2020-04-02 19:00:01,027 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-04-02 19:00:01,027 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:00:01,027 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:00:01,030 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_11481819ef7141dd82f57306286a9f54"
    IssueInstant="2020-04-02T19:00:00.995Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_11481819ef7141dd82f57306286a9f54">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>wLh8KBD5ztlxyNDGflwV9C0GAo8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DKCgXq0oS82P/BAK58op7IAqFZDrPMVx06vL15Bb+vnH0bfBNQuV3DvuHRxwOvR1Vuippq5TDRiYlHlmjTptfJV06j2feyn5fpTDHrkvlmpkMpcch162jTgckSwDimYFFerYf0Kbqy9O+vPwa2ABLM4pTDGx3iHtqYA2deUS20vNym9kyq+KUN8O6yoExs0x/Ya+VB9rb+tXQyzHom7GJt1u+lO/VbN36LKOhXLKjOPPgYl2vxVH9fHxUxAr60iM2PUDHIyjcodZzynrBKWVtP/1eRJyFEFn/hUeTz1Sty7rDwcHxyYpwE8wM6bwfVBIfUEWtHjZyRF3EfiN51avnA==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-04-02 19:00:01,031 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c2.my.workfront.com/SAML2' from origin source
2020-04-02 19:00:01,031 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:00:01,031 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:00:01,031 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:00:01,031 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:00:01,031 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:00:01,032 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:00:01,032 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:00:01,032 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c2.my.workfront.com/SAML2
2020-04-02 19:00:01,032 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:01,032 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:00:01,032 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:00:01,032 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:00:01,032 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_11481819ef7141dd82f57306286a9f54', issue instant '2020-04-02T19:00:00.995Z', entityID 'infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_11481819ef7141dd82f57306286a9f54"
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _11481819ef7141dd82f57306286a9f54 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_11481819ef7141dd82f57306286a9f54"
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _11481819ef7141dd82f57306286a9f54 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_11481819ef7141dd82f57306286a9f54"
2020-04-02 19:00:01,033 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:00:01,033 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c2.my.workfront.com/SAML2
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' 
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:00:01,034 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:00:01,034 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:00:01,035 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:00:01,035 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:00:01,035 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:00:01,035 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:00:01,035 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:00:01,035 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c2.my.workfront.com/SAML2
2020-04-02 19:00:01,035 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:00:01,035 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:00:01,035 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:00:01,035 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:00:01,036 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:00:01,039 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:00:01.039Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:00:01,039 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:00:01,040 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:00:01,044 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:01,045 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:00:01,045 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:00:04,606 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:00:04,606 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:00:04,606 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190004Z|OAuth2Server-local-embedded|AttributeReleaseConsent|morty|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:00:04,606 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@48bedf6f'
2020-04-02 19:00:04,606 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:04,606 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:00:04,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:00:04,613 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:00:04,614 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8f7878501cf85c559db705cf1ab81b97
2020-04-02 19:00:04,614 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8f7878501cf85c559db705cf1ab81b97 to Response _41ce41d140b52340c6ec458012040e29
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8f7878501cf85c559db705cf1ab81b97
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-04-02 19:00:04,614 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:00:04,615 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:00:04,615 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:00:04,615 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxiNalAG/xL+YvmNU7gjScf0kaXClGi+GAw8BWSgdbyA2fOBGufoutNPr2vjMz98vC1cW8dJs4InxTnMZQK5lakhQABpupesGHJzv8bY9IouaubdKgm5L+XZQB5SqvUSM= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:00:04,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to a1388299936b217c1fj2gfeff98f63c
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost:8088/authorization-server/saml/SSO
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _8f7878501cf85c559db705cf1ab81b97
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _8f7878501cf85c559db705cf1ab81b97 did not already contain Conditions, one was added
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:05:04.606Z, to Assertion _8f7878501cf85c559db705cf1ab81b97
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _8f7878501cf85c559db705cf1ab81b97 already contained Conditions, nothing was done
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _8f7878501cf85c559db705cf1ab81b97 already contained Conditions, nothing was done
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding OAuth2Server-local-embedded as an Audience of the AudienceRestriction
2020-04-02 19:00:04,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _8f7878501cf85c559db705cf1ab81b97
2020-04-02 19:00:04,617 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party OAuth2Server-local-embedded to existing session bc19e8e63cc5e5607cd2ce8df816df3d66e1734f3d18e4e13c286dc6a9fadd07
2020-04-02 19:00:04,617 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service OAuth2Server-local-embedded in session bc19e8e63cc5e5607cd2ce8df816df3d66e1734f3d18e4e13c286dc6a9fadd07
2020-04-02 19:00:04,617 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:00:04,617 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID OAuth2Server-local-embedded and key AAdzZWNyZXQxiNalAG/xL+YvmNU7gjScf0kaXClGi+GAw8BWSgdbyA2fOBGufoutNPr2vjMz98vC1cW8dJs4InxTnMZQK5lakhQABpupesGHJzv8bY9IouaubdKgm5L+XZQB5SqvUSM=
2020-04-02 19:00:04,617 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:00:04,617 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:00:04,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8f7878501cf85c559db705cf1ab81b97"
2020-04-02 19:00:04,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8f7878501cf85c559db705cf1ab81b97 and Element was [saml2:Assertion: null]
2020-04-02 19:00:04,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8f7878501cf85c559db705cf1ab81b97"
2020-04-02 19:00:04,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8f7878501cf85c559db705cf1ab81b97 and Element was [saml2:Assertion: null]
2020-04-02 19:00:04,620 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_41ce41d140b52340c6ec458012040e29"
    InResponseTo="a1388299936b217c1fj2gfeff98f63c"
    IssueInstant="2020-04-02T19:00:04.606Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_8f7878501cf85c559db705cf1ab81b97"
        IssueInstant="2020-04-02T19:00:04.606Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_8f7878501cf85c559db705cf1ab81b97">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>4GMppq62iEjVUXiY3THbDYK7Cnt4i4ECUg7LHcEBByo=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ijsS+Yt042yYEWD+Nex5A/3ar3vVc5rQRJq+4MtMGHVd7GnrxBVqM6dgyAxWmbY0eTOSECM4gqTCVk4gI8RGUUwyBz3gWCKzXMxj9e6XNDrZpdqWqLJa4NZ2uS9t+0BJCDZR3RtLjEfZda7dEqUNuLq+FJYmukWS82ESHGgBGeFXPb+eV2gSwf93Lp63oEkGXXvMUjY7gU98Se0tR3+I51jXl9z1Y4DunGbMhAh2KSM0w85u58N9QQyATc1I6GuxZV01m+eSpi4lz4GlVaCdQIGtcQ/8U67nHIVc2Ebh5sS46aE7fp1xjutkZa2peLcx7CEza6rjdY/BICfO9g+7Ig==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="OAuth2Server-local-embedded" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxiNalAG/xL+YvmNU7gjScf0kaXClGi+GAw8BWSgdbyA2fOBGufoutNPr2vjMz98vC1cW8dJs4InxTnMZQK5lakhQABpupesGHJzv8bY9IouaubdKgm5L+XZQB5SqvUSM=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="a1388299936b217c1fj2gfeff98f63c"
                    NotOnOrAfter="2020-04-02T19:05:04.616Z" Recipient="http://localhost:8088/authorization-server/saml/SSO"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:00:04.606Z" NotOnOrAfter="2020-04-02T19:05:04.606Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>OAuth2Server-local-embedded</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T18:59:59.647Z" SessionIndex="_194a5202d01a19c43dddf5d452fab7dd">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:00:04,621 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost:8088/authorization-server/saml/SSO
2020-04-02 19:00:04,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost:8088/authorization-server/saml/SSO
2020-04-02 19:00:04,621 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_41ce41d140b52340c6ec458012040e29"
2020-04-02 19:00:04,621 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _41ce41d140b52340c6ec458012040e29 and Element was [saml2p:Response: null]
2020-04-02 19:00:04,622 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_41ce41d140b52340c6ec458012040e29"
2020-04-02 19:00:04,622 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _41ce41d140b52340c6ec458012040e29 and Element was [saml2p:Response: null]
2020-04-02 19:00:04,623 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:00:04,623 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost:8088/authorization-server/saml/SSO' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x3a;8088&#x2f;authorization-server&#x2f;saml&#x2f;SSO'
2020-04-02 19:00:04,623 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:00:04,625 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://localhost:8088/authorization-server/saml/SSO"
    ID="_41ce41d140b52340c6ec458012040e29"
    InResponseTo="a1388299936b217c1fj2gfeff98f63c"
    IssueInstant="2020-04-02T19:00:04.606Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_41ce41d140b52340c6ec458012040e29">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>alDycBCRME8hUz/qm0w6a1vmTmJI6CrAelOQovvso6g=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>YFshXi/9QC98z34vP4Y4cXN9sIcNXpOgkibw+ZVKfxx/OQp8Wgwty1tUhFmiL+5Ynze8eAshJLI0vdxJrNgVVtXOKd3gx9sgK3hcCVrfCtOB0UFZU20xrtHIedKhvr9rJJD5h5rVYRkr07wWXQ6nhi18v9x3RwtwRdD/27eUQEp7aBgWVTVqE45MC2MXoRIr0wYHYG7S24TGbNr/TmsRWTuxM/2bGM00+4wyVRCtB4kMyTvLwDnmLBiiCp9NcSKeQ/NbaSsWFNLgtmVeEkzFVf+0ApA3bcLFLOuNcvC0mkrK75X/8mbrRQfknNCBhsd2r3IQiYSzWMNW24WA0CdLUA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_e429ab04d2f8840167e003bb153a6ddb"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ecef55f5082a6cdd5a5b25689524bd5a"
                    Recipient="OAuth2Server-local-embedded" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDdzCCAl+gAwIBAgIECJji8TANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAw
DgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYD
VQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTIwMDMwMjE4NDc1MVoXDTIxMDMwMjE4
NDc1MVowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5r
bm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93
bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN78nIWRctWZD3ZdW9wd++PdlFyZTWa
MrNYfQd0ZH1I4z8y465j/Ykg7Svrg14wi+Lc3jDvCzliZPYRX3p+flRRt4leiUF7hwbxddYXFisT
hCRSiNzbyMtgU8LCDCxbR+qkO9Sqx40J59nlI3Wxjvg2G3Q6gjuBCHf4GWHdxGEVLxsJZ5TS1405
TkIXqjsYZ5oUhfHNaq4AMq+fKc6PoyDTeCmjotfG7GX0DBmDLgbNHiTWTbnNL+dWUF6aoAlYuaQs
h7J5hOPhk0aJ2xAEeXp898dhgF7PkmJgtVPD2UHttbToDQ5Sk4WnKeOvlJMY9ThFfN287Z3/PM9N
HhMMRocCAwEAAaMhMB8wHQYDVR0OBBYEFGVq+nnSRnGeakhc4BvMe4BNgECKMA0GCSqGSIb3DQEB
CwUAA4IBAQB+47zjjfjHhMB8PQMV1PztyavD8Zv31s6HSrpkR6rjeJaRoJe0eEDnax3GPL4YPOmF
/JBTTX2zueiRV847fT5iqttNAHVEovVGHN5JwjiBt5rJJ+fBIQPQAoXQzmWwpoic+gWspPlHV3Pp
pZehxmUU/dP0NZYJIjkKtIhoUAAew14axNdGXjZOYAhNrFW+zsw/M9PaDJWl9y/OLI/LCuRmCTMX
0u72CALSM5YWk8bB05KREg6nk2wOo23jUe+Bn7X6EUMsCn6f0KbQOeUcA0z66LQ60iJs2tCCHycE
