvkkSSWG93kDECMN3FOWcxB170QtR1gEs2yckP1avR/cdL4L35WjgMTNdf3yARFGBB5n8nv0be08KwHnH+xxz5rKv19jhymrjTwCasDfiduK2GDftd8aMnJ26Y0QQtXK/r9E1U1OSbZJb8A+qnNTCQ057lKId8mpGzCFEIGYJKRi4i1l4V0CdofsyAPwUO+3FEzzw33pnb/irhYfFuYfVHMNNTWi/iouAJlt8cCPi3GiqPNSMrnoTppj1U5JwS/lAKsz0txz8V+tv6V5TfJqhUhyobMXfWh+kZobCe+uRhtbDu3UnX7BDiabtfsLCkoKsjJg+EXpQfvXpIJ18S5kZm4JxMLP9PoG1vJAW31yMV9TBCBTDmjAJKOU9BcIRQQVVvrzV4/QmSVUf0hrAfXu04blwfx0dwpSU4+Clj3Sjx5NDhRtXyCpEPsnO4DnQURRK6bJFvWTtnHZtJ5AcEd2RJi6ZgdhHKl7H7ZBqpFD0UxBS6rJ9LUCTnJALeclBRMq7/jg8+pbushYl1I9p1KyOVdvcBGR/fiveWDVChBpa3p6zpGaoQ3bKKb/wmU1QHoQA0uuTUGMoRO6gUGNAEFr+r4TSY/sjHK5MKAKsQnOZtb3rpbhCbHXQ/2sTIyXN4lsVqhKhQ49/WRIuBx6DpRrtsExFl/Wn1B7N7ByHOnCcuV0YTPxdpsBsdTQNNa9TX28qrbc+838YoVFWZxFvuhcgGm3a/F0Wtzgpdhpv88kUe8tu/1EkTU5W5XTRQcmJc8Ldjfvi6Pj7HQKjCSZeEnAp+00MIBz2gT0YQVUG05Vtp79KcUVu87oNceUyAQQdUkki/T79x2ca2dK2ixbS+xanQu0Bcis1mmnJYM/tPFJvCf7+MeqV+HuwALFmTW9jKwPhag3ZFpWYxVcfyxC/86rwXnmBWFZ7AFWpPZRJsHaTxw3Ky41X1BaF6n0DgAblTQeIZMfEOjun5Sgo5Vr1aASFtX/k+jgdLaX/nG4VUvPymgzTtmGknRnO5KJzz5jc9JKBNr/ru43glPTqs+lc52hZoaJ1uR3zw4oE5JL+NWLt+EQ4Lal/D2Bu3S4YAZJIoTKCm4VLywGHl6qHVoUb0QKCM+loHGXgpzN/eeMbs6ck7DA4hFrMQ3310wPISQ68ZX5s0Y25YVVxNvs8m3RokVVaux6Nrlqf6BPnMAduEE6gYTUhbGmW+L8WREzTdPxPDprZPzJaqAte9OjhRC9z7engL7lpkqQ66ydQnwMcpUv+2mpzF8OlpA/JZoH15m9sBXwp6+BVl6GLhRusBXxiBIxH9+UUdubTtichaeq3Fh+BLiGlqxpFQh7tIXdYrtE2lgWJL3l/TKphrQ9u54mz3bcw1351nl2Mc1uUY6exEhUyBIkkmCHGolwp0Mn0hEqkVK3POWbMjCTPLJa4Rl6PFaugjesKb8Y+8zLJhuI3+WTlWqpnXGnShV/vZtB6CU++/dUoncW0UtBcQo1L1E53+mgHz49LjUdA7wCHPaZ7r8KQUuZcEGef2PHh1dBAjgJsFYsylZarqbYl1vipRzAhdNBdBlVBT7FydKQ0l6PNpZsD0cYvziXF7YfmevZQZApVQHENYBPLp1NN1TJdlqrLOrC6vBKE7my+AMrazwEcHa2LjKoSwvr3iAYwnUM8g9ATzKrqN3NUAx6BpaLgsNKhT1RpxkuH22JnA8TFW+kXVKfjdwAtAqacSsGvwpQM/TnN36N6ZPdbaC5AMwToVR+2R8mcWcSdxcYjbHAODMqLiGO4+IgtH6ahxaqv2WE6wfY6LUi/33iL32c3SSxh9l7SWT+xIvfUqV/nztYmekGPcnmeXfsXF6CbBKK8rRxaF0poOhabbLoibwO3hADt1ZCG9zDnWrxh6fHXUCW08rCntVDJCcAFUd7Y+ZKCOL4ky/sKVQ7QCR8Bfzm6ouLfFsuNrXd53wuyTGV0moLadgQ84HneXQaQ/pKyfVnj/ZJtUFcacD8biLtxz5Od3NF2cUVIdqrP8ibrI2vxiXy08tyj+mDoQLhZWJw9y8xUQkSZmq9JhGyUaIg0KvOcLXG2tS+ZvNT6ZhS8VayQH0pc61Xxp7z30hX+i1mdfSNZsGNY4tzSsYvIMAlEkjeGoRwd60ZX4aVjDsV7WaxbgGmOi88ADhxQbTItqMcQioIqvxUEte7b08pIKTYAUU69hXjQ+0pTTrxoRfZ1Eubfa4W/8U80CS/wmdXyYJgTh+xXENIZhqV31rBPffsbqxzW0d5UlU5LclnyM39RFL5ECuvlCY0bKe5WXkLUJe6ZLLgqjxIWSPsHycWv900aDF9MIvbKCty7+CoRCZHXa0RsWG2GFIMPQUs+nG7M6PeTi7uICKBM48s0XzPm/eryRROiRO3r+6ZWg6EAJ6NyYi+UMnbiWpOx8TITJI7yiq2jeG5yks4rVyqxQoTC6oB5awtvy1cdUR47cbnbL0WrVTcuwcKdza2MPAJGATlV58Rj8gSx0JexWvdROIcuGVPrvlAEGZY4G7mpU4ZZGn1C12r8wxSzAi/4UhQKS8TxS5bxp8CJqT6I9TThIpcjnadDQBr/ltxasTKhY3G6emjXouD3NgcxQ8q8attYjsGw82gN+wqt59JFH8OMTy4cqfwec5XdOgheKfc9iwJ5YS9AtEBbJOQl+fPa15Ty9bcyXbhCuOAnD6Z+cIPcRdRupvgWEArVHnyRVXHpMhLEqPp4YZ0MbkVHATUcC31oHQt0FgInAc09n2WWKfOSRSpr2YC8JMEbsEgnqDeoPmkPwso6VIzxqfhw+HMBhTrf2Kb+MJHxDlOOiRuFCrxqlLdPNaWmADfJPl/2c9Vp4nE3xvM18IT+7zafnh08QmunzoUQxjckQyv148+4+lPTxlBmoEW2s4hvkXP1gES50/fvNQt+SLZZLEoFDQKPEM6SgqlPSf1V2dtMCVnMCa5jOUOspC2Dnb5UFfm2Q0Qy/nvvIy698e4z5btqb46S/JSYYHemX1rRNtENtr16uk8t2LpEz7OmHUDOD5l0OKJv8nAresgN7SLtRtutb2zIqp6w+PH6OroYGrAxmbL2MuPvggDgUHAekCjDPNVx22qYZOPXwIv2QSADTHzpcY4lrWOIy4yJuaZ+zCuCvSRMFI+vfy8P3KLIn0sWGjcB40RZfJ6lQyI/xgzxYkxIQNaxImJATYuCow7rN/RNxeuf2kUKgd3D7roQEm8OEMJIGeWY/sxWznrSME09fO6URBJiF+n0kbFM71RCg1L0I8eOr42q1xNCfPg6iFzZP+F5f3n5Zd2+Pgh+Ebp7DFTburER2zbbqtscf9VV+GOhkC1vSs923sXPE6Cw4dL+i6oDYFJe1B0RtJ1p5/lp1O/wH0lpk+zWWiitJ/B0Ute2RLV5GePpjwHifx56mpOyLdv1dScEPBZxMRd4qG9EDklftEANwZTTM1MezKQgwYc6gCbKnspcWsMMzRnZuCmtknZJEw/sRFePch53XIaFOq0cv7tkbwBtcvhoXVdnfpqBpPlxF3bK9u51K+VzaihmzpKVR/S/U2OCtcGfY5vgr7LDon3eDK4lhs+WtAMWIpS5pBxLdT5lCh8jK8IFvZ9BBvEHOAEADRglQPC6l8V5ZRDpKIwpb+cl2FTAzInolm7ZbjutTrEiz+iu9AwNQ5y9//9ivkEqp263ZCxv48km1Me1Sa5Bhk9HkFHWDpKl1XkaK3zkuMdNsa2OuGX0gMMHJxtKyI3EFGzLrMfoHf/jvUG0Bu4p0EgTNavlQKrVE5VI5IGWsiutGNRm2q4rvYSWoFKnJqWA4fZaYWHoHWt4KhZdpw1drNzlfAhg+JtKM6w9tfk7DIlkjth82XNjQmSt90Y6IBekhTBCnY9euAVG5Xn2EhAIk7xxiPOJtOBk2MK7/IyDZWGYWHFP9NtOWm8B3kyvB9kdIWcS+mJQB3WMQ0alzk9k03hU+K/V4IzFHMecrZ3HDTAuR/V9OMsimeC4ZtuV6F60Rv4lGZNFJ/TItst1srJ5E4YUYjQYxEqC3EG845DhF5gYB6z4cdbnafPBCyGx8lxlQ0nuNc5p2Z3o3C4lHzTZ8cB0jNc/EWGsPnjAuCCMw1mmVngCY4OjbYYFlbmQgHu52EyHC2wHQtt8EmLITEGHuk+mWPQjC73VFLF2rOBXjs/bwRB/ykYXWNmmvmjGC/1YI+32kW4wx9w2O2eiRnmst7RdtN7Z75uJW0xM54hoDmX8GVcEBor0UHLGb3Uz3/ZIKOlqJJgq7ysFao9SpgiLJXlIoWRTvgT8kOZ6yQ4WM/Z6SU2aP1fu6jDsm5mI7nz5ncwwf94lg9dJ2xvx14xupc07rC8AMzvor/iTNaH/i6kS9u8G+Eub7im8GMGqwLP9/dafHBgGIkUu9YiHfxTcF/grOTXFuCpbuVbqytaO0N2re/9/W2bsb4rIxa2hhua5Fir6sCJxAq5kz/zoxumLH+VxjmHXwiCx1QPx5is7RqgHEBJitBOmb+8FeZuj1fShxGrMs4C+FSSH/XHXlEEp51vBoAirDwu3hkZa1OxYyEWaBGXvbmoixCxiV+hMJlc5gliwaLOtQPMn+u20VQSCGTjFdeos1A0rJUCcguh4HxCn2Ui5wGOJvkYQpBevr9BWeNV+95RAmZGJf9N0ZuDa2Se9gKbcvu1zQg0Das/UNh7VYSz0fi5+5qCK49c44Cj9L/iy/wn/W4g5hwLOG3z97O5hjCujf+1HyNBMf7Rw5b/+ChtRCMHJ6Nk3WFfdfumm1hrCUKjsDg1zvmMuoK952WiyZuOdDQLHZ+CirOhxSXPORO5+Mccv/NRf6QChD8zlnfKOyOKAnOxedDuUt8tkDQW8GZQkbZZwHy9wwi7mkvRP/M2sOWz3TsMARjHxOW/xRwTSsXr8/6izHKe5/yOx1jcL7+jX6nLQX9Lt/3mo7fCJY8otp6ikGlVr6OR9dUKNRUagljZB5hV56E+UWIN3u1Vte8J+y9HF8glG0NRXDcclxrqDi16I9UYtOuK/O3KY3UENESQLAHlOUd6yQlG8kCnzW0aVJiXygx8JALjh8Zcc/4tSUQVp01tXb1MuvnZn+NNq/sEFGQgKHkPKGWeOY3Nmwwarb/WjsMujlgmbeQuiaSsYqr4bvdJE3qenmj8CyMUYkbjO27W68OS1w5QdDzvdKLpbc1PCTcqDE/vZSox2uxM/YDedzlhX1suYG1gOH3TLAJaIjM99eeQmHQ1BUGDVLpRMkKPx/c/hTgOFhVb59RRchssCvQ6A+9ASvg4C04egDqXIFxncyiMFFNlEsoifszR9p575/RXICxQsx9z9ZVrmaM2/SB3+tMLWFR6kdBThb4C6FXoz95va3OWo0oKoO9FWrC9tEmfBM/wSYhdETSsfB88ee9wRU+funECTXGdte2d0cYv7+J8tgOzbmloaar/THN6Zcnpu/NToVxX4CHkHYEw/+fekhHjaCFnBYtbMMCWc/yOH8oqssIzr1nRtcEz4lqtIWqBPStVwEkWnLMmDMUv7Q+YC1K4mnQuAMf+nrjGZ3MDOVXgAin9mLOFwHIv1qqK9DSJ9Gn0g36kBMvbSPnPeCFBiQAKDMUchdqxM9FlxKtPkx6qKy+D0fVDj3yxNatpZiqtGHugwegLLu17q+q2dXP+AJos1EC7r72+Lt5qU/Bdb970l8i+uY6hTgcQsBhmdtMUdd9v86PZtA15dkD/vOirW0CUo0KT0Fh99dwPIlQgxtJfaD7lF6Tsea6N7/sRKaqBmbVQy4kN9ysY6dbjsQcSWiN8s4AbitXu7hIoW2WoaSPQ6YWWhSq4kzx3NlYbbJBCjsD68mkggxLK1QvTa8ryBpW7PCoKEGGjj4MpQkYk/fr6MVrrLMtLjCWyswfv0ZhfkAFfddL79ELuDoJh998SKZ9XpZYB/QRFJxlvSyly+HYyNgANm2TUtxZuIh2TKaoIkjf5QfDAazHV3cHQR6CBO8bB3d0nZS1VA8KeHGR5jaVUodRDBXQHI2Ofmhg2LBq+SoP7ce9OYcw/QgngYwHjtA5j7L</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:21:12,933 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:21:12,933 - INFO [Shibboleth-Audit.SSO:?] - 20210507T072112Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id1484821572709233529105561|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c051d5702db456445fd4c01afd4bc0e9|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxNMZ/nMAZ++CePx5MW01M5ejFOFdy2cE4UIuStH+j6U/ik8D9UTUwkoo/QMxVd7UNTHyoewcPyLOAX0C9TZg48+KIlTqj+d1t/kpDdFXF6AilA+t+IQ0Dp6MiB9hXaInaaqeguIZy9Ue2Rk/RnTMzCPKkZIz56aJL03l8y9zAQzd5|_b83fccb3587bb2c3660d88e7fe16fae8|
2021-05-07 07:21:41,008 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: %2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8
2021-05-07 07:21:41,008 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-05-07 07:21:41,008 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-05-07 07:21:41,008 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="id1491383883067163977938454"
    IssueInstant="2021-05-07T07:21:40.615Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#id1491383883067163977938454">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>WODMgYlBAgQaBNv2A4dAbwDg2Xo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>fsDdczc+KRE22KU3NOUMTEWqmJaSH1Iv37RNZi73kyabLz5XioIfHSL8bNaEKae4QZ+R9miogPy4ir9nvUjy/sDh5DTp1ertvXXHTrFea4Y5Fa9Zohi8TOp4D2f2Jy8YzlpDu+Ay06LK7MKD1S13FvY0undhF/QqHnFFx0vGEIv5AU7WQJrKBH7GAHcJo/hBn/OpAsFe+ArVgRCQ2ur8Uji9auPbXwO+w35yCdOoldoSdWTKCg6ZUrUJYokD+gA6mycmPRYncZxL15LwmU7L/WY1I0C7GQMPbG2ZqKKqqRTLqg61yl7ra6p1yO/iQ5Yfl0rS2aFYd5KA1dHA1deqVQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2021-05-07 07:21:41,015 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' from origin source
2021-05-07 07:21:41,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:21:41,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:21:41,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:21:41,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:21:41,015 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:21:41,016 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:21:41,016 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 0
2021-05-07 07:21:41,016 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:41,016 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:41,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:21:41,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:21:41,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-05-07 07:21:41,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:21:41,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id1491383883067163977938454', issue instant '2021-05-07T07:21:40.615Z', entityID 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 20849992966199614301675838753789986976813681683787802327077145202465970240380579431297809943486705961245836800069288676363890484247787887863185930622051058053634572487901723746446294109732526540428229724350278351783206630760951401901194997923458580580549213091528602126404968334078965947690612484989912150388196242240824312684590011848821037645115733687216521241731665656808539917027565985374269206242617213520178009057697523764040279229113765499695207683293876272680062519629815438959917195418653334337112210330985630870200510902529522037988093152765987775255524831617532909083723957192529729991092625758459577238833
  public exponent: 65537
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1491383883067163977938454"
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1491383883067163977938454 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#id1491383883067163977938454"
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID id1491383883067163977938454 and Element was [saml2p:AuthnRequest: null]
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#id1491383883067163977938454"