BzUny8shUwxPcYn/xFVGaxB1Z02WQaCUE3z3wisatPta9jfY</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>WZJ0P9Gowz42XWSVt9ek0XKV4AXWgy24lJ5ZzOkpDDZtuHmi42opWkgLEpoNnBupA0P8O9WciKihk3GKEaguYeZbGBwJIBGfbriRZjzRBuIQvpC/+yMlZpbnlDPVshROOL5hYQD5OnKApT0pvRnZ+HO1DgdhLQCnaXpm+Cb/9avSP/1cmOTHhmJIxVN0yAHc1ji9pRjeND1qAQtFZa5XYtt9GDIIZnovUEk8KUfYCjhZQ0PtsRzuCgsXiv17NKKjzzDzOnsSJMmSpkqolijkFfQKKs6UIBgAkFHqoxIrjXxW7+aBzj6oBM+iqwKtEDcSJQvPhCGNqbd+4ejP6O3oyw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>vMe44L3VQdM5r23MCbCI1V8HAISVpogidTOktnHPoesmMljg0rM/iUTsvukLVwauwB9QahJfEVVoO37N7ZwdVpQDCIEottnFlblroUKGsSuFoerRO4bTMzBrZSxudVTqoAGYWGvkmGFG4jDUkXRslzOgq1Rj5OTnqDNjMivd4vEPO2s+rT3ONzPaKM+Ho9I6yqduFd50AxX1YprxqEK5tJXAwO3ag6s1vPjMq6Cja4aH4A5xipKF8tSTeiB1D/kVv9bVAUfZigqfx6gGP8HFw2rIm/WVHsB4BXgc2vnK4evSxuY/TG+FYKZ6GF3fdRwaPSRWS9iZxQASYdyzd1h35Ww4jfbD6CXVJLw8ixmFeq7HDHlXiU55/r8Gj75EQ1L42ldsg06V3rCrXo9hJ1rUbGX8xzH1HO+o3pFl5TK9q8GfUY8seflv8JqodifE0o4JbXKLoHjVTUHh1nD4bWO2Q1y1/y6c1XdFBmDdHjEg8egNBxyywylwMLNB3AL0e6V3KOrecu0y9HOaN9KPRlyYOMshbP7Ajzvt/tswfdsyNeN6vj+EK6ziYu4DZ1zc5dQnyWjK9aDk8lFaPPIPZuLHjUMatA5KEImku+pej2TyEUOQbx8J3XVhoKTdIEZjoMyvgiOJY5reofZoFQrocut7PT6O0EMciejFBLHhWyukCLwFcoHH084Uh69vNoHc3EPgo6lK8AUwCT6hf5U3kFn80X3VvWHMK+7wIJ9p5jnzib9elvGYWDSMPXaBObrPhzTjEfm3cedLylErGc+3FO06OK8l+Pi9F53NiZ5ZSE6MXybHzuOdaEUtff9PYQEHj+6J/eGyLyICVzUuwvT6gaekJfnIOae0YK/E4h8piEZirEg5HPh2LoPT6IaCbgantWkL/KCW6x8jDc+KhOS+ujesE5WIlgIOpC5vtPu0m0aMD1RcHxDMaa0Z1UkAyBXxH/QhSrmxmot/L9IMatk6DYNvr5LFIdd5tgqRcqXnaCXy1vKKUYp2fFceH26cwMoE1LW1Zt91xGz8CPjy0PVRy2AJ+T0mW2FtY7E+Q/17yizlvyx/kdAZGp+AC3gksMv9IA4BIQB2/FF2mknpVjsH6giUpiFj2RZKHZsD8H7UPbkq+jTbT5Z8C1d22eegX6Ij6r/H9jUnMXeGdrLhy/9UBVJdVzzdnXDe129mzgQrgD780+t4aYqxdrCj2z/QhT4RVcUfkoswO42jDL75CN9ImJtvYSZ/SGab58qK60qEcytU8yHdEJ8NbzZId05zeCrjfHnmbb4VoWgy4Oj9GWeuahVoe2/xOzLVut13zZwcPFYNVkbpi5dDMnT3iUwP9sFzFR5+tWToLx9TEv/D6wQYzMgxf8I0coIyz9lUAYEL2xhh7ItlOZGlpK+f1KoBs5qECXfQE9nAlO09hlQYsl9WmGezN6ItxtEuScBQ9l/d6o5gWrhJcFcsPmdgn90qSc5JfxeowApB8bGZoti4jJy0+m0Qwc9o9rNEgsBdUvEW+Zez8oRMVekHLdTgB4mgZvKm+t7SZfJbI1nMsLGMHuHmHKLksy/YBygiioPzzL1uSapBQSpukbg9UXMpXAl+CFhdYlLLajtfrAiEbVwYlo0pQv/Z1PEfltas2k8Lrz5zrV4rNAep127OGo48L4IV5Zzn83V9srX7tHYtABZiVHIuMjdKJ1HrZADT480u+hPyH+Av7IX56p8ecS0QoBCpCBI/CBla2oCjuH6OOyeSH6TkIfiQedu4aCOh+/wgwxPl3X6C0XSYq9IzMk3eFduzxOT2PtXaWaz5DaUQiTuKnz1gkbY91HdMJxmUfaLppHPUD4nV51o9vgw2mWS9EC8E3iE5CyFGdepfYl3Qm4vGwwARNnaGy01X3WQiaXAjIUHo5bfzumG5/AkDFX4EHayPwfhNNeHtNcNVt2N7E4jb5V3jPaYUuYxneA4EPjZeKNLJyFTqLikc0J7rzCLk4cFcU2LeKuV0F3QjcQ0Phz04wIqak+5XLDXHJwbN2RngduaZo1j7ciT7hvWBtCVdSV3I1/qyTHOJy/6U1djo9KKmjM0solTBxTl4V/HS2gra4Lik1lgiNK5Kb4ozPnbvBznatkCde8eiio4EJQQgi1fQJv6DJlMkKpyZUA9Jktt4IlzAQ20jhdcOIybPEhusJZ+PIU7ZQ/EcBh96AJCHpZJbQCgTRuyIAVkQn/IU4V/GF8byZBpEF2pqRsa7KGrNb7LXfojCyd41TamQiXTmH4wOl1HOYGmi5M/5vObsr8hnd33JhoU/K37cZjPK0m/KT44EEBI3hPmwo/xeuxdNrtTISS2tPpeMrTs3UdD19SNxtLQwm0Idec3ZHY/zgd79+DqmPhY+iEO87VNXSx8C3QWEFEcK0G3bfPTaBsjSrJeo8X6QIf29SM4dgZSOTbPG0ZxM2G+ShKAjEsvzkbvgwsjPojtACo0SLYZ98QKJW/xGIx2b47STv7FG09CHqlVXQbAdj2JMvA1veUZss8wfaEyVoRKI6PZPyxpkDbe4MMqFMMTXsL0rmrmM64HRku2GB7XR2JoNAlFIGj3G5YTA9Zw3BVHkIG6yjB9ITzkadYy6htoJWnrsL8UYEKSRX7/NICd4sxgs7W217TyD0QDo7U7BMDzEy+dSYMZXsjRb0mRpos1w8LEEbjiyetC4Ni87BhpAzrlYIXWRg8Sgno0gcYgymRJd5EGrUV/LMM4zQm3hDXvb4xDJtxKFloNO92sRNFfVw8PbMsQMvEq6clyv/3pol+davTbmVYGf7DYcrcl2GGiHzqCYAkmjnMTc9mNCFJsGgBni/0A5coX2OOxsdwHK/R/ECAXYKA/1xm+Q1JTGXwg6xfjB3Q4RvCH7Y5S6YBSSV53t+gG3Y7YH/Kx27v6XikjhxjkuNNCinhGEixuDJ3S6shyJcfhTiz90LOKfWxvKxQsuBD5kSjadwlxCOiBwHzEaHy5sWcyjrremD/RrJLk9dn1TMtwkT4l2Lqxj+NDTUVXlejOSpBJE+RXj8XsjtZq9Neq5D0iEB9RNdbTXWpxTCNH7Ti71+kKrisVqzFNKsFQxwDf+r7KH7WyGgfbd3ina2w0wzjl59YckKSCdziMkR0TxFHVNYEVPPQieMUxdO353kv9OXIbpm/dp2Q/qQ7m+Ppnq19vkk2jmpqekh0iZPKszwHcVvHkSPn2GxC3eBYB4VawAnFXqRXTW8HA8tD88oANp3bEFKVz3SZPwRW7DRP45oYbZSs6I7jIwXxmdoYyaGyTQkV+0sc6kAJwzbd8RPUKiDfR5hh9/dD1ntG9YWrl+p6mjVRXrP9BDzY7SfbqD9pYSvYK4dThupNtUJV0h0Y/XgX1/KrZrMa0UHJqvomDxifF+M6tIOeLWylFvBG3cD+dmfdS6cOX6n9XL18zdTOoY6TUZJlizrmtTV7bOAkIiL/TdniYUCSBT1Sm04haC7pfMgJp/ZyJHNW+2PIxSvyIN4tSEWqZityzV6qBZBbDUAuXp069/CG/iNLS46Mn4PovdIiJ75UGGX/eQNtadjc1AUkE1xFpJITbW8ZoX9kbf4/XviZBtMjY3xTyCwXkdb8HsLXuNoVLVUWc3aq1o4ud8TEP0/vLzeJbtudbNnbKSGlzZpWczpgoMbA4+9ApelPb/xrRN7IM9i8GbHqgeVG67HRMIbv9E37ENbxIycvEs4+ogSdCDBxTKSaJoDnon0AMu9FBuh1ZG2Fj7PxEpM4CEbFz05ccwUV4FCj4REXX6KZaEb8voJ7FCoO57I4qYrCkYwJleixihr+Q5YVPCEcQyDm9CDU9LiweW4OVXhps5NIjp16laInFDMx4h5A8EUbpPTZi4zTZZlGqwFMUOZ0M2UjMVDzp6v8p9GgaYzFcBeuAQ545RQcj6JDSXhpWQYtFRSuYNhV5RC7W7pqiCAczGtovMgiWGsDiUQrzZ49zY6BByFA/VVE3aWHYpfr3id3hmrzB5K5bgVg8bER4u50ttB+4lZ/fRQ8k00lKsczrkb90R/l+8xNoRJwkj3xpWAZaJ+QD99lXvRVLfCbZhte79IDB8HXZ0omZ0IQ9BcvuQhngtRKXmUFgAkvJQHD8IDt4sFhJvIjyPn2J7zL341S8nvgUCMYU5fcPf6IzeMVkacMvt3EM0Rdh/CkVaDh3IPQGN1hFskBaPuhiLtJZPJc9JlAEdji4EW5gp0wXHFsm9YQoHZNhTpz+Bzut+8yd/cgO4vGqdguZQnVtpcHn83JOUEc3CWXbaAnlwgxYslsOlF6lNLNSnUdtxqkMaWo4LWKZG3dhoYN9YLH5CsmSkLe4nHdcfAGblLRkkylVfSo/+I5t9l+VaCaWhOqbwd+r1RXjNk283y5CCcjhyeB3RK7PyhK9c2bcdQMxU12AgB8Jb9nryYv+Tec0YLv7aUKLUk0XIqj4ORRGzX1STecPNsCVF292dvllV3U2lFm41p8Uz+RiUm9lZKjukEqi8E0r/wdai64TCnGg9rSL4/r3asjcoG5X9xASbTjIgoDuVQ5h19LHDWdJYHHlEz9efbKK9KdgB3zzOgaEAXbsX55a6e/cB9VfK41UcVAoJCPz9/+RpoMgrQxat/JMCDn9upgLvy1Ihsqza6veRy/YPcDgpU7IOU9SF379ZIFxswlhycVZh9/0oy/AR6f0MtVzARYd8A1UMItZkYVbVbIprUXbT6KN+nz9o38HfPNpbyn17kABeGW4Rajvoccm1cI0eE61qjTR+5Ot9SDiVvh7cQC/ZVB+2cI+1gDUhxLa2L0pICGfY9ukUmAF4DhLWxf1i1FEggTGkg0ze8G/zLV3cR8M3LaNEKwIpolhMXxL5E73RIU6X9P5qQecg+YooRscpO0miF3AFz9Z5TEWzJ9vIlm76dfLEgKBqdKVxNj6e2+pvb43SZndvLesN+9kUk6i+SKfWk7cL65P7zs4DKOXi8rOdN/reMstt+J0GXHlepJ5OYDSfRed8bJGOwJOK3+Nl8zg41a5liZkFTtjt5IaiCi4UAQeXOqqrDoK+hljxAw0xf3IHLEZpsrgRhUlLtWhKjxkQkKxmj77AI+hX3ZWt3fx6xHFN7lNAOjU9Iu02aDydq8t/+2AA09gyXmL8BLdWKzDMQ2lRXyQSJr48rnTTUP9hU1uKcMsRa7k/VHy1e9l2aEBbPzDosjBb/Z4slsCKRa4FBagzKQyyu1FGC9qs6q7alCgxfelyLaiASu6NcqPwfNJmAtPox9vmbZZsX2bebROpShNRhm879qI3+/pIO9EY7Uv1jsJSNP3Q6w+LGSmZeKWDMV30+Zd5QJy+C3UWajOOw46MpHLFzpSS/rqN7cbJQmRE9eOA4XfFD8IQ9QJdGYplcbTuHSn2DjnDZiKh03sJw/9lVcPeHuKXJmDq/UXlcooH3cIzj3ICT9V81A/epJVFCZ4KqLo6NRI8sxYnIb2AfKwniJn7P8XO1pw93Iw6Bxf61m0ZPTsdHYHXH1yJTEoT1hGfM/HoU8W2RgLZU92TRLmEnTziV7/CJ40xGVUWnZmkT/cUegm4bZ8pxFUYvBc5Pi0T/NOlwHL2BzOhuetau7aLMGdKO+tjsjMJu2hTCGn2npr7InNXo4azfnIHDgYf1zpxX19K4sJAMKxs7KEDCHthr0S9hPFjyG54Sg+DCaRlzqTZeSRdlgmB6qrtyd0viFhzUXNBdzzC90ghUZPWuntMvYvPLlpHf7lnbqJz7scCzV/o4TLp80+IRSjVp3kpsnvAHaV4bciGPtdnCXpR55bui1cFYMx0a5iRyvuBCukKXYtGGtN+TQgF+5oLXaVRP2P3qijReF3/nEOHcukrsEXx0w7rRZFjXJw+P7ce5ot1jQxljTppJrMBzbcRLNWuj+YRmeAXyBcJzvMXGTuwG066S7RSoT8KczHoY3KorUr/DIAVRHwnQJY3biUerw4PbmdeSxHcvb6AcWB4DRgtJWuNHrOp6FbTEz2QnVuIlNb0hSMJ/o44nB09o5ekNDUPnzUne2tQZE4CLqWo1fXUbjdYqqEvlqUoF9la5obKyUj0J4tWxmtatmW1c5dv/QwKFWs/bn6C8aJTPED03lk6ypM8H9cCp61Ormhdy8/DlBksmSL8IGGQfwBIdfmOnfRma5usQbvqJEGSCwc5BbaqvtoZq2+c3tYU4lbOM2EIZGOsUq4P/cZnMhxd4P2ejourlxl4Aed5bKY6B4sg+sX7x1x8NZz0IvwTmNSCzhulaL68+RX53ldP/FM5XJnKwM7zcHjTgwQ82viZMFCZNOmlNyGMdIC/l2imLi4LBN0JDxBp4F3z9gvadHek0WdHTJ4vN4VB8PZLr3Dz+dpeKa6zhgRmV7bIwhfLznOGbLgM4LNMmXqv/ZbYniLF8CSy+AF3muNoEA42JJR97Ab7VV0hONW0YfJBr4m41YeDLHYY41UkXqNH71QIMEAcSDbD4uVm67P41nf/ye6eIVD9jXfmw1qYosO+FCVseQwY1YzNNBIBcCMn7v7XJguJ7ID0+Ae/nobW+3z+sYmvH8pHOORGmoGxolc/TdQ/WiaHvOgWLs80Rj4EygIGL1KaeVg/hTjimjhZOb2J0SxPSBINIcBQzwvMTXpxGtu5b2ANOIKBrukh67eFHPAEzfxxxPRB/84cYGaY/KE7TGv/a1cESUzGJCO5dsr/4Bk7a2p42/FzeEHs3VZCkbE/v1vY0s1Gryc2r+XZ0nweug3ej5smxukjHXTFvp+vNh4buEXiR4MTbgoWyAM1SmoPluVJy78L28It/6CZwFJ3pbUe8r90r+I7i8/RQ7nRd0k3oI/Tbelv9z8RpFWyjj25nCSF5QmjHW7PDC9iJPZ5ojhnmTLkxtSZDafnSAyX3GDO50NGPaf0jSUmbUvPAW2lOaGdwmg73K5dJo9YgRXIi8PwNfC6FAIKp8vZt/Z9BlrC+LXYUWbbn8ivSTcpxIRetaQulUmy53jIARNXM1BkuWV6Jxtk87Y/dTt90e+rMhsoTSWcSQwmqNV4qKIP8GoAB6JKVmV+qPLiodf0HDQdHACadQnhKlsgHhHdGJOnS1ghqgSgz+5nAff0z78VCVV7foIib8/pCeO8FkqBPTg0omuTD9Yu8uAA6MWU79AtG6G1tKSotet/RAggUhsKK7szUkflM2YdOys5BHzZlT+wnrvOG+xFq/knAdMJh/KFRayxeBJCzMHI4q8Ssb7uimajwYHDz5jyQGEaMZ2My/tWbcCNgrjOmgEpGELMaFcdSp7nVnxCWZYYl7OOA3iIyxIcmgb6Jbrp0wpgYoOWVzvZMzaQaPKmuTY6OSkTMXyd3ppP/pcoQ9dvi3CdkrqbzpswRQ9UbU1NfT+Wx4kORyGZweaMI0wqC7aO23v+yLG95+eljEZQhthcCpfwgEHarnoaRhwwqkXDdKc/G0He1Uv91fPHkKvaADm6gDpw5E5iFdjpmlqeHhbIay1YOdO3q/6Q02AUhuB4yNzxA5Iq5lEfLM1Hi1tpSC0OJY64dJ4YZ8MCBWnHWP8GNug7VU07cGmhOm7S61iHBtF3JJFvoeb7j9zEjSHB4GKglFse8YokM4GvX0HfrEgVqAg26FnaY68ja2Hf6ik2k814p/JtW5bwCkYZQ8b6pU25dMjzH5B+cQYqDZEs3IIlrtdiNlB6D9xaRVdclWv1VUsNjJaQlgXubrlGtuNi09CcIlQwG5TTHJ43/C5mmKc0JElp3UQD1g70eKHACEyHaKM/TS+NlapRPkLVCxZEV8hL0ZDk/OK9Ep+FwcS5BZW7fkfDFs1k5dIITIkdzOzGcg7en/Jj/o8r++twmFr5qD49KzJAc4ClO9emQlNtsp0nlqZrPFgaHeTHpWaHW0hFTliWABVbfcZ4cb95kCgx/wjUCd/abgxiv87oUCOdQSVe2RLzfCyZ+R84Ouqs3ibiJEDTVfXj8x5zqfD99t/bievQoLm7</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:00:04,625 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:00:04,625 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190004Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|a1388299936b217c1fj2gfeff98f63c|OAuth2Server-local-embedded|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_41ce41d140b52340c6ec458012040e29|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxiNalAG/xL+YvmNU7gjScf0kaXClGi+GAw8BWSgdbyA2fOBGufoutNPr2vjMz98vC1cW8dJs4InxTnMZQK5lakhQABpupesGHJzv8bY9IouaubdKgm5L+XZQB5SqvUSM=|_8f7878501cf85c559db705cf1ab81b97|
2020-04-02 19:00:06,445 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:00:06,446 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:00:06,446 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1432231796::identifier=rick, context=org.apache.velocity.VelocityContext@5e7d3ec2]
2020-04-02 19:00:06,447 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1432231796::identifier=rick, context=org.apache.velocity.VelocityContext@5e7d3ec2]
2020-04-02 19:00:06,448 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:00:06,448 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:00:06,449 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:00:06,449 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:00:06,449 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:00:06,449 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:00:06,449 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:00:06,449 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7c7c5b40dc58b8aae73671000930e79012e08e1af5c636677b4593ae905eb90e for principal rick
2020-04-02 19:00:06,449 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7c7c5b40dc58b8aae73671000930e79012e08e1af5c636677b4593ae905eb90e
2020-04-02 19:00:06,450 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:00:06,451 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@169d7f73'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:00:06,452 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:00:06,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:06,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:00:06,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:00:06,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:00:06,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:00:06,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:00:06,524 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190006Z|infraio1c2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390006524}'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c2.my.workfront.com/SAML2]' as '["rick:infraio1c2.my.workfront.com/SAML2"]'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@169d7f73'
2020-04-02 19:00:06,524 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:06,525 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:00:06,525 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:00:06,526 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:00:06,526 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _dc2a169a4078c384896543aee527b441
2020-04-02 19:00:06,526 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _dc2a169a4078c384896543aee527b441 to Response _a7a34bd114d5d26f71f3c7859ed5dd4c
2020-04-02 19:00:06,526 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _dc2a169a4078c384896543aee527b441
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:00:06,527 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-04-02 19:00:06,528 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:00:06,528 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:00:06,528 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxYubpHBX8JJoNZUsMfQ4Je4rw3Q7fPkUmAkFiKRDLj9bOCEY7qL/Y4j4V9NAeE6n/BEiHgrJavN8uKZWsQFN+V/02+dGiRgItte6CmsE43S6t6JjqJNbS+4ZV1VLigVfuCfUDXg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _11481819ef7141dd82f57306286a9f54
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:00:06,528 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _dc2a169a4078c384896543aee527b441
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _dc2a169a4078c384896543aee527b441 did not already contain Conditions, one was added
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:05:06.525Z, to Assertion _dc2a169a4078c384896543aee527b441
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _dc2a169a4078c384896543aee527b441 already contained Conditions, nothing was done
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _dc2a169a4078c384896543aee527b441 already contained Conditions, nothing was done
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-04-02 19:00:06,529 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _dc2a169a4078c384896543aee527b441
2020-04-02 19:00:06,530 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c2.my.workfront.com/SAML2 to existing session 7c7c5b40dc58b8aae73671000930e79012e08e1af5c636677b4593ae905eb90e
2020-04-02 19:00:06,530 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c2.my.workfront.com/SAML2 in session 7c7c5b40dc58b8aae73671000930e79012e08e1af5c636677b4593ae905eb90e
2020-04-02 19:00:06,530 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:00:06,530 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c2.my.workfront.com/SAML2 and key AAdzZWNyZXQxYubpHBX8JJoNZUsMfQ4Je4rw3Q7fPkUmAkFiKRDLj9bOCEY7qL/Y4j4V9NAeE6n/BEiHgrJavN8uKZWsQFN+V/02+dGiRgItte6CmsE43S6t6JjqJNbS+4ZV1VLigVfuCfUDXg==
2020-04-02 19:00:06,530 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:00:06,530 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:00:06,531 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dc2a169a4078c384896543aee527b441"
2020-04-02 19:00:06,531 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dc2a169a4078c384896543aee527b441 and Element was [saml2:Assertion: null]
2020-04-02 19:00:06,531 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dc2a169a4078c384896543aee527b441"
2020-04-02 19:00:06,531 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dc2a169a4078c384896543aee527b441 and Element was [saml2:Assertion: null]
2020-04-02 19:00:06,533 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a7a34bd114d5d26f71f3c7859ed5dd4c"
    InResponseTo="_11481819ef7141dd82f57306286a9f54"
    IssueInstant="2020-04-02T19:00:06.525Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_dc2a169a4078c384896543aee527b441"
        IssueInstant="2020-04-02T19:00:06.525Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_dc2a169a4078c384896543aee527b441">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>/FRnjFDFcRL0ORnfTZFvC4V2Feclys96XIDYX5yp/VA=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>OHLqGvpotjg8Zyp2DKXCd186Ejj8hc8JNs5+kD9XiK7jPACN/SmV8A5/5paf5oo9iR67HosUZB7dxrzEnmPpIgVd/Q/E+YBfhKJremaryCViK7vfD+A1SnEAIWloJbBv+cWmRWMZxBkeQcvDyxHr+bkrKEGnHXfDcS3bjQkulSnGJVV5fo6Dtlc4GirtUUfr0AkfyUmXy3871l3IwrjrLQB5GQEeF+2Q3qbYEwuxAF/v896LOVovqX71horSYsxBkbbSOlDhdrrOzWsBZGJL+bGJ2V4TXto5VDKbxxanJD1+Y3nEiL9ErQFVL8XmifXxsEjMl9y3YLk7rCW9iLPq2A==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxYubpHBX8JJoNZUsMfQ4Je4rw3Q7fPkUmAkFiKRDLj9bOCEY7qL/Y4j4V9NAeE6n/BEiHgrJavN8uKZWsQFN+V/02+dGiRgItte6CmsE43S6t6JjqJNbS+4ZV1VLigVfuCfUDXg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_11481819ef7141dd82f57306286a9f54"
                    NotOnOrAfter="2020-04-02T19:05:06.528Z" Recipient="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:00:06.525Z" NotOnOrAfter="2020-04-02T19:05:06.525Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:00:06.449Z" SessionIndex="_1124c48cb030279fee60f847871917fd">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:00:06,535 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:00:06,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:00:06,535 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a7a34bd114d5d26f71f3c7859ed5dd4c"
2020-04-02 19:00:06,535 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a7a34bd114d5d26f71f3c7859ed5dd4c and Element was [saml2p:Response: null]
2020-04-02 19:00:06,535 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a7a34bd114d5d26f71f3c7859ed5dd4c"
2020-04-02 19:00:06,535 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a7a34bd114d5d26f71f3c7859ed5dd4c and Element was [saml2p:Response: null]
2020-04-02 19:00:06,536 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:00:06,536 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-04-02 19:00:06,536 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:00:06,537 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-04-02 19:00:06,538 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_a7a34bd114d5d26f71f3c7859ed5dd4c"
    InResponseTo="_11481819ef7141dd82f57306286a9f54"
    IssueInstant="2020-04-02T19:00:06.525Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a7a34bd114d5d26f71f3c7859ed5dd4c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>/I8Xhf9P96Ane+Dcz4vU1lo3oalliVczjJOALzmEQHI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>K0LJkdX9Uu7kHbRJ0lPzsbhXsyXMjEB60CkGlw1wwdlteA/Bay0J3q7Hr2y7QHU0J5MApGVVE7Q0efLpBgGr6jDoBtMZhh5pPWnzAlHg+xDoaNLPmlFGP0cF2z0TEuuMsC3qSGImr1gulksdN5qIT7++WJsDJnmKRrIynWGtPbq+UmacLFTCjPMcuPKJxupCNyfcwMLJMiMDfmw7Ilt6f3sGHlkejEe4cKsf4sPG52bNeBX/OrT04rA34iaqF9XZa1SLvhxzs6TVOgyQBWjXXlBdVZdEoDnzWcpY+xqW7K0PKWFjaaBHUcf62/MXUgfJZ6gn91Jkg0Vd8A9BzePDDg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8edd163687184ef50ea3559149c395a5"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_800917207148cbe4667065a0d5df6773"
                    Recipient="infraio1c2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>cy7Y+XoMLCyp9wI+uVvLWXbEsTR2gYuwH7Tk66B6SvEEOvJmtnDmvSpy15sjPa4zAiEMgcjOTEXiQ3RhPYlPh5TnHraY5JnDzlL6RrxG+H0FCf08Q21HpEG20RVtH5AJgI+yTccU7DErJHAYVr4TBCd1cKGH6giBFu4dxwVC1ICF7PCx4wPHohxK0JLZdysGxfFdJj+w0qbVkA5tcpo7b475+4UoLpdh0nAfU2oFz/q5x4LLcOEaVu+Z/n8OGISXZES8Rce1pgjKscgd9Cfq0uhxBQQNInfdQsEFus5hoPKINAnjsqByd460g5Ccl5plzm92nYAJwrPqQM23mGUBwA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>2Cn2p569MlA3tiK0hzFfvhUkQVuDebVKq3e6l2Com+6u5wzBQBU0GfcFDkEd1MvyN151sI/1sS5pGN1JzoafYM/78gQUlii5rdkxwp8dfS2F2lFRYNLni1moIUCLR6GzWAPGXNGkaeBZ7ZxDHzFN4SVE4OdriquE7Dry+HWVTBOkC43Yuf8ZVb6NyNrLGdT0q403/U7SHdCyOCFN7xgKJG9vP8t/x0i/RBJeiBrq6bnxuW/DPrVOpEIMxmSD4apd4TWwKLPlUFf6m7WcYrOKON74WmGge9HRoCrQLtizu2xFuIRVpdlYmV7Xc0Y6GGe/zCN0aNNTTAGVA3Q7+KcTUej0eFFxB8te+xqnIBqo4xrqFZU8YxlEUjpTFol7ya2CftF0FoR0WJmp4/e+XbXp+T8AX+1USLFK/XnPGuPJBqzebe3AMnhDbiCF6PpAdU4kpp8xnjHDylV5Oy1wAiMcQeC3KzfltdnqKtkqNypzeR4WygNWtk7iJ0v6LrT9CEfBrER+uSg/UZuNeiTLGkI7Zl3nswn6Z/5rutAPUErCoxrD2jK5xdGpZGc39S8wXC4787byBaYXvejRa/+k6iuDTdhgjsWGnj9kt+XebOHDrQcGewImhCWji8btn9Ob3klakUVb87hg7hqOLjV6Ji3EeKZJI2NQIYLQVVrEFgWUnhJFXoZNkwOqjOQz0TmzqgtqP2XjxobcC1zeiPZWeHB1kLie/D98Xeij2VyYRFRSm9aHpKvF+IyC5+c7rx8DZkZ065eQoMvrScPLbtvOjDH2WID7+D4ghOaxojcsRXSBeOGASzf7/IzLbxfWHfC7ArQ2H7/PxxLpGme3+ZsQDDgN2z5Xd8O8KOqagXvOCAah4a1Qkmj3ENhjAKX0fc8YgKzTlx06gFOQL3HrOLuJ0Q8LNID+wWC8rOeUMo6NJ1yo6TJLHxcMtj9zBtSpgH2F37a++Q1jz8kyLVMWeJGZTAOb53Ogzh7XTSUpjFAMMLKbPkwsBm6b5aJslKKTDFvlhRadfaNA01maa2XCUhvDyy3aucYXiM3Uii/c/PXEGie41YGnpI9g0XpvGS+thEJeDUnDnpGEQ1bG2VQAicbXu6i28m4k4bz4OFKdBRA0wJbp7dSHORTzzLGs7YxokBAtIKeStZY4Wj4kheGvv7uaovUV2z/6XxQ+bl89/dwRD41mwpDN0A/pIUqivZ3tfZAlZA4BIIYsFS3m+FiZeP+p+7w4DzttAYlMThRL7hXGlU32Lib9jdENLnHH6MKQJGwAik+Xj1ysWNgx6JpvsJmKjJz6jOrme20eLbwFo52qweNWW6JnTC/Bu6Bo/tAGW5D3uan8HjRfDKHzcuolt3l4oKsqVnoOf+iLp6MM9wvVqCXKEmA2s/z677CcZZoeFyv+wV2ywQi3uTKz5avaQfNmguVuSNKeYSkj/XPx8ERIHUDt9opRQPnIP72ZZneS6em4M/dn/NQ1RN4OeYjUR9jlVyyIkMscV/pAsfAEZLvEvD5LaFRyRgc3TxF6vOtcKKMnJkei4bE5hMxcHv8kzCITPdh9fjTdi38O3dC7LlDZIdkwOvmbOMuuyzBd+2LpbuNnpWjjSu+geK8jPsQ2AgXUVod1VsBJEMpYtxLq60liRH8/PS2fxUpNby/3QnXILtojyenWTtz5g5Prkqn6V6m+qDIdvP8YV5Agk7H96Hv5dfH5858MOQze3thZPuFL8UvqR2jX+Bi4EQoW65kw0Q0k2IJ8vAk+EP87TVZxkoyrV4s4NINMMTieDH/nByW2dbVO5jATAoY4UakLGNi+F0EcFSq75hl6fudpqpDemWaW+a9GmJP+udnv52Jh9Ar4IEb/Zg1exwmmbpj0FNrXXbs/YPyNsxJ3Pb7tvWm2OvSTNth7xhzWhpYjVAdMtg/zDA4pQmXJCllkPXKJdtydIWjnrvVGygA6IArpf1wdb5mQRBjBpzTRM1+tMUofxFSAYTjBRJTAlCBxawnLpQDbYLpIRQZEic2Icrb/4PJD4DpnHvIrhQa8en0JBZwJo0KauM/dmkubgMY4SkB0f1/b0KwsBoNwkKdLXEOTFl3uH/3UrWLhmwr6U+ZefYeKaG9uuFtNllRTcfgsr6fAB0XVSkQVJS4YvozwNKMssS7o9HqJ/lm439r9rkD5GUJ+QU/rivb2uuM4Z6wFHG++y1Yp0F94Q7zkuWgnsdxXINCV1JlJ55aB03ZN7AVmJ8mWKAkofo0QUkR+jPkK4bhB3UEPUclvuLl4g2gHGb7VdBtJuqRSmLvZzsnLR/kFTvU7uW11qzGlRftzoVQfGbexN1ba9/jRmTDiixMi9LC0n+zzl/MZnjK8YZq3ehVlmUipqUZsDWS7UUYLiEgPZZQW8j6KY5Nrmf29hc9Unydz5wCp9QbRP5XUZNe2D83gtO6rqaCVzwG7JS/1vJdUdxhbFBTplJIVU7JqQXxqz9VuUHgRKioz9y6rTx7IJlPVmMehlH6/9p+EQWJNeyPDBCMriT6fbgycuQp2tAXDezKEoSrow2nr3XDRvUcGBb7u29G9DRT8T5vzg7No4nOkJYX4eds8BBrK+P6aoOxrX1aHhUwGyt+azeT5iuijUUqqeUnUZHtmFKEE6jHFXXEbhtZTkkc7Ki6XrUxH7UoDSAk815Dow5eNnrI7MUFbbpl3aMoCgjyH0nCvC1r2P4o5zSCE3BCXdZ0qEqEALxZp2zkMQsPP66BxYxaQhqL7lG87W788JdoiTq3VU//YYqTwNm0vyz9Rczd8LoFVHmBbp7EKeiYnJTkCUfZblNzE/TeMlk5+DEttisky7M3twtyKexS+j1nM+vETJDZlQGf6UXB5mj8vIDT+t6t33gSjQSW5L6GOD+ZklKIJeP96LEIgwP020N/RtDiJPkFiEvMin08JlS9Rnuxlr11rtrdFGUNbsuZX4fBQAlnKrduGbRRcOPwro7pME32X/YurnVzj6QMzD6VCF6T8yaZBM488VILXFHD5Ua7eluVzlN8YeAX0JXXV0THmWIPKqodwgx2ILzk97YRjs2SDsXlsQfkrTJmggDZ2Zu8bWwY6ZFXRMGGhNZh1624DEA6dmBd233/SlwcHRphA8Uzy6ll/Vgyq3+hvZXGzIYLZ67LE87Y57sHNeTJuEASGNasGbAzrN0cstB2HZzNMz1Y8nXJzwzEibLTilVly6Bm2lyyyU24Tf5KQ7HIqLUppBjeO/Qykc4a4Gk5nNKm5N55810j+0v9D8EWKpXF9TdQH0OzLom5j3EEJcs4bY8hqj7g6c+o8bWnchJRiI6cstZPP7KVd8990ocllJFyRJ+NV3+s9GdcIsbsQtGYT4pIOg6rxToUN8yF3PC+RgqLiMso6st1dNZ/DtU0fNmcYEN2Hk7xg8xdcUUBguPYGfNdQ4vOgVUfuNC+283nqU1+XBwu2I0vKHmzuUu5pcp4ITjr9pnkSZjPlhYCNzoB+2qxYbi0xkhxWkg+1LWEzyJIV3VBdLLq37qqg/dcznPzIsfgOH6Z5kCNbQptz4FewFUPBEeW1CC68FBp6Tb8LBE70IDhfXz28oQtUnN4dihKbJb61z3a1leQc91KffvQS7Ycd9adPZm/53mEQH+xXlFEFhlAoafnFpLMpaTS0PpNHPGHd+lGqGqjgbRjwVXyLh26Jf8Nc9FRFsTle/Qk0hHwZvsbEMv7LVVHE9ZD7wm0e26cPT3dvXm1n4Jm4o3hgajckk9zi83s4UHm7drxWLB8/hQhWvxHiPL+PPBNEsU3uXzwCUfU+eNr1R29mwnm0Ao+RVMZvNoLVTHu5Simz8o8rl9tFjMUXBGwZ4KV64TU1LOs+Ki2Oi6Nul+EWsBs7wxFWMESPNnY0xHwVRyWaiRzAR788ADhMIV0tmlr3cFz1rgOWgZ/XvOeD+fJ5AgWJNj+B+qBwWhLvDUSKaOJMhkg/RG5dSvkPksD6ubGb6N1gztiT9VJiqGd/Zm7WKmzVQgT4b8eX6U3tmln/bk0i7XRKqbgasDCqI0e8eTZLvIWfnrMOMe5ISQJkch/YqL9ZAjQtfjmG+s/9Iq5ixNBCRCGDhGeluiSfL/4THsEV6k6Z55/L7sfA0teC2+t5tgOFOrgA+B90a9UY6REj1ygnDnrUYh4tKG4lROi8fi4/O1a/gpUcJJb3D/KLTMgPz21O4W23B1H1mhu4JzO8khNMgdJbILeqbnSGeFKMeSnlsaWAKpzpNPAnrTFESLYFRZZCFlzM359GPhq438Xsr/bphscRDVF4W7iQwxUfxacF0IGWXIIsAkaadAySRekdE1oN1YmHJ9m7jVIC4xWgXkR0N+938kpbgKu/gTjOoniIKY3CUH21y9L5cWCLGmqzGKRjV4QawAU+aTy8/FGRrnyo/CwhSJI73oTLSy8uFqOlcRaESKBRO5YAf6dl9puXIdcneAnv54xGjZZuYtHLgvluFLt/6JNsPsShm8F4CXdeuVrftwGHvNjjGBk4u+1JCfQ9/BJAvnw/m06WaGWYwQsuXURYjmsNXX7JAMNZToUOZNHvlVZgp9T9jgjL8XwT/8fBl6W1I0OgEl7yl+EaeNiSTk5SRBfMiaGG2paxUm9oU2HqkVGko0H++xiuU2jA0/wL4I6pKdesA1axvEHQj/X3Ia67egeKJkpJ+g3fwQmM/Gby8TyW5cUDKtZGHzPy5G0cCm5hmqT1yzIv6khuL8TdJijj56b4okDXbiYBwaH3nsjRtkw/6VyvQjyCVahFzYhohIJSSHN9yx3OzcMtCxUwqHFaq4BWnmDtEfXjuw7rmIa0QWUcRGnvVzgxWLmaCyL0kXwVP9wqqwxdgdF8tb/6tgIeGlU1IAsPr/TKWXi/xYTUoh7VmFQ39Mg00X/z8CgAtV2pDnv+EnatknOyHvUJ8kYXLTBecCL+hdC5rZwsES46J6YlKrFA12TcPjhEhGojWl0Fy4AAcY4uJjlhTD8lxLECIr39h8D/bHbVoW6fuO/+Ta+a64pSHnDX58SLABRDAnfNbkR7FzBxlBC+IH+XQs4/xUK8XuK9Nsnf6g27xG89alryMg7jYLeyJSQ+Rj14tkYYGVnr0oguyZPLesg5z07NoOQkeQtYAUCAey2nqh9dedM6pG1Ij/HiOkQ87ZJe7mWQCMk0S0N2BEk0mnZ9MT8J7IfORTwT5KoK46Pvaa8OgvG9hXUHTqVl/qx3Mx09cnVyDN32BEcCm0vsuuPdYeYS68YRmtjQWpLDakRutm5x3oLhg92fb83Co/Ow+3bqvhjV+8u5RrpWRzcn9MnLrW/MiQ/B8MkIUGcJ5uH0tIOC9ZAaMGTud9f08TMaiHA2+ZZRNVtcfuUZRXidLDySww4s63w6qCYD2DPMWbklIg10F530Gla/6qolydcG7xqHGUkOGsjmokbr7QDEc1a8iYmPrFcH/YmL/Gv/5cxLf17xi3Ho8vqN81lGqgmQfJp5H7wCpo96thKIDB/RH+7kfZqII1gcXdwZjVL0iE65LST9M4ysHDMkreZGBVmsV8fALtvyb4gBFBRqVSN3x4Zkt3lau8d97Nthyx932o6lLuABN2N/bWQecSVS0Shy062Gx5TRg3W47obG7v4yH46mk/syXXc1BBjpLDGnrcrLrm/8dq+wcZ5zsJk4vqwSJO9hGl0fyTkA83EGXox56pZ/k/nGzSgFlHxzBSYWNcBD6lp7a9tv05oJnBVSFDLXl/SNSdNXcXPbxWRkWmN7mSV0rwMl58bjIGXaRnWyw4IgViAd7BMJq0M+l2gpdw2OyXDPAwzDgoTeTUQqvf+2pVMKkNtXQRz3yvs1dG7HyTlxL09edP45J24l0cXy36vPH1HpuaP6Az8h9/v1jYdq674AXYadpEAFex1sy7OFVIbfhIX8Vla1c0d6i39U14HMfppPNJHn1XUa9+Jm9RxobsI60jWPnqXEhFIEqpS5NRLuCCN01XUi5tcUrJlQ8Wjct3WtSnDsue90nGrnkEltXamfOyH8vTAY+b+etfKRWGm1qer4uTzQ1ZlYgNMIKup4GwmpBVroiOvgwCO7x5b3MRiyWfbPoq3iz5cKK6CCvHq14vAZ8UM0+eqfuzBrAFOR/7jcoGHy9/TMhQW8l9hFC2DEW1JrLtRUqFJuNOXR/5/fAFLGbviJ+5Mb5OLDPhqVaWL5OwIKzz6axH7j+mjizN/ZqcaojaedqrPLB36wkMn6DQX4UcMeURFObW7wQR/sudbmX6whjnGd7aUTwbtGlDkEJ6U8odRTBX3UrE1C/ew06rsOQ3bYBSy3v/utxUVB1cwwIvvBSnBEVWRLYwcjgwbj419TCzSzELAGL4zfx9Bz41lOl+1ZAlJh49W9wMcmK6LmQeY2yQwVw2oWpc2rr6L82Uiq8e/8MWy6ZUgTAVif499Tou/j2tqSwd5PkHh06m7xf9Vm6qi0Ju7HpwOAPDzuMtGDWV835bnyZ3wXjE3FnThZevTKJCsvPe6visxFem+PGEEMjxkuMrPLB0QLPm6qTc4ne109Z4I4epHiSlk+jA3UBtbF6Fzg25Ax03u9hyqN6DidxWDHR3ezyTXHwdBChwC7WCim4SMl8UHP3aU+KWvkGIZbf/5BwqiYsLWwQ+5UJpfXhzbgXD7w/2yxT26wZsWDVIRVZEl1KC7CXCxC95KN72DeXC/m8xfT/kh3aDRFQBubcS8SK3e5OURV1QsBkZXe23E4J/IAeiYJNw/G44F1OBGZyM3EmNKuB58LnUoeR119qgJ0BdHBWz9hsDuSgvmCAfWOD0c7sQ1ThqVQjoQ6ahjTM8BJVcsOFE7j3yo+azsoktsc3jLjygQltZK2A1u/ZQvGSnTkMNw6ZTGo9eUCzl01XAU/9lJ+B6VK9DMNT1a+57b3ALyoAUo36OIxgHu7Sa471xxyEWN3gQRrMlkJDJoQaZq5TNgPLVfJGY7m1eCqdsCQ+HtGP4J7Ly3rkmyVc3ZiDL/H3t6jk/9DUWy06B2KZOopQdnBY1p0qRPkc9n5SgxVI/i68lDsupwYYD4cn7aot1aApt4/CWrljywaaBkL3hYFGwYw43jicJOJYoOgRHp22Ic6WB4imOxAx1j0pebbMMn0mgToEP84H1VHVxDMDTZbdzbvh/gG0DkdciNDptm3+yEqMIBi0QIsFHLGMcKXydK28WOTOZe9dpP5yrIsfI/jIf+S6j5GaF4vlSSorKmUCFYkQuBnPth0EpW/ATKXC+Jq+9Jdq66wNnw3ED97HTDZIK5IRopmSwL/4ObLMTPCk2FXh5/SzcldlI7yTo9yvkRWgIVsLxxd4EpXrOLGkH2qxMSFD4xV/KhcLAJkRlcYRnDzvTDqA7ovtnIuoIzt00xGfzYA0hLDQTA/uwrClRDPN5BbDfnbrVwXe07EDHGGnSpKrMRO/XezlyORP2DcIV+6OGOhvV/Us7Flo7bM4F2VWMle20lKaFI26EpAl/VfDCu/ABoqpTjDeYbMTJ4BPcNj0+A2VCw5TihJXZo0tenLEXvQGtTNoSNc3ie3NnozJHX6vVHWLaySBWiS2tx2rFIOcaEQy+VDc0Yv2RN8Lq7cq590vm3nT7HrGie0zK5jjeVnUAx87aqtv49A8IW9WRcTVceJzK+679PAev6dyNJvn8fP4DfZ9iH8h3agk8t/MjxCaJNZdzA4851MyPgDX9wjlcUXyurQa0hHDATxK9e/AKDaMe7nUZwDNi71iVBN+25hID/OQL6CMXStIBlJuveF6g18EkVsmPdkXDjB/9Y08ceBPUZ1GYw2VKGjV/5r9AZyaz02py6ojSwGIRcOXkJn5WNKskyXNgz4xwsTakf45JTPYxuwKhKLEo/nMdBdqY0WcrXHHKYImj+WdrAymTmO/waGqmAs50uFYXC73ou1UG6yrbuhTp147gc9ZL9wrOKxWEdMfuKSuZdr+5vLV4kDBzfbTwSvN7H9NZQ1lKVNzkuKvCuCe7bs12Zf30powcgGea5jhauB2aebpndYhWAU1kw=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:00:06,538 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:00:06,538 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190006Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_11481819ef7141dd82f57306286a9f54|infraio1c2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a7a34bd114d5d26f71f3c7859ed5dd4c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxYubpHBX8JJoNZUsMfQ4Je4rw3Q7fPkUmAkFiKRDLj9bOCEY7qL/Y4j4V9NAeE6n/BEiHgrJavN8uKZWsQFN+V/02+dGiRgItte6CmsE43S6t6JjqJNbS+4ZV1VLigVfuCfUDXg==|_dc2a169a4078c384896543aee527b441|