2021-05-07 07:21:41,017 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-05-07 07:21:41,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-05-07 07:21:41,018 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-05-07 07:21:41,018 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:21:41,018 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-05-07 07:21:41,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-05-07 07:21:41,018 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:41,018 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-05-07 07:21:41,019 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-05-07 07:21:41,019 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-05-07 07:21:41,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-05-07 07:21:41,022 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-05-07 07:21:41,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-05-07T07:21:41.023Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-05-07 07:21:41,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-05-07 07:21:41,023 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-05-07 07:21:41,023 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:41,023 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488 to 2021-05-07T08:21:41.023Z
2021-05-07 07:21:41,023 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-05-07 07:21:41,024 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-05-07 07:21:41,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-05-07 07:21:41,026 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:41,026 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-05-07 07:21:41,026 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@10aad1ae'
2021-05-07 07:21:41,026 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:21:41,026 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:21:41,026 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@43d26013' with context 'intercept/attribute-release' and key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl'
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1651908032576' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@10aad1ae'
2021-05-07 07:21:41,027 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:21:41,027 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-05-07 07:21:41,028 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-05-07 07:21:41,029 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0df75b354e67bae667be3ea8ec6bd85d
2021-05-07 07:21:41,029 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0df75b354e67bae667be3ea8ec6bd85d to Response _8e47ca00d05c2d78c99e6cbbe4e1e5ef
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0df75b354e67bae667be3ea8ec6bd85d
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-05-07 07:21:41,029 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-05-07 07:21:41,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-05-07 07:21:41,030 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-05-07 07:21:41,030 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-05-07 07:21:41,031 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-05-07 07:21:41,031 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxoTE57ajHXfHgIvFpqf3dqsNL/r47IB+Hu6Eb7xzSIjNL870kULoLAz7BcBp7YiyMFfeXAQim4X/uZAV627o5ZxM8H3iolE5V5zhhL5tHtNv76CYk4tc2etfNLtUWEkg8fSNZWKDaTeNVsoz+c80eIu3V8so/7Xfr4RYvkASGVPoE4MA= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 62.216.214.83
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id1491383883067163977938454
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0df75b354e67bae667be3ea8ec6bd85d
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0df75b354e67bae667be3ea8ec6bd85d did not already contain Conditions, one was added
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-05-07T07:26:41.027Z, to Assertion _0df75b354e67bae667be3ea8ec6bd85d
2021-05-07 07:21:41,031 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0df75b354e67bae667be3ea8ec6bd85d already contained Conditions, nothing was done
2021-05-07 07:21:41,032 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-05-07 07:21:41,032 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0df75b354e67bae667be3ea8ec6bd85d already contained Conditions, nothing was done
2021-05-07 07:21:41,032 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-05-07 07:21:41,032 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl as an Audience of the AudienceRestriction
2021-05-07 07:21:41,032 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0df75b354e67bae667be3ea8ec6bd85d
2021-05-07 07:21:41,032 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl to existing session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:41,032 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:41,032 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:21:41,033 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl in session 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488
2021-05-07 07:21:41,033 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-05-07 07:21:41,033 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 10e78a43d8c272f19ef0a89c0993e1e2a60e06236bf7fde19e9b7c3bbd8e0488: replaced old SPSession for service https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl
2021-05-07 07:21:41,033 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxNMZ/nMAZ++CePx5MW01M5ejFOFdy2cE4UIuStH+j6U/ik8D9UTUwkoo/QMxVd7UNTHyoewcPyLOAX0C9TZg48+KIlTqj+d1t/kpDdFXF6AilA+t+IQ0Dp6MiB9hXaInaaqeguIZy9Ue2Rk/RnTMzCPKkZIz56aJL03l8y9zAQzd5