2020-04-02 19:00:08,823 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-04-02 19:00:08,823 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:00:08,823 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:00:08,823 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_9c0dfe9e7ce04dd18a9c0bcfb16af597"
    IssueInstant="2020-04-02T19:00:08.784Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c3.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_9c0dfe9e7ce04dd18a9c0bcfb16af597">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>JpMlklq2r8SFVBqez+yCmFxQ/ys=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>v4KYkuYzN6mcpzanJ0D45Fy0pALyCkVCdkPvjjuXQnKq+OaLXNCsxcYmm9kqNEIhOQCHpgQmA8ZNXYEk8bImVjHuidG9rXrP4+lC/tsqCki9FSaB+boU13CGFypgbiLOWNtfVA9Ujm4a2i5Eq4GzZUgu6D7TunTu96jYWr+iacbX/8rsh6deEdWm74i/NETBNX0LH4N7LUTThK8JMg0ZnW5vIGrd6fdX22qkp3dbD1wOfkD9XrZ0ImQYq01YBXXJfCJ0Wuv8w9M7V8KCfIAIPp4/asAs2qS7yFMprhvf5Vt06oEyefi1Tw/4Jr3TW+UbSSrgosDCbfvJha576pX/Uw==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-04-02 19:00:08,825 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c3.my.workfront.com/SAML2' from origin source
2020-04-02 19:00:08,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:00:08,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:00:08,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:00:08,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:00:08,825 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:00:08,825 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:00:08,825 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:00:08,825 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c3.my.workfront.com/SAML2
2020-04-02 19:00:08,831 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_9c0dfe9e7ce04dd18a9c0bcfb16af597', issue instant '2020-04-02T19:00:08.784Z', entityID 'infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c3.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c3.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:00:08,832 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:00:08,832 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-04-02 19:00:08,832 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-04-02 19:00:08,832 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:00:08,832 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9c0dfe9e7ce04dd18a9c0bcfb16af597"
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9c0dfe9e7ce04dd18a9c0bcfb16af597 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9c0dfe9e7ce04dd18a9c0bcfb16af597"
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9c0dfe9e7ce04dd18a9c0bcfb16af597 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_9c0dfe9e7ce04dd18a9c0bcfb16af597"
2020-04-02 19:00:08,833 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c3.my.workfront.com/SAML2
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:00:08,833 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:08,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:00:08,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:00:08,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c3.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' 
2020-04-02 19:00:08,833 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-04-02 19:00:08,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:00:08,834 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:00:08,834 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:00:08,834 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c3.my.workfront.com/SAML2
2020-04-02 19:00:08,834 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:00:08,834 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:00:08,834 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:00:08,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:00:08,835 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:00:08.836Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:00:08,836 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:00:08,837 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:00:08,844 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:08,844 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:00:08,844 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:00:14,282 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:00:14,282 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:00:14,282 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1387484422::identifier=rick, context=org.apache.velocity.VelocityContext@3b75a8c]
2020-04-02 19:00:14,288 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1387484422::identifier=rick, context=org.apache.velocity.VelocityContext@3b75a8c]
2020-04-02 19:00:14,290 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:00:14,290 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:00:14,290 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:00:14,290 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:00:14,291 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:00:14,291 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:00:14,291 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:00:14,291 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 9c481a39db28948a62a6916d92c26073d88edc050199ea4d362aae707f0cc394 for principal rick
2020-04-02 19:00:14,291 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 9c481a39db28948a62a6916d92c26073d88edc050199ea4d362aae707f0cc394
2020-04-02 19:00:14,291 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:00:14,292 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@390dcc97'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:00:14,293 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:00:14,294 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:00:14,298 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:14,298 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:00:14,298 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:00:14,298 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:00:14,299 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:00:14,299 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:00:14,352 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:00:14,352 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:00:14,353 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190014Z|infraio1c3.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c3.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390014353}'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c3.my.workfront.com/SAML2]' as '["rick:infraio1c3.my.workfront.com/SAML2"]'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@390dcc97'
2020-04-02 19:00:14,353 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:14,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:00:14,354 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:00:14,355 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:00:14,355 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _dfdf8ca3fec7177215e9abcf1263bbf6
2020-04-02 19:00:14,355 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _dfdf8ca3fec7177215e9abcf1263bbf6 to Response _88f915bf4e475301266219ce447cc153
2020-04-02 19:00:14,355 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _dfdf8ca3fec7177215e9abcf1263bbf6
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:00:14,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:00:14,357 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:00:14,357 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-04-02 19:00:14,357 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:00:14,358 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:00:14,358 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxx6+8sClAJyVLdhC4/hHDgp5hUGD8EAoXU3VYedqsYNUxMjBLREZQbBoiNRiu6AS1OM5pWrZ3dRXzzPQj/sOjWnjWQco996tsErbQelzoMNZX6RuGckZTOUlf6arrj6rg0ik45A== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _9c0dfe9e7ce04dd18a9c0bcfb16af597
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _dfdf8ca3fec7177215e9abcf1263bbf6
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _dfdf8ca3fec7177215e9abcf1263bbf6 did not already contain Conditions, one was added
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:05:14.354Z, to Assertion _dfdf8ca3fec7177215e9abcf1263bbf6
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _dfdf8ca3fec7177215e9abcf1263bbf6 already contained Conditions, nothing was done
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _dfdf8ca3fec7177215e9abcf1263bbf6 already contained Conditions, nothing was done
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c3.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-04-02 19:00:14,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _dfdf8ca3fec7177215e9abcf1263bbf6
2020-04-02 19:00:14,359 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c3.my.workfront.com/SAML2 to existing session 9c481a39db28948a62a6916d92c26073d88edc050199ea4d362aae707f0cc394
2020-04-02 19:00:14,359 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c3.my.workfront.com/SAML2 in session 9c481a39db28948a62a6916d92c26073d88edc050199ea4d362aae707f0cc394
2020-04-02 19:00:14,359 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:00:14,359 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c3.my.workfront.com/SAML2 and key AAdzZWNyZXQxx6+8sClAJyVLdhC4/hHDgp5hUGD8EAoXU3VYedqsYNUxMjBLREZQbBoiNRiu6AS1OM5pWrZ3dRXzzPQj/sOjWnjWQco996tsErbQelzoMNZX6RuGckZTOUlf6arrj6rg0ik45A==
2020-04-02 19:00:14,359 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:00:14,360 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:00:14,360 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dfdf8ca3fec7177215e9abcf1263bbf6"
2020-04-02 19:00:14,360 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dfdf8ca3fec7177215e9abcf1263bbf6 and Element was [saml2:Assertion: null]
2020-04-02 19:00:14,360 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dfdf8ca3fec7177215e9abcf1263bbf6"
2020-04-02 19:00:14,360 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dfdf8ca3fec7177215e9abcf1263bbf6 and Element was [saml2:Assertion: null]
2020-04-02 19:00:14,362 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_88f915bf4e475301266219ce447cc153"
    InResponseTo="_9c0dfe9e7ce04dd18a9c0bcfb16af597"
    IssueInstant="2020-04-02T19:00:14.354Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_dfdf8ca3fec7177215e9abcf1263bbf6"
        IssueInstant="2020-04-02T19:00:14.354Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_dfdf8ca3fec7177215e9abcf1263bbf6">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>/tT1g2pPYSP48hjZctwht3Jr7e5lUY6YmnZLK0UfDpQ=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>PXHV+Byjrf6szhz0EDFpe0rkEOVrPnp2EhjbI3dAG7C2Nmcoks+ZTIDlLW1w3goRWG7Ou2VaxxRt3A6Q3ZSaBF1gtn7YcN9Ym1pVGOgBe/0J52v/vc44EKugeddz9Pap4LquoEAe1W+n6qHF45yVObFWvC/db3aPpXjCtoRcuT7DzkpeV9ysfKfiEYcUZVh0yeYZPRTo+U65iUTZhHSPHp+Y9h/Ab/aWdY4zLdy1nx/npyRJuOv8wRMk8NOuFIXr6pcpcu9Zw2KHW5H2+HsO9FBOKMVnrEM/cmpxx51vmyY91k8njn3YT1etsPGUZF4ApBSznlrf/c/2RnYsGX8utA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c3.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxx6+8sClAJyVLdhC4/hHDgp5hUGD8EAoXU3VYedqsYNUxMjBLREZQbBoiNRiu6AS1OM5pWrZ3dRXzzPQj/sOjWnjWQco996tsErbQelzoMNZX6RuGckZTOUlf6arrj6rg0ik45A==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_9c0dfe9e7ce04dd18a9c0bcfb16af597"
                    NotOnOrAfter="2020-04-02T19:05:14.358Z" Recipient="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:00:14.354Z" NotOnOrAfter="2020-04-02T19:05:14.354Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c3.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:00:14.290Z" SessionIndex="_9e044ef9ef3f91bc75bffc984051b5a3">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:00:14,364 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:00:14,364 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:00:14,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_88f915bf4e475301266219ce447cc153"
2020-04-02 19:00:14,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _88f915bf4e475301266219ce447cc153 and Element was [saml2p:Response: null]
2020-04-02 19:00:14,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_88f915bf4e475301266219ce447cc153"
2020-04-02 19:00:14,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _88f915bf4e475301266219ce447cc153 and Element was [saml2p:Response: null]
2020-04-02 19:00:14,366 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:00:14,366 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c3.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-04-02 19:00:14,366 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:00:14,366 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-04-02 19:00:14,368 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    ID="_88f915bf4e475301266219ce447cc153"