2021-05-07 07:21:41,033 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl and key AAdzZWNyZXQxoTE57ajHXfHgIvFpqf3dqsNL/r47IB+Hu6Eb7xzSIjNL870kULoLAz7BcBp7YiyMFfeXAQim4X/uZAV627o5ZxM8H3iolE5V5zhhL5tHtNv76CYk4tc2etfNLtUWEkg8fSNZWKDaTeNVsoz+c80eIu3V8so/7Xfr4RYvkASGVPoE4MA=
2021-05-07 07:21:41,033 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl was replaced
2021-05-07 07:21:41,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-05-07 07:21:41,033 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-05-07 07:21:41,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0df75b354e67bae667be3ea8ec6bd85d"
2021-05-07 07:21:41,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0df75b354e67bae667be3ea8ec6bd85d and Element was [saml2:Assertion: null]
2021-05-07 07:21:41,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0df75b354e67bae667be3ea8ec6bd85d"
2021-05-07 07:21:41,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0df75b354e67bae667be3ea8ec6bd85d and Element was [saml2:Assertion: null]
2021-05-07 07:21:41,036 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_8e47ca00d05c2d78c99e6cbbe4e1e5ef"
    InResponseTo="id1491383883067163977938454"
    IssueInstant="2021-05-07T07:21:41.027Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0df75b354e67bae667be3ea8ec6bd85d"
        IssueInstant="2021-05-07T07:21:41.027Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_0df75b354e67bae667be3ea8ec6bd85d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>Hvpf2MA3uMxYgPtobQEPGVtSiEb7mDLViO1zhYu07gs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>g4/HBmIM9aCzCTsuoOKz7KpHKrJP0LB40I/48ZOOTMLG5gt3FShcWWw+1hAjnrcMH8aLz1Y7Dd5g2nuka3bvT9Rt+e7hlh0insNAwF5C0aF2DItoXL+Q4FBZB6dWypzh2AqqqVnAt+5eARJ2i4CHIZ6/TaimrB1i4VOehZ0dAX0m/5THYKD4awpfoFhXcxW4K8cWu5w3Q37QD2BBhsEo+kw4MAHafLj6KZo3MOtyvJ4GpdKQEsakJ3iwv7uBheB2rmx3iCujy9MffMlLh4kpBRwB3i5prYlpWRkj27waltt94xm1Uyc+SHrHIw3FU0AThJPbEhCLy+lhhiaY6tcXeA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxoTE57ajHXfHgIvFpqf3dqsNL/r47IB+Hu6Eb7xzSIjNL870kULoLAz7BcBp7YiyMFfeXAQim4X/uZAV627o5ZxM8H3iolE5V5zhhL5tHtNv76CYk4tc2etfNLtUWEkg8fSNZWKDaTeNVsoz+c80eIu3V8so/7Xfr4RYvkASGVPoE4MA=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="62.216.214.83"
                    InResponseTo="id1491383883067163977938454"
                    NotOnOrAfter="2021-05-07T07:26:41.031Z" Recipient="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-05-07T07:21:41.027Z" NotOnOrAfter="2021-05-07T07:26:41.027Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-05-07T07:20:30.229Z" SessionIndex="_c9e4696d52a7095dd4d6ffe3e9fa34e6">
            <saml2:SubjectLocality Address="62.216.214.83"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-05-07 07:21:41,037 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:21:41,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416
2021-05-07 07:21:41,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8e47ca00d05c2d78c99e6cbbe4e1e5ef"
2021-05-07 07:21:41,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8e47ca00d05c2d78c99e6cbbe4e1e5ef and Element was [saml2p:Response: null]
2021-05-07 07:21:41,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8e47ca00d05c2d78c99e6cbbe4e1e5ef"
2021-05-07 07:21:41,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8e47ca00d05c2d78c99e6cbbe4e1e5ef and Element was [saml2p:Response: null]
2021-05-07 07:21:41,039 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-05-07 07:21:41,039 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416' with encoded value 'https&#x3a;&#x2f;&#x2f;tecalliance.okta.com&#x2f;sso&#x2f;saml2&#x2f;0oap94dflSK6H8JFr416'
2021-05-07 07:21:41,039 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-05-07 07:21:41,039 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '%2Fhome%2Foidc_client%2F0oao30vt5BAMaNybM416%2Faln177a159h7Zf52X0g8', encoded as '&#x25;2Fhome&#x25;2Foidc_client&#x25;2F0oao30vt5BAMaNybM416&#x25;2Faln177a159h7Zf52X0g8'
2021-05-07 07:21:41,041 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://tecalliance.okta.com/sso/saml2/0oap94dflSK6H8JFr416"
    ID="_8e47ca00d05c2d78c99e6cbbe4e1e5ef"
    InResponseTo="id1491383883067163977938454"
    IssueInstant="2021-05-07T07:21:41.027Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8e47ca00d05c2d78c99e6cbbe4e1e5ef">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>1SK2/lBFzihk9s1HWCWKJUl7j4RxL7PYVs6XHYGqOMs=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>WJvdPTTl0tXjSHiJwfpgMEzLJOlOTH5c8i+k/6w5JV6JHRdkO1JBTKC55RSysKu49Fve6J4IhlWGHSDRGo1jY5alLDM1Su+bUay3oH9XtGWFlO39dUAt/uP4AbvSBuHYa7S4r2ziRPwAtNbbgEkSpzh3nAOBXp9UMy70nkA2DuxaCAaA0nvpWy2hjbkm/37rqU0627elVQhvazzdfNjkaWi6KxzBYAlXWKI6BbXO22o7eYcQmEe9r3Lp8nI1Qc/3DDg6Pz16JfEff+HUFiRKLrYIBgwwhMxwX7jhf1vaAzk5fM9RaMFyne03vuIzEojTMlEovfCkh0YciDB4akW/bg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_4a1ebc02de576da466537ca4d89c03eb"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_47452d6bb61b9deff065442fb1ccc71e"