    InResponseTo="_9c0dfe9e7ce04dd18a9c0bcfb16af597"
    IssueInstant="2020-04-02T19:00:14.354Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_88f915bf4e475301266219ce447cc153">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>+B/EYjxK5B+orHB1JFo0+jbq7U8TdGymawZZGcCVga0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>lz+vyIWvj3dFo9J+0X1Q5m5wt44cHK5c2ouNMd3BFN4txsIQqSnHfZksld+M0jAb1XxsvKFLMhAjJ6txPQ2gadudJssfN1gJLjuZCr7RGO7ji2m+Uvd/Gq/inXbGCVEuZBtNC6KVJ93p4dXN2pcgEqvTG+LatYmpNqwev5Mdax64WoFpp7Gzkcwh8/UfuTiMQpPPaq6O00QNef2fiQ7NgfTEDTmGv/BLAzDfXE3P4cu0jJKtOHq3Z2Bw1hA6UQYgERCpCiT/AO9M74BC5Aut+/zYwBRb8tJWXzMF5E0viW4Hh8tHRAiRe1srl0Nz7HNM8Hyx0H5YXyASrdBQi5udJA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_71c910f2d7f80a22a119757bf40d7938"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_d88258d9fe6189494e8d87b193482480"
                    Recipient="infraio1c3.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ACnMWXC2hGHNKU0AeutjUwnZBqIzssT11g2phzqdAfSIG8Pbg28RRPW9P/jSsMGGg+6URasjSXpfbWr7G9kayo/m9tN7rvbWdW0ObRigZf2joej1thEUyRS0N/pxBC0IKODVSxB91XS/aEeFLxFP1deNNHVVI60K0W9glITgsjT5l8ZPZdiPhgTnB7nXqfxFrABIV+59RorfQizOIVB8cxtCa9NK7sO9VolrjcuTHUszEbL0a1A0lYbMVjgqeL+PYfTmctTDr53e73FUH9f0u1/ieAxQX+F1YzMRvfO+ye3Uyt6Ccp14ie+b2Cs8JZVqpQDwNi2qEOTrpEbAjNyo4w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>uWM7dh+hpBEVl8BWvWnoBI7pXzWNj3Id8EmFQJJW0IS0C/URD2Jd58ChJYtVO9EX4Q+tiVzJBlLuLbgKI8oy7zWy1G4walVucISvVBKs031ILw6G6GxhoKxr7Vj+MU+bYx/ekZ4i8T/BhvOiQMZ4/KVCI9HJP0yncBKra+K7w9dJBciAG9jWDEfjBTPmt3XikscFBoC4VpBEfC3zFVhxtVhOS0J4j5rUQxWP/oA7hgJ1pSsu4RFLOejeJZxDjJO4BUeTLxzHBLVha8QPhFIlA5GMrSE1QP3NMuw1guy7a+TqHtdUCsgBrC/3AQIe4QJrUJa1nmPed7Ky4wLRyVozAQMQZ2+0QGvRg+BkPgFzOowAA7Ce624fLact41zOdAlbmifkBIfQkdH2cP7rdTMzaBjoyDYgoqtwFnc9nDiDnH99oqm4bWOHnvIKlog/Gs5zspebIgvvXxW6ewxK7oGcsFNICGl2JpFF9s/7RCp2gxYwmkaXjXdG5oO6abxYJPxQS2xUGgpt/nS9nSYbz4LqGlPXh2QPnavrg/BmORo+3p83GvHStz/UwYX24NmnKedVTtSg5TVUGQXEpwY78B74QaFm5+Y8phHErOtHRNniWGfPGLttn8LOAfvp7R9Y2lnW8qgbAHBr3yJahgs+OLQv+lrp0DGq5TJseQBVi4rcDqcPx1d4j5Noqec8qMSDW/6/wyeplOBFOPWYtuTmyFrNcwd4wco2QEluNE88ZviMdH7s+vjVzkRrjh13Q/bstrQP21wyKqI92hMOILny9HQY5Sp9XbrhTotgz73Xi+nDQVIBLAR4tSebigvp6IUtUpgJsKaDS8CxZYN1p7iU/NOYrmDvOnHKdTUfCfRLYXfE05tgUA4hfwdNQ08RsoepOKbvvfi9BdkbLbS3bznja4SCbvXXcWR46ReUEDmPXjljd49tGtzekktPtqgNa7TvsLmJ7bnX92oPRER8S6L4NGf/8c365RS8hgXf+bIyeMs8DVXyBVg3PSnLB5likqV8ZuctQAZEZul/coM5TZIO0FnylqGY8Gl3t4Sspg7OJ2y1L8p/sHhZZpP33b0Xi0rgf95KXiafby9UZirF2lP98yeD32k4VTMG1UH2AWFzR0FJozu8qrhewmvfFUPYKxGn5NKgZk+5nnpsWDAsxxw3KCvBkE+9j4sucoL5U2T+LcK0aGdTzIi9vvheZ61LOwwVNDO4ggSwimOkQP91QQhfS8jfJSkiy3MvLfUvS3w9/gtkzyq1PfWPvWw+yAmR6w2gh0Y5xQ7og071dNV6NPTy8UVSUTUdTgnAhu+eigCmcLRSmNW1bI2cDcN6DCbbyo008P8UFXyEdkMyYvnL5rr7Wz0rMYDzQRb//npvbLPwvWgJmxiDks0aurdjUGd5sxWDW7DK3/f2LHUF1ox8gnB6dCKNljDWaDeDYjo8amz2MTswOBW6TVzO2PBPs7q10eUs9SMe3PavLMq7GPtPVwsy4XuMidAHsgadLxSOMuYt2xbaivA3m0XObvIx7+KSEXmUtIKgQS21mlMyPRPsjIeNh9XIANWSJN/ikleRpmWNrcI1AVR79MEbJkKv2elodrl/MSDhGhQZWnJ5Ys9+MlniqwHxFszK4WttTR6qMH13W/c9qk8O0WlOBuWe6DHxZwdpTn545/uWI+4XOWfafk5mUu3YTUMZKoSxdzFnZIPXNje01l3JAWbcRUkk/7Y9SwXAfJktoFZ2bHCpWTQOFfCs0wdeqMoCMb9StXlBH/cqJrnXZFNl5f3xW5EuT5ETJdsTnaPC5elR9dhHdv1Akyg9X8gzxXrqpWxQ0YahYVWFjYO8FxiAsZ6qhT9D0KUPSqD6//TgyS5N1ufw7Id0jxRq9zbxej/1NqYN39uwUVtoK2fgwvim3eytSqGWa3EgGNCKxEZIbwgTZ53nGvbHXU4NR8JJPWcgaD3fBpp3bM/kJFHfj4rDLar9i4Gy8qtm2Mm4ZXxADsLoKxpm1Bql1B3adKCXzi7xag7emewmu14X+y0Z92D5hYBAJN2DiaL2xNPA6LqCvnqHHH4EPb1PkN1O/FzcAufq/NcGJYzNTae4WbpeTmqild8qoWbQS8gnSbr0f0X7tkZ8AT9cIFc4O+Z3SaXp8QeCj+MBVtMvSyFcUppFiWYIJX1v5H/gFcReR1IqmgpeGdKqZMgHlayMa3g/l/CULk6ojHLtjQDpTFHE22GvOsnjoHASi23qNsrigf9twvbC3FLAa/+WZKX8CJGl1rcSZbkLTINSq4Nuac6KRXtgo2lu3loQbAz5CCo7n4n6xtBXEHKnOvxMB7ejuc9tcRnA5ddm3zegILlzmj9Zfr+kqUPCynCjcMikBIvQnK/al0Ek+ECqyC6qNs4Svd4bgy+f2MRxJ4FZqkdJNW9n8YXE83vzT7PgDFskxd9QPbMBEAAaBfHWsYQDUCrpL/hoB1xtIB8ZC3Sm+1EiJ0XpBrTge2O4tffQAZiwUamzrP/27YyaFjb6szppOmzsh2p6i/LnwZMVng7nc+lv2tc3E1pwSv0RznhsixP155V33l2Ef/Q1wZqvecPTgFQitp0Xm9O4GMb946pJvxznsMy3UkYUcyODFYizpxJKuxnOzhfD3eJdHKxrPOHy5u+kEhT6LD47PceOMNKCD8jMuxwpNEwRvOLcpvhECY+9DQEUH3qoN5mepagOF+uP6LIKImhoIGOWEnfXlOpg1lTfCrPYtqTiJTuaX8J9S3GjUA1K4ktD/2udPgTfVcKKj1z3PbEFgqe0WytnR5uOn4/s0AhHFWe8F8t+AILXQdwzEt0g3Ut/NWta7ykasU6Y7gmoKpfOdtXiytzvvS58bwCqMBjSNEnYy2Cc8YjXYW8TFQ7Fun1IAiKnToEgfulcvCBpmOjGvII5q08Ujv71CsPitqrcHDG5pchYqrknTaasHoGzPBsvmGWJ+qqWpkEBRC/uHzlcmHlWO60fvRma45iF/xlVbMumjJtzvK+9L2SBdltKN18eS031gPCMiCOlhtJP947QQ7pUWhdXuiDEfaP90JrNzNOn2Lux0iVi4TJycxJ4uCaI77ZvoYIsRzLG0XrXrt5E8JDU03uVDeg3Ke1ryFqhezVUgBCBQFW5h8sVpZok0llOdlSpqbnn1yrWGiDg0wWXTHh4ZuB07BG4t/bAwRQPbLpWv+w5XblbrU7TDsmMcxi5cQO6iGrHxalPt98XhCp/vScs9+sT+1tV2jCQqYntFpS1np90JEh0PQrNJgsL9f6NDIJXr6awkX2fW1S/0lCbhQZ6vnyjEKEhVLM9ywLOp6iGORoLRS4NQ07sojWfOmQzBrcyMhEZ+RbZ2qQyIJxMzezpqfEe9T7ScN1ta8l8Q8dcuiEBkSqYGxPXoDNkKecyktnhYmZKaVU612kLUxsvtsEtPF2wF3ctHt+NToZGbU9SJcVNmD9Z7UER2os6gaW5qNl6wfUTZQBG2+OCGTKst4OFmnZyv4ZzRu3xdfl9j/lPuwdt47g47vC2s9r4xra9DuS85XH5bqCZUFVjMfesxGvlvS2jIWdSM1P5zg6hnF35+ESWH0LGc5dpL87SqFGHsApcto6a1xaj+leQvXoP2s7C0yLMKfnjV8cACwWIkixDCc7SXWebzfAHMQUBOwnu68ykXRPfYF6WVoG3VmXTGwAgWowBc9751Stwf/y9J/yRLTBVwXuWgCTtLJl3u4kDzsUyrLkK4d+2co5TZUtNNNAXzXOX1Pdkn4V8RZ2Lu4OdEstKohIx4wqYFYcFNzBlSfIkdm5tw4CEkGU+GoJlN9jLlvjwGHgJcJQtqCie49N+ezdc7/ppYsVNq+1Waq0MlhKnDPqHW5POoRV54x/BoQEfwB3VNMNSrZu4mi3PLuASOkZWQavvhP1whNZtXGbX/0WUXCKJLsr+N0osMNZl5fRF3L6Pp/3wblaiuRykS59GCM6YinQy7LLXxnU2mc/ooUTIBw7eHqy6M1XIl8D3ttnHNlSGWt/ySBjrQuIJ3MHVM2YVGJ0/GSJYWyfee2bMGChSE601LP0WbaFjCLxJyZf8ckaLM2FXQODpNhn3Z/R3pF8Rax8KuL6MGETRJ9iLHZl5chAiEXLva6kQiwdE7kkcgCyxL3xqs6teNTUnhZVsXX0qdHWPTc9JhiJqZApYmYcQJP5Y51OzMt0As2kisH2qdrZHpy+6lPETFS83lZnfonYyU2Vn8WCB/kqTIEXtnV4ReNS2SwPgQgnD8dIvKfSCSzpqunCSvxpbHApUYrtj7C3YYka+U9E+ue3ITC2swTPEwfl9dmbUrfMLvIIhG9Vh/Oo69mW2LoBvy5Nz6ii0/BKX44rR8VyP7tRtK1GIJqwAN8HodDlFpF6qbCxIaTvNKJP6O+FEUCDaJVZ/k6393hZz15vhW5guIvKQhMYl8hzhl3LCUJcKMi8AUI9wsDip5wBb6lAMvCVYnBDkQapXu2fB01WA93800voNP4YIJCPMBIr9k0QVj/Jnb7fI1nZDvsaVfZRnfZp/4JzcdK+9M7ubtlZrvN9yELc5uCt/eYN/5yLYknFm9irQdJuYh66nKqG6BzoTYvBidJjns3MEErJy4CnXYr/qOH+hdz72SWhQVTmjjlqL8tEnm7pKyE84ztE4Qy0zqF+gZbxVDwMZ37O9T5HQlX6AVfoUfgl7jFnz6F1wGjG6lgbOD7Ce0/N+OdyzFXgjIC523BJJhzzvv9jYdZ/Fw4cxBeljq74it9y8fOxvTqx3M9jGhZFGLSyi0MckX9LvWZwiiqGXA3ll9AaFqO2oQ0qhBNTaHLq7HQnkB08uAi8sVmpew+7494lChEweyeUMR+XNhUVNrUaWCnNIrCdIj2Uh85iu7+ZMseUTgdRYM0P9WYcxI0Dabn/R7YiNze8KkDaodD4dYbLrgbpKmPEWGGhJ1vmnrjwcban4dYmIsIgJgqvoibj2OJoIUkI5fGR69q150TJH3VTLiqgmYJ2oQn6M7CkjYNAEgy0cBn1tnYJpu/T/rTBula9L6GjRuoiW86wclRHXC7Q4sZl4Ya6iLHHcEmkCyuo29BvQZ6s7morFUJkTddpXP5W6X/DeYl8X+spKKklJ3g7oAD906I3oxJK9ttD28hm7ZhEDjBL9GdsKkUMnCdvelc1L4S2chxKsNO8AY4j2/Jsf7m3itBLBE5kBDAT+QhSnfbJh4LsUXoc1k314fopW2Xf51R9DgCc7DRJD3ERSk9Rci/3iy6+iwurGhPDuaTcARmDfur86lgCF5NflRlkwCySq4cA0GTnvQ9AU3iipGIfiAi/Kc5Ml08G73aZ1wOBg2uqhpYEMYCn0MM/KGuuNbe6Fl3/XHTOl/1nm7ugKoDgK7h/toc/2oAO70qHrNAUqBoCN6M2fvwDIWUeenWvV0XNGh+nHp+JxEvWALnwiywM39H7f/sMNRehx2FGMOKoX0feToqMYIn5dSQ3rqA5WZsLg7G3uT6ex9AplOEgdF7h+0CZg5PJOI4r22J2h1O8NXCLq1oBCXQz+5+IjIoQBZljxOj2O9o5QYHUtjq7fwn0XMqz+lboODSB+DpbNcjxsCwHbxcXd8iFj72+lGTamc4vOYF4636Xhjddfd1Z3BERU2z+p2cNj8LGTgJPfQdCtwc3JUw521D5MB52jqDfBoiI2+73RV6stDJOVg9TC5G7kZN+OHUKmEFn88PdxGRlGDjDCLUgi/lzEHX8+l4xmxHVa+ZF1dA7jTR8+BJj+XSTlXfoXTnHN1vQK+ULCwGBU6OUcfm/C+z5xNSjC6IkJ9KmoTFJTqRxLHpxN2NhCxexP26njm18q++RcvVSy0ubIdsDP+uwc4qdKquFawhNKz6awjgpwGQcRlC9U0p9DTlW2dd0fd5JRWvsyhBlTA9qSeOkK53wfM1god3OXO8QsY5qjqD8dcnSN/z0ihv2Kpm4PfEFJzXs/PXq/rEYEzyNJQx+iNXXiAbDFyjU1XAkZtVcKTTgJjMwkbNTYy/RSvLzRjGJ3p5leZxZfi+9ItUa/Se2uY/dCSx9RZTZgC70iaj/kqjP0ydyfjpolOKAzGpSLrAWQ5W6YnGTt4zK6q45hR4fTzuv5/SM2uaAC2yr1n2rEPYvm1HNjE/VhvJaA9TG5JAKS75G+luBbRSq6ZFkeeMybCt6DUzVCI+7CdbjP/RtJraUghdG4m0lU094ONacsGPBtSXWxpnCboBE3/XYBlbcV1OanVICh5BbOxDD1+J7GmMuHgdG7LbkSwVP6mqmzPe2bXCjweDbAFsuk3xWBXuDfr3YRyK9GXBn2rokEf+jem3zKne7BERsDbT2ss2No1MMKQ/owX6q1R3OGyJt6Wzz7SjH5vB0+L285hxtqVWBuecwiFSi2dB5Tr+DOT3TRPujVQr9RUc4MgHqiUD+99OZhEt5oXfXXKbRdXAWP/Le8QnU5SF7WvCo7z+HYRnI67aA7kiceYm9+ODffUL8hG4UW2mRzD8MZPseDUx7xRcuk0Do4SgjPhtTDwAcH5NNTeEvjrWzpmKrW7Br5yZyOJnUEccJkGQwBFIUpqJS97gy/oigzUAliiSmVez40Maj2G/kKHnf5ObgZsJxSODNgKoOx60KMzkIe1tDFcoEmoxvBVdc6CNA578TzGl1mb2wR6DRJ1fNEIsFYHN3A3nI/HfhXfEwSv+UdoEsjMDR42YryZDgCRGRhQ36IBtwfzxjBERt5nkhZejLud68fu0XEoDWdSQ4YB6JuzB25/P1JRbKwACdFRD3v126aYIzm2wYb2KprhAN0RcWyObdB95+7KIueu0zcOXjR+v9U8p4BUw2bbV+U+kN7BXP7My9uodOFRrxglE1LLhZvqi7t4BZxGwUVSr5+qZ5HWC1BZR19ghGTOnc0mdZAgosYVXa5/9MGTmFOVHNjTsL1VIkAXDcDr/we9EWBwvr9kL+3+dCLxG3t32jCRDg7itnSL1RNx3/3OM8mRwuJfHLD0E/awhTWTWMpVRD3h9ozD0KhpXDReLT46EM9sAyi8rLQ+VkD9tcK9KN1bI+pJL54pBLGeuBAYI8T7jEpbtFC2boX7uoHvoQ29HbnmxQ/fIyQVvHBRZZH5I1SZ4nNdXAhz4JqubkrrM5T2N1Qo9GlF2z1anT+TmNiSBPDjyftgL3JUGJWP5ueLWT9Hha2sr45WtMzMhn7loAp+SsChdTS5RQWJhRiO+QK1i7ssyQE1zxKZrj/oxqN8jPu8YB8cMjRVErlPgzY9lrGwz4WVJID1CGLDqtIK66ZExb+iYPUx/ThAuCA9aZ+X8w1mPDgwi0VGvr+6+L/RHciNP3O9M7BKceTFXnPLPM/iSjDL+1GkLis3axCXWYXmzLw19/NMA2/xkBvAQbc6Elw4YhC5ZRgU8HKki/eFVqSdjQYtwnysyzQQYs+EV0++JkwWWp8FdBslHYweqm7Hd2NoGkRh6F1UMIKx04rPZplM/OxB6X6xR/r3cRq4jnJ+SwZ8QL2UeXfrBksid00kj4KvlhslMp1Pi9ZNWjvKy8rzkVieV2xY0iKAuarHAYU5HIdeMfZuXje0Ky4bRBScRza3xwSKNDxXtwEeX+3C+YR4DRhnRXIBnsKVI4ucwFw1G+c+38jZJ0DnP4bIjtsa7SwX6JhA64es3YoTaTrgVswGBBAVv0y3v4iuqmcWFIsE26p8fByRy40YemsZ32IajScLOG2y+rOnp0eFjkCTVCdybLyZEwEUHbWFzZemrt6Y7lcLmDURFePh/iyIXCB4FfTQVOnanLSINuAdTGLZk4qYJr+pwIPRWAE1KzkK8AF4uKPFQSEKhP72yRlELTuoWXKiTGt0gjkrHKueLS5yK9yeEXSfDxU+6wMHGbB3d1t14f3ocEGbpDLwDievaQ3RT8vZxHe2GwPde7DJ70QTH0E07AbGmPDJ43aGxzKafh4aztKVGLs3cGorkFBDhK61qAZvVosYwF5aSz+u5jgSfCjifRlsfFmpYE7PWn77XiNhLo=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:00:14,368 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:00:14,368 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190014Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9c0dfe9e7ce04dd18a9c0bcfb16af597|infraio1c3.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_88f915bf4e475301266219ce447cc153|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxx6+8sClAJyVLdhC4/hHDgp5hUGD8EAoXU3VYedqsYNUxMjBLREZQbBoiNRiu6AS1OM5pWrZ3dRXzzPQj/sOjWnjWQco996tsErbQelzoMNZX6RuGckZTOUlf6arrj6rg0ik45A==|_dfdf8ca3fec7177215e9abcf1263bbf6|
2020-04-02 19:00:40,349 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4017-WABLsY8U1k3mb0sVZtEzh8IsaxuENdJ4
2020-04-02 19:00:40,349 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:00:40,350 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:00:40,350 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk"
    IsPassive="false" IssueInstant="2020-04-02T19:00:39.430Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>HX56lxBAufgB/0PjkpV6a0u/Vt81nd7O3Wh+jQQMdYE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
E5YlqaxDUCQPFyfvTv/TvkjVY0GGcx1RgFY7v2d/Ps1c4RroXOZSuPSRDLGKMCO/RNjn54NntnzH
BsNVEyKLhKqskZ6EGHraGpu/XMXT8VsWuTS2sDkKzw3Sz+IxPEnZReDvLU+x0pc5YTbznnYkjlvT
vAEcXAJellJk5RXzL9V/r5l5LTamxELpfC76jwfiYFL5TZAWLxqr72I3JxMadp3WrhrBCLW165Zb
cypjL9wgVLSYjivVvCJZWtliORF45rHwp3YXlDZclJ0ysgUnAaV1meVJ4uVTUaP9n/SmikL4OL9o
VKsmGt960dzPP5MSSolhgyybOqRi+3m0/pR5Ww==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:00:40,355 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-04-02 19:00:40,355 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:00:40,355 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:00:40,355 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:00:40,355 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:00:40,355 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:00:40,355 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:00:40,355 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:00:40,355 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:00:40,356 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:40,356 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:00:40,356 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:00:40,356 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:00:40,356 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:00:40,356 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk', issue instant '2020-04-02T19:00:39.430Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk"
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk"
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk"