                    Recipient="https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDpjCCAo6gAwIBAgIGAXisQDxUMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxFDASBgNVBAMMC3RlY2FsbGlhbmNlMRwwGgYJKoZIhvcNAQkB
Fg1pbmZvQG9rdGEuY29tMB4XDTIxMDQwNzEyMTIxNFoXDTMxMDQwNzEyMTMxM1owgZMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYD
VQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjEUMBIGA1UEAwwLdGVjYWxsaWFuY2UxHDAa
BgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClKewajIlSsU+u3cmCDw1mLUfDQcWtKI+1nXlxbUQf+bup+V3+zg7RBTUX8wDjnweDPza6/QhU
ytz+OaH2y9wD3sT6HmSd9W/RR4rY0xmbJZwPaHe2Cj1dxadIwX50S1Ht4K7Mrvhl3yOwWCgchLys
5cr3WrGGRVKIv+fUHRljhDF9mabxrZieS0nVzBXD/83lve5Eya5tPU7S2ttBnE6p/DdBFmCIxWW4
5PyaYTjzkBDxW+83X7V+/uqWUC1SCMxSRnlraUoQiYjHRzphrKuML14f/09MsEnbxJax5bpU/LQs
wtKLAxQm0PaCy5lYdhPO4+VGd35UMLs8KdbAnAUxAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAR4
dICee/3fenDjT86azTDRF5/WM6CS6+gX0iZjAgZ8j3onGMT2ff0f150t6IeFMdDWwyC48yyAMBlR
qjelQSf03JR6ESZ4xJApz8u992ipHzyqSiMM3x3CmTHnOqzLqIpgb/KEgeZSPFN/RRQk72o4Pfx6
TDmtmwJoubTHH+P4vdCgjhD6RyqHXLYXuhsP07t31WDQL9ygN4yrtnWokA/CNhIYeFGrQYGsDT7a
4a16Uq4iXhhFZtOEZsE+/DeB1zSAIvnLWQ2hyOVZ7vAr9e7lv1LwUk+OsH8IG1561pp/rIOgOnBH
BEGIuu6eI9UvzRphO1h21XdL56+pMh4PHCo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>kUw/xHI2ZJCTcPd5Nh88QUvARK5lWhJ0HYhr/RdVG3NTJGDqiIGPlarlWq55pjKbNcYNyUniC5GzB/ZF6dWC7qyvQztGYzxwFe2Y127YUzPtkdjeEe+VjIqgT72aD9d58oIkSPPGANYYuaMhnFabcQTOc2KgGXjhxmZ5mvfB7zY/7pOxUPnWNKhqG5PeJW7WH7ObGHKm4De5WRgTG7TSeMnUF8cumubZ78k/N/MWNg2H0yswXYce9ZFDCRBdHgSzE2hUWTkqlht8L+TadfOc7vUrtvuz9o6qMtJCGQpcP5jt+pimY0tFK8CD7zuZbZaflDWXllvd5aZv3FpzoqvdzA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>OkhqwulnUnYNn9MdTue2ieZ7UCqfn148Es3BcMDRgwi45bVsF8fggkBEZPzITEdKfvITcv1gxdjhuBz3AEc/91HS+6MWTpvESiBDNsmrJ0kGI87qsTDFO2MPlbD3r+tTaXWgyIEWR+P5PrNsu9Q1wuHceXzfCCzZaeFzBllca3lGNWZZW+KxgOQdW+9eceS5L+Lk+ZCFDpuXD4mLB8ZPvu4Hd4MvaBgXscuUxssx4eCDxHwGpPXLUyjMSKxmL98BUl7uJSerCc3g/iU0eMzro963u0Iq8pZXOv7K/nShnmFF/mevMn8YNtn3LSa1t2DuL0YKNTuoV1cv7ivp5PUWmNHLV6akOK8YvWlIROUZsv/Fi1IpZ4Audm4ixm4RIEnp94LoXUcE4m+2GGqYnrwiRRnhT5BgbfU2bq3YyIi34G3F4WMCr1WVzP64VQsc1S6V6SZDK7X0jKuM3ohx2l0ITC+jPGZi64p5eae2HAlbHG4U7/7+br0Kp1n90imGOSCT0QdWN0aiB+BnqZzdspqguuwf/gXPSV0+1KE5ODR+c1bX1h8MP9ER9FEzl/6mafZb50IbsELgAcYEhwKXNo6jsq57VYTgFg2W4aDdV07EqRqgDVYmjxvsFT7CRwaRM2I0iofwYWDk4bIrz/I01Y6ksky1JGIB5DKmYRJ2co//aP8gYFFgXcL4VqkSPN2DxTt484U6eU8dg9sA6r2iVIKgxNUYN3pS3FLzNcowQb60i+m8w53ByzT0JXFpmo0oZfVOUIHglL0fmEBBqSZ9nCCnJ3Md5knEcqaFta3yqtJ0lIaVqt7sDB9kmEFLVHZHHW7gUue9GPEq1arwGi8AAdMlkrNpHlkQT+r/YvXyHeesABzvHmrEPQRvuDdCq9TzgyReTv6bsDz1ggS6AvUBzNfWvYW0SUyph8kiWe+3gKizoBj8sHFd5ZXZOuYx0YEUMSO9/Nt8a8vE2E12xbzQrarhksvnP0rOippk5aqa5tszsS+Kn9FuGrkyxBAiTuhj7oGgrxUAtcwLaj9n7guUsnuD2e94hV0fZYv1sRg0PJ+23yA26WDpYYFcqAhtqR4D0bZ+QCGla+br0mkBCRgxG2XK3QczSv7EUryMCWriWHMEIaq0XqXMJb6HkwJYOkS23sgQWGAAyaOBUrMvjq8IuWAkbaXp721wEvL/DJs4sb6+9U2vjChoaw52P/6NlSmSSt3BTDvVxqIGL3LWitqHiCIM8CDOA59bDBmerY5p6au2OzB7AGSpnmPLjxf19a5WGwk+tmPd4s/knQ9JccVtnv0jw+QtvUmwHlv0oJc8Ms2PTSDUVDzAngdgjc2mkJDYCL63t4fnLwULqe6ZTh0Yi/e8liek6jWIAlqwa8LtsTOEq7il2Gc35TjhRZ5S2csUU6jFzYQu+29lgL75b08eZS7cbmIMpMmdUbKtdMgfZvcUeRF5JUjWInEISyPm8ROU5KdqQjPgTfnRVLLfLJzSmlA34ID9WqhgAr7WSuKdLjlZXf2rNaLMS2GRzJDhY+Xw3jdIGfhr8BMyejJVGKQUQ/1DKZ5d+pSyDZ2PBhlG7MAz9bo26U0ggtTyaZiq591o6tw5JSsgEcFbn8i/4xeUlSUz14Cwwf9ou5w0JPWcxZvz8jWTLif96drDRnVXW5sl4W/suUGtX6BeIDxIg7OdhMXr83KIugTKHowL7tRMvjNCrBQG6VfKLfTtplvLgLZdX/iZ6oWjPjOXllhp6MhqiPq7VlWH5370RbUYTDZcqQSdOlAEa8bs8zF2qz/LJguzM1TeFXzJZCX1qbS2tWP44tUTG3yIK5967hd7E0zvZRmJlaiFXyWVQIlH5rKauEBSFhkVWsduc6yEzLtoncEL+mzkPYvsKoC8FDouDxNJ3P9irb4Z9W1KChhDzMFBQzI9muhZxGaDDWq4CGCWJ8W4bXXUU21d5LjhRv/g6CchdTTSdW8GGlo/6/cYMkDBZWgJwyCjvmcYyWX8BqusWoCdQShyh/c4NgI96U0KGBDT4BQWRIrFeiZh6nluyuv3z6JLoq9k/2/DjI9bSRun5fEWzaWosJkAOK6yo3tI6aVrQdkibPq/e4Ju6Kosry7kO6PUhakDfU5UoZ9HNpJGxlORgAJNEYg/Adcxo8P1U7EZoOPz30tjFNm4WNiLvjVJcYRNZRuJ6ZbtCmGk3N7H48/TJ9oJSgeKiq5ZqkPPjPdIk1QFk9hJjzMZejOsARREgNyK3VwBIhLz8J6rKMclgtXOVybOMe73vhWLJufQpwtyUrzwsaEqolRPCRK5zUeSosltSgo8zey8VH/Ld3Ct8ZhrjyuCI1+8nykk7/5cbHtwz0zo+vsNwev0pWSQPq4r7Bbllv5RNObndTp5e4AbtNpgYbQkt6olZWN/J6fSDMDEfFVzrhZ2BKPahT5C+ENdKasvljgZrPBMDUUd4Hi+q1P//xiDpKw+sNaXDaRjlkLVn/x9avGmDzu3iSfNx4uc/TvM3y+fWJdbxEMclXolm+5utlEfELOCvvXF/277niiE/dSNATsgL4UYezkyANqaaK6YQsE/lEuf0UgaLfAidgNRXESCQeKuJnoTZa40UUXTUi2wolFj4mOKd8cb+GXdD8AzneC/YUKYRmsYp2ipihhLuM4AEGG00Sf0L2oa4dhy+o5ryN7CcZve3WawmZXSh3PDtbj183C/4yE0gXe9cwpil3tyT2rBE3trPFqIApnjfwccTftQoHpra9WIQcVTnqbYZnAfS5NRNnUCg7wQzNY3hm31OuBRZNnl/kZ5jjAq/LK0egFvGTNWaC4MlE52E/aHFt7HAuakLBlNAE7JxVCD8E27eB+qWD/AUBk8ZHDDPe4OJqZrljC/IMY8GjekzS9DSjihOJqV+MIRKkoW+axKjAqgzrGvL2JL0Smj0t9C40XJoY8HQOi9uIzzMw7aqZdvumSGUI6WZMkNN3G95ZFBCPfoC0yA5hrs0Wwc1dTvTjG43AtR85QAgmKeBmPA1cte3Q7gtZFY0RFsQ/1s+9hbk4DWm4WFojQA/7kY6qMAvJbMhuqE2ZU5ltT4lVGcx0TPeYqAgG+L5jiEBUAAFAEPKdD/7zCxxzjT4LJgXoaE6GOmXOTbxOQPMZy3kDhVeh/SRSjrJz3OW7H/b2Lhyhjr4vMheygXZ1HfnCnJQB4NPuMQcux4N9EA/vkk2SI564/CueqO/bV2OVlBZvpFqPbINbqB3KvZY9cD4/7ZFe0IUTUtQH872whcS4NwZR1TmPEYCknvDGdMFeeGc8yf/w/LykoB+dbJEaICLC3LKI8rjLO+Kv+L7z5WCAZiDHzocqrgZL4O4evpQ6JdHeGMDUAL0g5H16MGvU0T/wMYLyv0Oew1g9ucAe6lwVGJ3f7vmix67mDCbSspQ4vy9mmxtThO3YAwgIAigHhSDrf4Wm9Tpz8h8QUm7IQTszJYOKBth3US0UiDjz+mAx/MRhuCN+Et0E7tR871jcF1U+j7JS+fm5R5XS0j1T5E/Bb3qj8yErdEfWn0A71CVVsfTVMherwty3YU94gPnfPYdoGXnHzTwKsA9d7Ehr4hdmT8+zuyZ5X4vjHrA7k64mHEhYGsFwR00IvzXScdz+A/k2DAMCe4g2WhHahVSk4uUdafCeIpTmte4pQp63IGbwow6N3+5vG1LTHoY22zzhLpJH0l7XMQF5yLks7wXgo+LRTQADoB72i++MuaHv/8dYWkVHFCh3fl7vs80d69LeqTU3sWaY2sFTrCx127IyEGG8wb59JoOGXEUa+mo5iwRYp+x8phtMQnu452oXcygfTWGCPS+AsnerG9sZUsSJMRxmL/IMEiloZluqXanbyic2DYGBNZr2Cv9U5YjT9qDxQrIr10q+X8pAPP3o/O5kL3yQayCvcwgKLklMoaM+4G8kyzhc1Ut4+f8HdKvI7xxcIaTj6s/E+7y7QGvB8drqGL5QyZ8m701QqsFHBuhc+IpgpgfmpB7E5q0UCLgi/u6u1UXsTHA8n+q0r/itigXsS7BPGcscrEGX7viDaiVVQ1E61jwJE0V9MibLPVYtSfT8f3DxlfZ7bUZxGlNyC+F2sKpKA9xewt4F+WbLMTLSeJWxBtktWnhuZN8C7zMt41AczpRbud99IrxpUdJPZG0NkMdxIroGTopkQwiuqFiR2vL1XpuZDK5BklZcDQgDPPio4lao1tIFjT+SIW9y4Bj6Ccg4OXiKdS9qd+pxGAzCP0L2+QjNPTtwCLZAlTeZB+gWlhZpIz19W6rffLOaZGd/Z7w5zGTNZyulPoaTjDniPtgys4+zbG8sObtiuSewD2lNrBVOouoLInzwRq2VjNrpCDfFctFF5Yuxh6szwYTOf2MtLMfAuUGStO7jE0oGdwoDhCk20r2+UIjYo6JiDVOcWj6ekkokXyhYpSWkxK57REb7nD+0MfwZFkp5t0v8nASTpWuELo+e11m/yw8ue1AvQ7wmyb6MAs6og0c98YrQtazXNedCESBGfTOG76+BWYRFGH54GhYhGw9M9eap/8mdM+e7T3DQQlo5oa0E64yWIjrSlpwpny+jwmv1ymoHMe1g02WENM99ZIUs8Exib0I8gxZ++oMVlbEAmANJO0Nut5O/x6FktAstvG4zxR5RIwZtHae0eEONhZrGlrm9lzEybOLkdAp2nVJ6S7lTvdG4UeznsoWN4GSqnO6m4qFcRAdZ3X4k1wK+Z2V+CyVPdGTqliWCfECebkjlNoZPjgdATEjufT6LRc0A599h8V7RCUZqePg2g5/fmTu2c0EMg9AXlCNZW8zeIeZ0paETDhttlgtkt0eOU0tIExe8uXgBbfK3urKUymoq4F8NW70WBre7d2tfb18V03laiz6IQ/0jBBhXBhH4q8RflqfUvdae5NglTsHFRb92HgwVs2FPaf9PSTWcWHGG30HVpvlUB57ErdqDfFp88eDYN+Hfw8wDK+Ky6FbfFJkuoYDassQ2U7gYwAOqrfsCz2VsldFhRM6Nf6Yx/A9rBdKTB7BzG1CXFxKRJKlPBmOGn+G01eupU1DjlX5Efnhp10iN99zNqEaMxQL7cG1zVVPdC4ozZ6E3R61iG7eeeYVc4BJ3BxuF5RG4N/AKyXTaDybUza6rvTCdsRA1b3yFWLcXAiMhnJOBLU0cMPwtv9gsGBctFKtoccAa015qsXpMqkexMTX+nRN3fqo/VclQ8+AqmNw0iKfqlyTE533XHPpBbBp4p8N5Zhso86shU5YJUyYV7DCsBGqje4dEtEB86MUXMjkVpcCGahLXhlV6OvwsuUqk7S6+9SJDifWD5l9PHrJ+VWubWRsHmARupvm8t9oN6yQHdFRNvW2b8vX3HYWQNBrTipOL/1kKT/98XkN4kBbxgqwT0kmZqpZyYTeOZ0BjFbrKDczxvy32suChqYL8jGumAywzCzm40qZPenbM2Hr3WgLni4um5cUGieouR30obLInytAoSmNNyTDVZZo7Xas4Bo4Keu6B1ZFqs7CCXWJuH1vzk1fJLXuyUvAyNwnOjGWQW7SxUnLy/vE/TrgfTTjf4hi6kHSiwzk0KJN8Y4Mje+MzQ1f0VH+nYFlGcl7sVaL/Q2qX0Xw1kXmcQI+UdADZr6kT0gc0EdyUAcU7RqLrsNmJ0rmoXshRyAbXbhmTxjp6RcKRrDzgabdaiBIWR2f/Dm2Pm8w9KUKv7vIn6cEbOlVaYyJBd3kXDrDcGgHCEKlo0Mzfonmhe1JK3ZJBhOpECrRmU3aU0PF/ogcAegxJPhWCxpxVoeEwVNIaPWHuDkBBC++a1slMR83Fsw6ljcHPrB3AxQJLC3ugLAk/WrblPG15HZ+l3zocVB0kvgnjLC9SPjZVjBK3LMjzPewXBl6BtPCQcAaptHUwSMuYRObn/FEzFNb74iYXj638GY2Kwd+1AqPEYxowMKdTZ7fZ+0Uz1cgmJ/CEbJlLFcXOKahCXluxYluIkaTZ5MVbOfCENBdrnhj2hVgxkZ62XaL/W5krGw2goaeL6xsF4A83D2qlMRBaT7WgfEdPVeoQ6GoR1CoIXUp/jDNnrCenq9KGXOAwFiXgjKW4pancFXoE7R0MvY7QGYv8pv1TFYGoasg+6IDGvXRyVe8ieesqphDBYvKXh5m1/q66F/xkBWYIuQlgp+FKb8g1cXVBpdB4OC+epKwfLvMhyhCHAETXINNmDF72/Cnh0vDLrlvNP52VlRTOr+GgpsFRTcUmCOCQhReaDXzGohWoPYUNJYbDpsjCoz0DlY2C59Jp5vLhPhPLzNChpO8sCrMfh+TtQkxd6WQBfg84oIIZLZCT86F4xwJvGIEGpypr0k8F8JCXE/V2MUO+RhMzmMemLucWoZbil+BVFz0E+Yxu742HkCODBBpXDzvumgugPpTCEPxst3A4Df2ev2t1CV3Yk1SmVPttnfid0UOfavkZ8bi+WPNeRW+Y6N1DZtbZZK0zpAf7c55XE1UcGByOgwxex792ZTX/U9L02MpJFDsmvjol2GFEhn2s/VDUhxnu8f5+y4SgmmFlYMe51uxJPFh+fVQBkKp8WB2Cw2dNkSi9C1JHn4l0O1zNSvjpLQg8/AyawTONn25BTM1s1mw05r1DHqeclRvbSerw/kTHpms+/sCXhrQjrYToplg2KoTY9M208kpsBuraJkuWPVwSAWTMOt6OCefGDNF28vdUK8bQ+3VmcUg0l0uRppRnlxR570vBTThvPelAV0YewlzrKzehybbl2zoPVtZY5zoMcbVXpzrjYzU1H03Fsw+BQHgbAoYc+V/3Zksqha7rrVHAN1uVxQO16N12S6XgxONMsz1cPs8+TtMoukeESKfjK9OPa1Vk/VT5/EI1eK/7tAavp9V6EulP7vtKIgEtdg+7zk1EC8dHD8D1DUKnplkUt2v5Cy71A5qZ80/nR8gq8Tf6eEHLpKnZTX6vpcqfrK/TOEgIsUG+qlnPUNgeJNDUtVtD0p8psLS7apfb8fLTeaYuIWhx6iLakcoL5kRu4MlUORMgsagUX+SYGLLxqZ+MMpogsBGNwFezwy/k0HQCp8ObC+6L+NQnqWxc8uPsiilOhNpRoHzqL0SHpDdZ0yljZVpTxcodlNOsCgV3sPmI+sq2YVqpKhN/qEY2CyOnn/q2UB2JmlC8ftNiaB7XoNlq6XT8Utj9JWbQFcFOvX9o3qUxu3YowKsf5D/f+RCSgv9DihKQ6fNYs3NJG87j0x+/tTvqp2LXjyldYhDvEJLUaOA3rUt/UJcsgdecvVJurABY4gG66NhtZj6cEQ3r/DEHFE6mQfQdm/w9Rxk++5L0wb83ToqBE5rQdoymcxeRTrh7EHdceibttOYRrt3TChauO2mo9TCALlpWipebWfWP4eYnsYYfFj5CAMNEmiClEgsg24pbtS077B3hc5O5p316Get49vZGvYlTmhvuhmAP82B8ttOsTHYBgcDH084Tv9eGRlHqPa+UGiO4EFieDkTB+6mNlGCXIFe01A+HLp6o8vctpxiclVqvC3yNkQbnbX/BLwkzYgw3zL/JhOzEzENV3t8RS8foraiLVeYTxbM51JXIxyTxJkLfMrXT44iXiHLmOF9RoIPXDAP2NHhnI05T2M5HEW4T4+scT8PUR8XJv9Y0DtQGXYqzrWlMSkNDuDcMtArsaL5ZynvX5YLQLIrpZ+KKFeLonloJpHKXtFEG8xFusw79DcUgESaLeGGvzuDEQ8pOXrNB3TABB8Y8MP31zQUwLqnjvd/U0k85B6xD6ySeHf13B+wPK2FWZP5tvP9S5pck5aYFE7hsQEqbtK/wE4pNtT+WF0rSZreIiaItZ/TC+v2biramxxzIKi28mCt9tjUMP+cU0QL6CUx0qJneh3Ijwo9+6hKYZKhQxEzGWxDpGGHWI/KjplQZK5fJYioMSiefjxU6HbYLiygXgBB2wORRJxlXhAkzDlrm8ebsZtP3epamnbHMhUxFTcRV5FE0PwInPwGJHvrhMMuCjQg9C0eJefbOaoxlkANBOCKWuNDQuC9u/FMMXF+PMn6tPOxeCm6CtQVhAqrewse8z7mciIjaZpXzyvEWh9yjlShQ9HVZPo6gGcDM+Han4NlcCC7DH062VQ0mXgAesXmU4cmhu34t9QEtrTQXua8VPVTY8i8KEtAvKC+P8mrhqCpnrsGbXn3hR5D0NNBdnF2WDJ3ZuryskA391POnwUW0AM/IWDXAbpMOknBevAhJYUXNsmoJkc2MhaRKI+9eRQ1/F5PDEs+cC2tbXC9+cvwtLxy0QvUTtjFK2iDntmG5drYluYm+JPUP72DGfGefyzx0Q0jgO5IW8uFzlbVSeXPMr0Jzotvt8qil6QRoW0UB0A3eI3QlCW1BhhK5i/NzObMZWTQojCqmtc3St+bPzcawh2FCA8bxRUPz8AFREdE4enC4KHIuq1pPrl6n132AcLLQBOvrgzDXBfnvG101Mvk5HuoalxS5Tc</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-05-07 07:21:41,041 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-05-07 07:21:41,041 - INFO [Shibboleth-Audit.SSO:?] - 20210507T072141Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id1491383883067163977938454|https://www.okta.com/saml2/service-provider/spvimrwrlebrtzzthazl|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8e47ca00d05c2d78c99e6cbbe4e1e5ef|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxoTE57ajHXfHgIvFpqf3dqsNL/r47IB+Hu6Eb7xzSIjNL870kULoLAz7BcBp7YiyMFfeXAQim4X/uZAV627o5ZxM8H3iolE5V5zhhL5tHtNv76CYk4tc2etfNLtUWEkg8fSNZWKDaTeNVsoz+c80eIu3V8so/7Xfr4RYvkASGVPoE4MA=|_0df75b354e67bae667be3ea8ec6bd85d|
2021-05-07 07:23:29,297 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acc.midgron.hosted-temp.com/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-05-07 07:23:29,297 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:23:29,297 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:23:29,297 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_e31dc86e6da8b701ff10441be55467527b9b1b620e"
    IssueInstant="2021-05-07T07:23:28Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-05-07 07:23:29,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp]
2021-05-07 07:23:29,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:23:29,303 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:23:29,303 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:23:29,303 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:23:29,303 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp)
2021-05-07 07:23:29,304 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:23:29,304 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:24:16,220 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acc.midgron.hosted-temp.com/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-05-07 07:24:16,220 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:24:16,220 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:24:16,221 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_54768c1594b1577baa88ff8cfd06cb1d956fb94bdf"
    IssueInstant="2021-05-07T07:24:16Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-05-07 07:24:16,226 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp]
2021-05-07 07:24:16,227 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:24:16,227 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:24:16,227 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:24:16,227 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:24:16,227 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp)
2021-05-07 07:24:16,227 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:24:16,228 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:24:29,604 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acc.midgron.hosted-temp.com/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-05-07 07:24:29,604 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:24:29,604 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:24:29,604 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_54768c1594b1577baa88ff8cfd06cb1d956fb94bdf"
    IssueInstant="2021-05-07T07:24:29Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-05-07 07:24:29,609 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp]
2021-05-07 07:24:29,609 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:24:29,609 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:24:29,609 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:24:29,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:24:29,610 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp)
2021-05-07 07:24:29,610 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:24:29,610 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:24:50,977 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acc.midgron.hosted-temp.com/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-05-07 07:24:50,977 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:24:50,977 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:24:50,977 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_9420e373ab4bffe7c3a4a2365ae90b5879646817dd"
    IssueInstant="2021-05-07T07:24:50Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-05-07 07:24:50,984 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp]
2021-05-07 07:24:50,984 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:24:50,984 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:24:50,985 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:24:50,985 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:24:50,985 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp)
2021-05-07 07:24:50,985 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:24:50,986 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:25:52,395 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: vDGVM31lJeCoQwKXTFkf4T97
2021-05-07 07:25:52,395 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:25:52,396 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:25:52,396 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://idptest.goteborgsregionen.se/Saml2/Acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id5b94cf9406094bca88eb7dc8687e3f64"
    IssueInstant="2021-05-07T07:25:54Z" Version="2.0"