2020-04-02 19:00:40,357 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:00:40,357 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:00:40,358 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:00:40,358 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:00:40,358 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:00:40,358 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:00:40,358 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:40,358 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:00:40,358 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:00:40,359 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:00:40,359 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:00:40,359 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:00:40,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:00:40,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:00:40,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:00:40,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:00:40,359 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:00:40,359 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:00:40,360 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:00:40,360 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:00:40,360 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:00:40,360 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:00:40,360 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:00:40,360 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:00:40,360 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:00:40,360 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:00:40,360 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:00:40,360 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:00:40,364 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:00:40,364 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:00:40.364Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:00:40,365 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:00:40,542 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:00:40,543 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:00:40,543 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:00:42,678 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:00:42,678 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:00:42,678 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1973216240::identifier=rick, context=org.apache.velocity.VelocityContext@1ad37cac]
2020-04-02 19:00:42,679 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1973216240::identifier=rick, context=org.apache.velocity.VelocityContext@1ad37cac]
2020-04-02 19:00:42,680 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 17bca4c30bb91e2e227873f8785db4e9ab01e763d67cfad898dba97e93e2461e for principal rick
2020-04-02 19:00:42,680 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 17bca4c30bb91e2e227873f8785db4e9ab01e763d67cfad898dba97e93e2461e
2020-04-02 19:00:42,681 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:00:42,682 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@206e7913'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:00:42,683 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:00:42,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:00:42,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:00:42,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:00:42,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:00:42,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:00:42,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:00:43,567 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:00:43,567 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:00:43,567 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190043Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390043568}'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@206e7913'
2020-04-02 19:00:43,568 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:00:43,568 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:00:43,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:00:43,579 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:00:43,579 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _867c9e15cfc89c60132c9418f96614b4
2020-04-02 19:00:43,579 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _867c9e15cfc89c60132c9418f96614b4 to Response _c52975550d704cdca26e08a4b8fc7743
2020-04-02 19:00:43,579 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _867c9e15cfc89c60132c9418f96614b4
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:00:43,580 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:00:43,581 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:00:43,581 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:00:43,581 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx2JGDYHNPyBpmtBGev2RKHRgIvzGRsfDdghbHVD/YNEFT0LpQ4nQoz57ECIIuPuONY8GKUWzGV2P82XCd3b8k7+lXNjr1gHFqJx6xPOOEpAnTHHd1CUf3EOS97JXuQPvK0WTSdlgA9Hswsq8hPTLFni1o/vvHXnU= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:00:43,581 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _867c9e15cfc89c60132c9418f96614b4
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _867c9e15cfc89c60132c9418f96614b4 did not already contain Conditions, one was added
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:05:43.568Z, to Assertion _867c9e15cfc89c60132c9418f96614b4
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _867c9e15cfc89c60132c9418f96614b4 already contained Conditions, nothing was done
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _867c9e15cfc89c60132c9418f96614b4 already contained Conditions, nothing was done
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:00:43,582 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _867c9e15cfc89c60132c9418f96614b4
2020-04-02 19:00:43,587 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 17bca4c30bb91e2e227873f8785db4e9ab01e763d67cfad898dba97e93e2461e
2020-04-02 19:00:43,587 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 17bca4c30bb91e2e227873f8785db4e9ab01e763d67cfad898dba97e93e2461e
2020-04-02 19:00:43,587 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:00:43,588 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx2JGDYHNPyBpmtBGev2RKHRgIvzGRsfDdghbHVD/YNEFT0LpQ4nQoz57ECIIuPuONY8GKUWzGV2P82XCd3b8k7+lXNjr1gHFqJx6xPOOEpAnTHHd1CUf3EOS97JXuQPvK0WTSdlgA9Hswsq8hPTLFni1o/vvHXnU=
2020-04-02 19:00:43,588 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:00:43,588 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:00:43,601 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_867c9e15cfc89c60132c9418f96614b4"
2020-04-02 19:00:43,601 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _867c9e15cfc89c60132c9418f96614b4 and Element was [saml2:Assertion: null]
2020-04-02 19:00:43,601 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_867c9e15cfc89c60132c9418f96614b4"
2020-04-02 19:00:43,601 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _867c9e15cfc89c60132c9418f96614b4 and Element was [saml2:Assertion: null]
2020-04-02 19:00:43,605 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c52975550d704cdca26e08a4b8fc7743"
    InResponseTo="_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk"
    IssueInstant="2020-04-02T19:00:43.568Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_867c9e15cfc89c60132c9418f96614b4"
        IssueInstant="2020-04-02T19:00:43.568Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_867c9e15cfc89c60132c9418f96614b4">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>W7XtCWEG8Epu/XfpjahNgoKTfmACTWIk2k7tzZwyFgiJrWLJwUl8MnfDeSFsHFSCsy3PtkJ+ifUY8cHFkOYecQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ekWk6AFF1zA9qWtvPqthNbualraBgMqc576mnDyu/i15mrSLZmzRtMGKvbEW4fy31UAtAQfSrti57mi215ZYhWC6Tmmola1iLboccxvWFdbw9eIkzvr9/GSChyjRXotr78d9MgG3mynkHnKPBH3xoF2PQVhlJ9aGq6A/nFBxTWnoF3M71hv2f7ndsez+ySLCZbi2HkgwqvxjDDtcYdE08FPadOTNPiGIFUaSoQct9fBq1oFqoJArFtrni7nro+VR/dN0X3R+mubTxaNnDu7MYSM3yMpPgfrVQ7PERhhRQmxFNJaGEXNgTJX6y2Az1B2Nx0peZasK8k+9Do4DWmz9vw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx2JGDYHNPyBpmtBGev2RKHRgIvzGRsfDdghbHVD/YNEFT0LpQ4nQoz57ECIIuPuONY8GKUWzGV2P82XCd3b8k7+lXNjr1gHFqJx6xPOOEpAnTHHd1CUf3EOS97JXuQPvK0WTSdlgA9Hswsq8hPTLFni1o/vvHXnU=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk"
                    NotOnOrAfter="2020-04-02T19:05:43.582Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:00:43.568Z" NotOnOrAfter="2020-04-02T19:05:43.568Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:00:42.680Z" SessionIndex="_ca29ca23581ad05fff4ab5e8a9504144">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:00:43,607 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:00:43,607 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:00:43,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c52975550d704cdca26e08a4b8fc7743"
2020-04-02 19:00:43,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c52975550d704cdca26e08a4b8fc7743 and Element was [saml2p:Response: null]
2020-04-02 19:00:43,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c52975550d704cdca26e08a4b8fc7743"
2020-04-02 19:00:43,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c52975550d704cdca26e08a4b8fc7743 and Element was [saml2p:Response: null]
2020-04-02 19:00:43,611 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:00:43,611 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:00:43,611 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:00:43,611 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4017-WABLsY8U1k3mb0sVZtEzh8IsaxuENdJ4', encoded as 'TST-4017-WABLsY8U1k3mb0sVZtEzh8IsaxuENdJ4'
2020-04-02 19:00:43,613 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_c52975550d704cdca26e08a4b8fc7743"
    InResponseTo="_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk"
    IssueInstant="2020-04-02T19:00:43.568Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c52975550d704cdca26e08a4b8fc7743">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>bUyv4Tahgyj9iQ0cfPqOAditVFJB152455UO9eEBtLaMqlaXR57MN4RmLbLeyKU6IfOAexmLR4KQ3iDXGsFtBw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>dMcdZheDc5a/xnaOeYZa61cDMXMt9jOeX9BiaVD4TLm5COtjTRKoTgWS/WX2XZ8CBMDhSUk0w6XA2hFMD0T9SlJZO65ue3YcoDOET7eyunuU8pwrUjJTGT3Qyeo6FoiM+4pAHCsFiE69bZ8bcnOCPNTP2sQIjP0dpaIwqTFCmSEcATmfnze/O+8kh6WwL0U1yBXIQFPYLBuukSEHIo0QHGvg/lgD+XBpVmFu0BdyVhDBFeLzvwRoqB+y+XQ2xHl+NsXEGgbNrSk7gQCh2d1En4RsoiBQbmSpDrqD0E+eF4ZNqo3z8kPZMNh/EZvM2frqzzJm+4LkzWxZBRy1jeENUg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_24871c8fc017631d1c310947fa75e182"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_a75ff03cabbf036daabf8ad514e697d9"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>m5wOJBtVopWoB9nEmuYJoOtX71gfnZgWCoMOXIlzTrBClCRstjZ6yJSnn5tzIpKiPfY7Qwcoh+oYkCXIrZzDQAH02dbV9+BLQaCOLu9ajZSw6dxFScOmwVVFdoSvS6gU2hEIQP6WYdhTVPP2BPrrh9aPNJdxx66cesyZbJw0196sEVaHEl6kHcmL0+VEcjSszhQxgGdo3+RAtu2UzMN75seo7zAjFX+yB2Y6fuDWAretLtCRTrrm5EVRxE5i7ropZcqkm5NjLO4kQpT9hWx4/uOiJU+2kVYSW7T7IKW3cK90i+bKMTbhr7oGohkeOEIJMgG+Q6VQP5iuU5T9KU9z8w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>FV51jh9lUnWGzsRhvSpwZovPOJxuFi3kUow69bHhr9/a+hx1sZlUE9OMjPxFn38dSW+6cpFkIpm8+llDZnyiDOv+/7CVY0o9G88b65d58U7iXWG5t6Fov3h0z2oTBIf66OoXedBv/nOOhpqwaA+/YWjAUAiGPfaZs9eb+/vQy9ywgvd4aC9DSXQEu4KCX4x+2NiKDtoAFJRVZxK0IO0h+K5KJuntgA3IssZW4CQruZuyRqGNvyNSQWU7vss+w3OV2jhchSPktUArAW+dHLu+lJ6+iYzrgo6qPGaG7UwgEzh7IQTq3YAXeX5NHKYnSQR1xWw4JGp3i/xBxYbaDxKP1Gqv6AlKp8lL6YNRaXMDfdl6f2uY8Bxe2WPOaLDVkMXeVCk3kBaMjCwg19//u2vuSejQfm4q/tAihmyvcXVlw4h8Bxc83y6h/JrSdQyPV/IDBR0IMdAIY9H90S8mbKq+VNVERQvA47jqhNTPjF6tn1dyI0yh4NRsLSSb7UKUpL+L7LfY5wjm6nhulGoBMKLISMOBF7Lrurl1wpEZ4Z2w2v/H33lq3bg9vuR0R6IJbzmPZF/0EWQxUNziA5i0LQ8FbMkyfJX4z59xBkradTS/MHWlSiYPrv46uEphLVjaOJrvzXE2GzdL2zTLDKcljW/KpsNCyxYfS3Cn64YwIWPQWX+FVUrtGKyUS74TkjO42bXZXw38gJIzJsdVpvo+jm4dL/XjDwknbNYaA5Xz8CXNKtO0un0qlF+k36pt9CLFU4Qjr8YVkihgC3tVxh5x4HoAaDn2+7F01yf+Ibm+KB6aF+SaDjIdaH+jQp6iUopvsBkLKy4hgShADzaT+mkfmNiZuL+8WdAIC36/VEmQOYJ+TxxY0FJzyr8fBzYivzqRHCicPtwlCAHiyL1U6q+ezNf9PvbY1Ksp/mWj0G05NO+CTgQcA1rEHnUc34aYxHKep6zpN4kMvRF0/rIxVv9XfefS25578LwtHq5+4LEYNrNVtq2um28uxc48Jo+bnCzB+ZSWjHnRHQdC3Yp3yJRBhC6RaKesEyQNvDYz7NXEOPTzwnhRfTlbGWMjbiuh20RtGX/S1z7ONoEQi9pJXa6jbAR7GFnhPDGOI8FkO9bPtKT31+/k6dSp91zf5vYxqxcqsgy4z60vWy5Af79Qv2M5ZncV1zYM8zV8Tsv7cYkUl7cZCMPDEv84c4fyodAxMA7H/WRefevh9HftCvSqFQpmaiSVEW+ikeRJgdeLTNkfGZ1KXxyHnPdDVoFfxZgU0ixcl40rdoJAhDlqEoJSu56lQh0ljh4cc1S49Z6kgexwWvlVtzMzQRBy+U077fbHzKf8gh7mgoEzMuo5eGo4XGBqFb7qYuvUYyFMd9GqRs4/Ded/88uYk3C7iWTF0CoCtS7sQfxmGJwHrpbs6T/f3RzRUQLQBAOqQjuhUwkFwndqlDgX9F2pKE7l0xTScSkrth1XGHi15BLCGPgKNtKnyFFH/McrAqXDVABbp4FfyQlmW7Qd8IFu/3Vj4a+OPaJLXM+lEjvO9f/laZXRyVTXyw9d2FsZJ1UTNEn3BelI6TTEJUHawEj9cq9jhH6BuftJp7cz2BkmFbIKpmMMXi3m4t0Wmhwsfv9s42iWyvc/Pu21DJ14TM2t3/AOaWLT0yBqpOh5jSw27+BY5/ybleWA0wpqoSLT6VAUK2OruVdARVUErzEjDo+hYoq6xY0NaWL8Mn7UeaQM+2Q94Rfe+OdABEEzLMT1l9PinhUagvWc1h/5hsEw0PxlEhPM32RPS8WVXlIIlCMGhmqV335ebcnzsnBp0h3mne3KSO7NdGJ3P6LpDAbsGX8ofLXtnxI79tWvfT0AQamh8jrG1NsVRceOwDfbChRbqVVkpdx1HElQcAnwC7wFkpy15qnviLoi0E0EJy471Jk9wUvugFzff9TDCBPQ6Fer05eJYmByYEGlIDLvp3mv3YhMjUKt/uHS1bux5LaeNEkqXyQmg1NRMi+Kf2cFzGWbnNbWDp2c9EzHMmXN1+eoKupHDNqWopu4ubbGDEdhqggP3LIthG13uWWZfmTeCiCi89qm7B0OFSYUrz1ewZ0OmmyZmwYbbMxbM5a7afCZa33kYAXBhvMkGn+mpG8KabTvYUs+dAGVTlMm21C4WzsRb1RI3xCffFVTHy2t5XAdJblEgODgMmpd6rSbXX+xzDzyiHG7w3GPLYxBzwS2xnZ7HYuli5SR295YJs2E0y+ssuqx9RvCQZyPN0w7wYhJLE0K6PbZF6BinXLE3Y6IV177AGr20G/tWPR52r+rCktA7+INLZNGDN2b/94orgm7uTLN6K7uUbgXKaySDmVhz/5GVVOpHQyIw1T4bYv7DgPtUfUcGYFc4Zr57iA+IEiIh6yhkomCiVon7j6Gy+cjPBXIPxnOmsgqObxVncroaf7+hTE4dDZMbHKoP46iZ1AvnQnBpIhkoytohBNzUiowMMMMr4pcJOy6e5K5RuHBkrBTX5yTwWvLG1U0ENdCpCuGGl5ARPJ+ygHtCDcgwutyo9yGwPZcyQ2zk2kHr8VLDmIo9H5ixCs+7D2A3MlKp8/onRMF0Vh09p7RxcZ3bGDinuFQdQHlseRt5GyQuBx9mgmFHZgYSzyq0BHuRQU4nHHIxkz1zN64g0Xfju7uxOCzQm/+ULG1ldXuE2btUkEfQP/ZYf9h9SZVkZvR72pgBqRJoWspFoWgtGj7vdQwe7xeUjlpOy67Gg0CJCxsmfO+4QETARcki1CD/cs0gWbHPFjuwgr3N8LvS7CgCmkc96u566IL2jOb2957s+I7hnY5uUd8/5kdLBSiQWp7KPKpbgvQjJjbo7rd/RejTjm3ZPmCFoVgq90gYsZ30m4h6ec+s5LxYVbCKNuuAdMsZXzmnkUOZQx/xqz2v/GCgmgG/F+xR0JXM2JgNd/Qy+/ncP1OmJHncCZs9mTLASBXC+lzAV2MXPkQq1Eq/AASk3IUXZNPiO/W14fZuPWn/SikG7vnNWRGOK9WgTpA02ba0ew9rz2NDhzDjc8ouKbKEuL7NtkLp5JG8KkSJaDgeNAWwh+46tKCtj3eqChXF0ZQaU2x1tcwIhZsRVGtiUmL/UiEesMqz1pYikVc4QpNvGpNO/WJKTqXq/Fb9uBV1An2wjTZYuUrXUAml/StmTVe6gAk7CPsbBaCCXx5JgT8KUgUsMI0JoH+7QdwBOZAEOzfXBqhKyIJGSjJgG3MRO6vZMCDYffS6zErkOgcEs+tf4bQ7F17wCgoXqzIIkO1T/Mm+plUIuSG+vhekj/q5HvACSPc2UfGTZKt9O2Hap/hQt+UY3Hpu9PK7vNg7EKUPgbmNAeX8MjNGXSJ7ZHty3gUh8k4t0n9WX/hBxViS5lPrtcAeXcORQpRisJ1zDE3Xs/mselCiYBp35SNPRS23u/WPaBsv/hD9URpPimCTHlD0qbsRdRbebOL2MVoXVVyk+wEpRJ6yTJHCyQ93Ti/VNTJ5xAAZ11ESfSq8AcQ0Ojpv8QmtVHFrSQY5XmQ/lr9jaC1knIfZAWgF+srnQF4/0eJAXpXOUTsMMShlxkOw6y5lDsZqsaniMf73IV3Dz/mVvA+gLXCsnBIn6S6mwQa7TmlR4uP45paPBZcy8CfL4RWM1XyM2ENgPRfVbSQMTfTz+m0SbMYN0RNTKos27Wawj82KeYW20HeNErmcGBj9gG8TeQCP9zqf9J/w0fHo4+zhB+yk3wuPoHCOGnP0EkaN22YPBdfirkycZEqoiUAu9DSOfEsQctE1Gx8WKOo6p8hVA/fzN17Aab1nDWW7lHqY7gM1Gcp198ixXiLPvEjI3EKdIVPfuuJ7EWtWiwma7UNvYbSkY/iOJbgyApbQhDx26gi01MBQTYhGBYofSVW4ryiijfzgetaeC7I2vIVP+c7xZuQDXDYZF+qP+vDYYmo6at8HLutuMBrFlNOiXt8dfbUiPIsX/sQg3nq0ZxQ9jLH3D3Qj0g5aiGhsWOqJUBiCEsGkwUyG51Ao9xVh7pPvH2zJbxP4q3vbcX2R8ugVCEkrIeIP6KZ54fBfRNNuSYm/kB/kBxuLaoobCuK1HF2jtg1a7TzJGYdgdvkI0fWZohOK4Rhy0wu795xSE31wy8YeLMClNiWtCxXBHAL5kwTRZqt/YKucYDml+KCYjw6BBT5nX6otDboXsJix8DbVeYIWA10ElJ1TS55lAgBBwwHcYkJvDAHcrlJ3U1BTGHSvTpwGtVqXRXo16oASJmeipOVXFfq2FYQ7Vc824C0f2m1MxYUBW33GE3BK6MLEaDwEqHO7Ca8I7M14StH/P1KQRW3dDD9bz49pPXzo+U9+YiMadfeElEa1oQXS+UN8B4JmDOVa2rDTe6ro288kvvP6HTRvL+n7lUytXJgOu8XGqfjaA1z2jFkPTMciVfe+VRRWGOE1Bwwqmp0NDXDW3fybgFcu4WHWAi0zNvlwj2dzgOfCY4eh5xPj6OJuc4fa4LHVY3DaDelDCMlAJaStLMmpSiKbZQ+aG/1xqXbIfcyZutSsiOFhqBee0T5Qgr3SpLtBr8AbrtRF9t0x93qigArmWc9imshep79v8HUQ05v9ISW/Mj8o5gyJ1kCuuwZDYcmvT8uuwfb2ruWiWCVG6JIpBuDBtSPexE/Kbo2OLxXcKwHGIKD4Tk54A8yuQzfa/DQ3frkMo8rKTVOZ3Glg5rPXZnuRta1Bi3z82mBmvcuo1LehV5ayD48Q00TNk5oP9mly9jUDt9cJ75Utu7TRv8OK+8nSRMQqg7qEPwR9tQik1zVtFDNkLpiRaYcc8VeI9VXS43RKL6zG4EfWZFTOghROyuFuz6j83s4pAmvH17ko+bgkmaD65geYNVA1Z6Sy72EB1QXd363BynCUah7mwX1urMi7XUlW72Pg5S/3TkOTuklQW/bzzQh4UhN7bDq7KAmXJklXiWH/Q0eEf3kHAJg0mLrIZxCyTy5pUZCfLTD2ff7XHedkZ++2aANDh3wRLbhWuypKAwyxncBVmukCbu6IqeRYihU+gaCdQspuUhnJ8bHZ6o9WGsmuFx5zMZJIZ6M+aJHOPuJB3Z/OplH6UAazXIE2t37bcNDs32KEuJIwuqWZC9xbas8e1X8W1DEJreBIkrQhEcygSky+cJILhu3RVd5r513Tg6kPSu3gNpbiLLlGWGWq7eMV23WwmmQBdnJ2ps2s7L+CA4utNbQSl/ilBikQqECjHAtS0DOMP0WyjhE0i61C0ZIO6C9VuALWasfpnP5opOUlezihK8XoVewXhoV+f+sbDCRdqOrpPfhisdhI0oX8gR8YEOcaZTLwX9sbYo9lrF2P1qg+buPX4JLhYE3Hyb3JKKkoJ3bw9Y7Ljd5mUwJgU3zEgGTjW82Ly37ZTswyv+YNMcbKBIOsWhvui9QI6wpisX6NqvlXzOOw3DA14MVP68cZQSEFBYAMzzvPG2VUiVTh3JCCXzrHsoosUpfmBOVrJjpdOmSJ8K+CQagTegGG6eh2mRbL3j5D9Eth1YGnsDJJyIMvRsPHR0C9jpL7UsGw7xr0yII5Q+u5ZDLSRhcVEOqUveUgkg0EhScHdwNP3uGeDc4K/MAFrtV+o9e0L0w8bw9rwcjvU92jLJuO8jjj+vugjeM/5dJwcn3J/sYymHAUaHikGeNLi4Vii7RH+uAssuV5xRG5VxoFHEztMTJg6xoN2Nu7h7fuuohSpUgVITD+wx1YlKWtaNT3qjH73yAElqMRj3/+JjHD2mLMUiIqHNR/YEBVXrnXvb9ujgVnOuoo7J7dv+fdE0CtBJn5lxJOxsOYdvRHBPCL/L+x/Pff4CHVoPUaQA3JubiDDvOFaMluU38qkgzuE+zWnBBDuTsWpeysTR9P1avbI8BicHIi9bo65HlWf+1DcgluvGrim6CYb6bY6fY0HIQnGGBFlQ3wcgSaeLLRRlYcPGlIsF4GPhliwecq+uYQree/RYWOweB2F86M/+SICqGFefNrpYanzv2HSPzuARvJoeYKecZtw32kJFNm9V77rjVHxkJwbvC/AmDgdOFMSo4bJ/9XpjH0VtlShjoFtb0uPt7FzKxaSyYK26PNTJWx52qvK311eReP6hL3qA8pnc7L9rnmjMplFmu0m3jQa8OMXfJoDaraadkuRS3e8acjiW6S/Fs0vkrMnr+t0va8MNheAztRwawY9FKJGg1WJGGdy1Bj1XK0ATPW5w0bG8BhYNg8ac+KpkG7PuASyMHA4RWM9v0tGbjjFnTnyLPEsez68wTa/5sjmYL/UwpHtudCBrpYLmfdPcAOa/w/lxOTl6udG+lgNkj7AeEYKbjbe8RbrVtMWUAEA/NOwezfdmzYX1wXuuq6miNiC8CJmsWZCpCUhxTUijRL8LYyx2u1qEPRRTtslo2i6FFvwhwCQW2Y5JW372IQzNOY+Vgsnt2PeYBm0LHzgT+keP5b2ig9CtO9um20JHrkmkLlp9ksmt3WcnHKJruy2LknxKp3OesLef8nnLlqR4F+PlTSgXiyJ9zCZbEucGQSwIRPRxieOGidtzOQEAr14N2NQe/9EQrF/wokmMhDwJy368PxZe6+wqcSA072pDNqAxhsDs75nSfB+PUw9rNEqhGXTJEMIei47crZiaRlGHqAjBgMiZOPscesAU3fjJcpnEbjKo4vG9bt0n2+W9PgG5YgNPuAOnFcjgO0XM8qRSW8ohM3QKLOvlwjlAb7+uN4eyIPIFDz/5wt3Ja9Ah4UIJx0PgyV7U5d99ycJUaZ45906HHmnZRPgw7sqLMAywlE+DUbJxpWJY0DeH06r9jLy7UwqfbGmoTEsTYI+y+VjlS9hM5y69ISVCtycD9hf30A6594srwgQSC+LCGaFe7i2/ieQnqM5rir3bviy593rkrJApGef1lWBNsn8yYyKDTWhA6ntfWtvlRGovnH2mz6OTfuWpedW2e4MlkI8VkhmZq5iXtt01BzmM83z02clYrQqBE8agY2AsNtDof04f0FEf8NAFoDjXN6QOh7tRHfuH5E3mAxoFb/KzI6OsVARLVNNjepNvEJMW7fweZKpbZz44A/MNPnd2oCoki/a+HyotsbWc/N1n0/oI7P8juxZ30bjaukxR8/jG7WvDiaDXil6V2AThbydsZN/uiPGQ16pJBhpMdGKU9udPO5wdev3C5Kl8K9ZrFFJ3Dcqf5Q58KPhLD5Gz67UjUKpKAUuxh3QSo7mPR3PDWpjz1f3WE/gaqASDIABoCKB+L4IoRXk/cAJcpAxVvsy6wwMP94y+2Se0ISHIbvyTdnsk5IEj0cEaJnzDumO5oFC31UiHxKsl4mAivLqsDn6oifvHwKd37E7Ybsp+Y3zeMyfAVnRy6BF34ibeIrMnCKPb59AgPygjPIrXOz4ntEr6JUZNPnfE7BCrHjRsoRtOmtVPlGnnmvW7QteWs1lnXwseIjIxLogWVXqR3FeV+cxXtWId1RZZRSOnfVwNeu6CrmaNxsFMqqZSEMKllsi1XP4BDDYJofC3gH7+oqO3MhYkMsZv2YIZwwYqhiCO5R2qavmSOP1AnBobn4OqlzAXzwK281JkJ7/Bnfc2WyV5xgEuFqkawjp4RJI8lzlqXxxgD0W2ygILg4MaclKrvABPMDvbVnJMD73SjmSor57weTQnfGC3OCYZ9DdolbyM+q5k5hTx0P4OFWHuRRI8Kub3MzMjWRgB8uc56cSvFqbuuDPj1vPtOOyA55BkCisF7upTNxmq7eGXTUajI3EyLRkMyf9lU8hf8CnIva9WIrYxlGbvgizqeGCuM4QkCMAWjyQmfvneWGWDnBJvoh22z4L4F3VVStrrq1+F5F0ScxmPJpTrk5PQMCHiwwrtRnN2DLPqVMk5nDVZY5rNH5JajgOXNWHUGl1nruu36gag+yINMcsAzy5k/5eQlj22206SPDpI1N7SJCBfPiTW4YZkmsj0PoZ8VrzI4/iiwOwaKoQ8ObXJTwx1jZI/Hiwq6G7i/XxQHnibbK2fCA7Gb29Q2UcTvLYTk6KTeLKMKiN/vFF8BQq2bTwALEQjHVQHows3Y1zqkvmix0jPt8UX2cpmYymofXdKJtBR4sx/rtnE0lVTYZ2wWXciNb1DDzS7LO6tfBR+p55E5loKlLB9eaw1iSW7fPTOYkW97</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:00:43,613 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:00:43,613 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190043Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_mofgro9j2pwzvct72okpgzn4x7nmvdcdsml5ghk|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c52975550d704cdca26e08a4b8fc7743|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx2JGDYHNPyBpmtBGev2RKHRgIvzGRsfDdghbHVD/YNEFT0LpQ4nQoz57ECIIuPuONY8GKUWzGV2P82XCd3b8k7+lXNjr1gHFqJx6xPOOEpAnTHHd1CUf3EOS97JXuQPvK0WTSdlgA9Hswsq8hPTLFni1o/vvHXnU=|_867c9e15cfc89c60132c9418f96614b4|
2020-04-02 19:01:08,640 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: wEMVIxQuqpQRZ0PGmh-EfeVf
2020-04-02 19:01:08,640 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-04-02 19:01:08,640 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-04-02 19:01:08,640 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://client1.priceright.local:4000/Saml2/Acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="idacfcd311612e4e29ba1dfddfdc731c2c"
    IssueInstant="2020-04-02T19:01:07Z" Version="2.0"
    xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml2:Issuer>http://client1.priceright.local:4000/Saml2</saml2:Issuer>
</saml2p:AuthnRequest>

2020-04-02 19:01:08,645 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://client1.priceright.local:4000/Saml2' from origin source
2020-04-02 19:01:08,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:01:08,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:01:08,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:01:08,645 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:01:08,645 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:01:08,645 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:01:08,645 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:01:08,645 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://client1.priceright.local:4000/Saml2
2020-04-02 19:01:08,646 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:08,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:01:08,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-04-02 19:01:08,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-04-02 19:01:08,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:01:08,646 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'idacfcd311612e4e29ba1dfddfdc731c2c', issue instant '2020-04-02T19:01:07.000Z', entityID 'http://client1.priceright.local:4000/Saml2'
2020-04-02 19:01:08,646 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://client1.priceright.local:4000/Saml2' does not require AuthnRequests to be signed
2020-04-02 19:01:08,647 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-04-02 19:01:08,647 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:01:08,647 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:01:08,647 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:01:08,647 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:01:08,647 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://client1.priceright.local:4000/Saml2/Acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:01:08,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:01:08,647 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:01:08,648 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-04-02 19:01:08,648 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:01:08,648 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:01:08,648 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:01:08,648 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:01:08,648 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://client1.priceright.local:4000/Saml2
2020-04-02 19:01:08,648 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:01:08,648 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:08,648 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:08,648 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:01:08,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:01:08,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:01:08.652Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:01:08,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:01:08,652 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:01:08,652 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 92000ae89c2d1ff029b3bb6bc4dfb956ff6759f1b2cc0fcc388a21149d951deb
2020-04-02 19:01:08,652 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 92000ae89c2d1ff029b3bb6bc4dfb956ff6759f1b2cc0fcc388a21149d951deb to 2020-04-02T20:01:08.652Z
2020-04-02 19:01:08,652 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.12.208 but session 92000ae89c2d1ff029b3bb6bc4dfb956ff6759f1b2cc0fcc388a21149d951deb already bound to 172.31.46.7
2020-04-02 19:01:08,653 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:01:08,653 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:01:08,653 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:08,653 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:01:08,653 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:01:08,653 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:01:08,653 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:01:09,189 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'client1.priceright.local'
2020-04-02 19:01:09,189 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:09,189 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:11,602 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4018-XbJc2HgvXHYLf0Yu-q2TIBM4hDcxC2-L
2020-04-02 19:01:11,602 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:01:11,602 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:01:11,602 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1"
    IsPassive="false" IssueInstant="2020-04-02T19:01:10.647Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>kWrGymuwxQrWucgDgyrg2jEEh6JGoXnbqttPwKWdvE8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Ew4OWOUpDH0/pnbnF47UoXXtvBuQBmrZ9aiV/PUUp3ktBgQfyo8ZKWJb//bPTX00oQLDY/i7rwRT
15bXDm51WsnsDynr9kL5CgyO+Sou6iKb3QScEQTGYyboLJyPiAcVMGahU9D64amCwriGvQ649NWw
8n4Ff1pjywV9CT0+mjx3kTF9nf41MBHpjJy21jagx+uMwwZqEtEVsRa7WxX0wjx5fPbZI1IAxy6n
4vemW7w1XHXylqdEdpKXdnaeoFrX54V/5wfktia2bn38TlB+4LoakBFkOdnpZ0FwBTuMDUwcOogN
41WzMqro7fok83nY0/WnvEF+jury8N2qspWV4A==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:01:11,604 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-04-02 19:01:11,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:01:11,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:01:11,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:01:11,604 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:01:11,604 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:01:11,604 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:01:11,604 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:01:11,604 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:11,604 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1', issue instant '2020-04-02T19:01:10.647Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:01:11,605 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:01:11,605 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:01:11,605 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:01:11,605 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:01:11,605 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1"
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1"
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1"