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml2:Issuer>https://idptest.goteborgsregionen.se/Saml2</saml2:Issuer>
  <saml2p:NameIDPolicy
        AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</saml2p:AuthnRequest>

2021-05-07 07:25:52,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://idptest.goteborgsregionen.se/Saml2]
2021-05-07 07:25:52,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:25:52,413 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://idptest.goteborgsregionen.se/Saml2 in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:25:52,413 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:25:52,413 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://idptest.goteborgsregionen.se/Saml2
2021-05-07 07:25:52,413 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://idptest.goteborgsregionen.se/Saml2)
2021-05-07 07:25:52,415 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:25:52,416 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:26:30,505 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acc.midgron.hosted-temp.com/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-05-07 07:26:30,505 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:26:30,505 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:26:30,505 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_8e6df3c2ecf1c72430e650ee4c586eb455e05d88a1"
    IssueInstant="2021-05-07T07:26:29Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-05-07 07:26:30,511 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp]
2021-05-07 07:26:30,511 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:26:30,511 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:26:30,511 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:26:30,511 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:26:30,511 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp)
2021-05-07 07:26:30,511 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:26:30,511 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:28:11,167 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acc.midgron.hosted-temp.com/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-05-07 07:28:11,167 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:28:11,167 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:28:11,167 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_f000276672bc5d4c47c7e12226a95deb3c4aa82dbf"
    IssueInstant="2021-05-07T07:28:10Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-05-07 07:28:11,173 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp]
2021-05-07 07:28:11,173 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-05-07 07:28:11,173 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-05-07 07:28:11,173 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-05-07 07:28:11,173 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-05-07 07:28:11,173 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://acc.midgron.hosted-temp.com/simplesaml/module.php/saml/sp/metadata.php/default-sp)
2021-05-07 07:28:11,173 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-05-07 07:28:11,174 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-05-07 07:31:17,426 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-05-07 07:31:17,426 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-05-07 07:31:17,426 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-05-07 07:31:17,426 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:9000/api/auth/sso/acs/samltest"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_a62d4bde-30b2-4882-951a-5063762e13a8"
    IssueInstant="2021-05-07T07:31:16.685Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>Tabula-Test</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2021-05-07 07:31:17,432 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'Tabula-Test' from origin source
2021-05-07 07:31:17,432 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-05-07 07:31:17,432 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-05-07 07:31:17,432 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-05-07 07:31:17,432 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-05-07 07:31:17,432 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-05-07 07:31:17,432 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-05-07 07:31:17,432 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-05-07 07:31:17,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer Tabula-Test
2021-05-07 07:31:17,433 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-05-07 07:31:17,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-05-07 07:31:17,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:31:17,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-05-07 07:31:17,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-05-07 07:31:17,434 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_a62d4bde-30b2-4882-951a-5063762e13a8', issue instant '2021-05-07T07:31:16.685Z', entityID 'Tabula-Test'
2021-05-07 07:31:17,434 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'Tabula-Test' does not require AuthnRequests