2020-04-02 19:01:11,606 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:01:11,606 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:01:11,606 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:11,606 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:01:11,606 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:01:11,606 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:01:11,606 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:01:11,606 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:01:11,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:01:11,607 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:01:11,607 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:01:11,607 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:01:11,607 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:01:11,607 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:01:11,607 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:01:11,607 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:01:11,607 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:11,607 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:01:11,607 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:11,607 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:11,607 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:01:11,608 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:01:11.609Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:01:11,609 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:01:11,787 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:01:11,787 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:11,787 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:14,241 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:01:14,241 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:01:14,241 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@453232476::identifier=rick, context=org.apache.velocity.VelocityContext@b269856]
2020-04-02 19:01:14,248 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@453232476::identifier=rick, context=org.apache.velocity.VelocityContext@b269856]
2020-04-02 19:01:14,250 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:01:14,250 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:01:14,250 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:01:14,250 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:01:14,251 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:01:14,251 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:01:14,251 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:01:14,251 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b8e84b594ff7a710274a0e0cb24d4887744a6d5754786db8ceaa046064810caa for principal rick
2020-04-02 19:01:14,251 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b8e84b594ff7a710274a0e0cb24d4887744a6d5754786db8ceaa046064810caa
2020-04-02 19:01:14,251 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:14,252 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7ca15fee'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:01:14,253 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:01:14,434 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:01:14,434 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:14,434 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:01:14,434 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:01:14,434 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:14,434 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:01:15,215 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:01:15,216 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:01:15,216 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1251996978::identifier=rick, context=org.apache.velocity.VelocityContext@76e4a1ed]
2020-04-02 19:01:15,217 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1251996978::identifier=rick, context=org.apache.velocity.VelocityContext@76e4a1ed]
2020-04-02 19:01:15,218 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:01:15,218 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:01:15,218 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:01:15,219 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:01:15,219 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:01:15,219 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:01:15,219 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:01:15,219 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 9e201fbceaebf0ab15782bb00d1243fa25515b2143abec57f4c4ecb53acbccb9 for principal rick
2020-04-02 19:01:15,219 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 9e201fbceaebf0ab15782bb00d1243fa25515b2143abec57f4c4ecb53acbccb9
2020-04-02 19:01:15,219 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:15,220 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@26a99f88'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://client1.priceright.local:4000/Saml2'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://client1.priceright.local:4000/Saml2'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://client1.priceright.local:4000/Saml2'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:01:15,221 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:01:15,262 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:01:15,262 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:01:15,263 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190115Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390075263}'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7ca15fee'
2020-04-02 19:01:15,263 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:15,263 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:01:15,264 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:01:15,265 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0
2020-04-02 19:01:15,265 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0 to Response _4ffcf182ee6b4bd828c42fb1764313b5
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:01:15,265 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:01:15,266 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:01:15,266 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:01:15,266 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:01:15,267 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:01:15,267 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxS27AjETx7ghrcBTYom8UQU6THIlva7ZRFQHjyJ5YIuIq5Zsn/kuGhpTC7iS7PB7hk2BHs1HPXcPYyO6xz1jS6yEUXOXdGwY/QX8/DNqbHPUWI9FINKzUR6kBNfwZui0TB+YAN4mLlJrfTR5HCbTuvQlki0dQeGE= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0 did not already contain Conditions, one was added
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:06:15.263Z, to Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0 already contained Conditions, nothing was done
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0 already contained Conditions, nothing was done
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:01:15,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _8ba9e984ff3f2ff3b6d2f02cb4657ff0
2020-04-02 19:01:15,268 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session b8e84b594ff7a710274a0e0cb24d4887744a6d5754786db8ceaa046064810caa
2020-04-02 19:01:15,268 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session b8e84b594ff7a710274a0e0cb24d4887744a6d5754786db8ceaa046064810caa
2020-04-02 19:01:15,268 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:01:15,268 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxS27AjETx7ghrcBTYom8UQU6THIlva7ZRFQHjyJ5YIuIq5Zsn/kuGhpTC7iS7PB7hk2BHs1HPXcPYyO6xz1jS6yEUXOXdGwY/QX8/DNqbHPUWI9FINKzUR6kBNfwZui0TB+YAN4mLlJrfTR5HCbTuvQlki0dQeGE=
2020-04-02 19:01:15,269 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:01:15,269 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:01:15,269 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8ba9e984ff3f2ff3b6d2f02cb4657ff0"
2020-04-02 19:01:15,269 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8ba9e984ff3f2ff3b6d2f02cb4657ff0 and Element was [saml2:Assertion: null]
2020-04-02 19:01:15,269 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8ba9e984ff3f2ff3b6d2f02cb4657ff0"
2020-04-02 19:01:15,269 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8ba9e984ff3f2ff3b6d2f02cb4657ff0 and Element was [saml2:Assertion: null]
2020-04-02 19:01:15,271 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_4ffcf182ee6b4bd828c42fb1764313b5"
    InResponseTo="_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1"
    IssueInstant="2020-04-02T19:01:15.263Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_8ba9e984ff3f2ff3b6d2f02cb4657ff0"
        IssueInstant="2020-04-02T19:01:15.263Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_8ba9e984ff3f2ff3b6d2f02cb4657ff0">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>/8iFkcyOh/Vqw31LfjYXESaJNEcDy1YqDFw07xmCMNYi/IeIRrnI+LJydCiVxsBYRDYuSZmlbKWhMevpIDmXDQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>EIfYFu/k1wJRXHlowN1EePEF501Ka/wiiKYxRafvnSPuTZ+gC9c9fHQFM6W/e0CN7/333W2i/TKzwYMY5XBfEMX6+jnSSJUsY7WWkvasDTnLs3n2TKXETYH8RKQQkr+zM+yRSlrVGBrTZp+bA8Oy34skVN44PlL39/t3inKvBiUBLjjD+EYpgmmaxjOH/Zy3u9eqw8+dNHekt/0/siXVHSIU1ibJO10CZ5K78+ahoBGUA1WZ+NNUHuIT8WJM2yiwY5HTOggKJYj9IyfreSaHl2H3U92IBXQvLOejr6DdVLJkuAZbClxQcIv4Sv3Hwm1Ef+S1mZpL4YaV4Kfa5ziXCQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxS27AjETx7ghrcBTYom8UQU6THIlva7ZRFQHjyJ5YIuIq5Zsn/kuGhpTC7iS7PB7hk2BHs1HPXcPYyO6xz1jS6yEUXOXdGwY/QX8/DNqbHPUWI9FINKzUR6kBNfwZui0TB+YAN4mLlJrfTR5HCbTuvQlki0dQeGE=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1"
                    NotOnOrAfter="2020-04-02T19:06:15.267Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:01:15.263Z" NotOnOrAfter="2020-04-02T19:06:15.263Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:01:14.250Z" SessionIndex="_6bc25052b994b69bfa487c769b56610d">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:01:15,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:15,273 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:15,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4ffcf182ee6b4bd828c42fb1764313b5"
2020-04-02 19:01:15,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4ffcf182ee6b4bd828c42fb1764313b5 and Element was [saml2p:Response: null]
2020-04-02 19:01:15,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4ffcf182ee6b4bd828c42fb1764313b5"
2020-04-02 19:01:15,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4ffcf182ee6b4bd828c42fb1764313b5 and Element was [saml2p:Response: null]
2020-04-02 19:01:15,275 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:01:15,275 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:01:15,275 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:01:15,275 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4018-XbJc2HgvXHYLf0Yu-q2TIBM4hDcxC2-L', encoded as 'TST-4018-XbJc2HgvXHYLf0Yu-q2TIBM4hDcxC2-L'
2020-04-02 19:01:15,276 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_4ffcf182ee6b4bd828c42fb1764313b5"
    InResponseTo="_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1"
    IssueInstant="2020-04-02T19:01:15.263Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_4ffcf182ee6b4bd828c42fb1764313b5">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>GmyAZ+N+NI6wMJktFFoCQdkH4Vw0ZwyfUDpS4xldcmlqy3CiUVgYR4BOx7XWRepaiJ57kHLpzwQmDOxa2e9ATA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>JbKmK7/uoxqYMuEerl1pMIAKtVMVbxDoAmhPtGlwVCEqw9L85ZyHIrk3owUWnoRwUgXf5EslpShmLaUSpmDNgEYvUSBwL9rHxmcH6vMixyAH/18eUx7ELZNBKXcuJc281JLxoXrhcLafVeF0ZPNUtDSjgOzpP3E7yx+gh3GcauiZ5CFFHHPFcIhPMiUp7k8CGp5i5PKLrfHxO0uD5YXShsSXmRTAHeQS2MBHiijTW0m1yThjM0ldrVQK+P/FPx4pyhS1xCsTx/s0IPUrC5YRlmjw5Diit6Vn+wgoaqoiJBklabLk/3COKkXvxti29R5Op0YSqVHT/0c4Wj56ucfHfQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_a4b01a734cc50a3a69634719291fa520"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2e8472eeb01fc2f7ac40ec0da8dbc84d"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ivEKTLBfO8F0XlxlW79fc/RlviLF/GO4qzLefC3yb1kmgLScKj+tnHDcVW4qjZsM2hDAaqitf1Jjpv8eHudPWvPHM95KgqewRo48CdErud87Vg/h+//zcC74j4DWDcnW3bgBnww4xIUj/WvYCFvPVzrsYiiRATL4Ep807t29Wcfb/N6mp320l+qO7JZdQ1U1yTH+h/29k+hpVZoYEtyKwq2CV97Dcyu8doMqeFYdlX/BmExgjPWGzv8RO3m9X8A3GV8RvWq/Wo2LFa5h7uQmYQqllQ6g5rRB8f5cIeKhBtwtI30Ju9aSLhbe+GpWnpy4Mpl29/3HR3PivT3Vhlh4/w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>VUoJ+kA/XVeayxs8XKUC6gIbU/cGwknege/iFbMIbCPSP8ykOciCoDwyBUGHQHCODqQOYU0/S527gC+4slzMs91akxI5AXIgmHeZ/qnJ6bD9glRzVew9KZCHvbTrvDg/qesCbx0y8mzsK+OrfPqNzNwbZew8PuviY1DDkVBhyIQLT9PQ9c+rTMhQ7ZDMymdMvg5xZBNnXLx2sbuwDYXYvvatKIlm8JqkbQH/S/ZUYgIXgWS1zlX0avU0hIoFFxiN9vWaIQlCxE6Xw+zMs9T3yD68hm/PHjb7oykxrbNqk51DNy46Ciape+56c3CqlmJ4vHqvc1KXXU0piQVuPXQFhQnOMWCWsF5zcSwBrjW6T2mibegUiQXNr8tfGBf1Vg43rMJ1DBph5EZ5tjosdRkAvp6CY3y4nyhwPNpV1jj5TRfwrxipBdt5a93h2X4EmDhr2T6TbUoEunfKwW/B1kINSLlJix5JKRqKppDy/kcU/SSmfWAl3MOh21TFBksiQgID2vZ6W6M7q3iZ+V96XmpGruRdK4ZHmS7cue1U4PzBGr23iAkCcpKw39Jn6DTFb4dtgy4SUd4lq9iTZ31u15RW/Gt+NYcfyO4UMyjFE7y7wyL826r5vuUkU6tSlwgnwgtJIanovsPbX+uKEvdQT0Gi/yTaYFvEL/xPYhzhh5kSnq0GY5ffW9ueRHAXmrN1g4KTyrVvJVLtEKpJGIlI1sXMm0B/En6m8CP0GtybipMijbiIxuiPYtAcEWGhLzSEjp1qlhqKp6cTnPKpUa+BUYzZavKNacDQCWzN7+OM1/zX0E9FRvAjDvZZWe+o9Edml92WXqrEI5kRHRa7vw+h776WuNTbbgVmkbOLEd08isqH/uxTxYjzUbEoeqy4rqzJ/AlXlFtswATXYyvX+WJnZhxPeczkS9h59DUBHuABYqiUIRI/qhTMWvSOG/vn3vdLA6uU5kXLlNRPLb0NiU8qey3842L9lbbQuR2z51vzq7YX555U+kLumfbOxeyRO7wMuGZQNVBkRrm/RqvbOHKQuC8XsCtDr9qiM1qmwff81L98y6u1azwTcLFp+WLk8ziu/EYl+gdGGNAQPy2aCAjdyuJ7FmLszCCZrwdE7tGxq4YJpE4cKoO1/0XRSkbaJdrKzSEVYuuE2lZNECToIDKPZxOJgVLMUs65E9AgRT++mBeammSBkmyd+BaYgT3kXKXa+CPLTN+lVky/p7O3nGcoyC4ycJzZD/2KZgQXopgs+8asRmR4kfeT+4EBEILoIsaNWiTPtWtQ26ilVVjNlhQVK0LdBXsynGySsl9DN0mlKpXt/gg0MkXLi3jBquSRQTbHKr7EzJuIkosm5drxntaMoUbECB9pVWtScv7skyO5WrYihacirWYQ2/CXRFDZ8gYKnjnqFpDoKyVodZcvGX6xlrf+LPGZsrlTrUBynBUgSJhLqvuQm2AJmlThqBSpRfMcLA2Dq5KDQWQ04a3jR9lhPr5BQEEgbtpFIuhe6oLzYXrnsIasIGFK93YBa88wGFtEcZKwR9dRYeAEmEMpULDfT59BijLl2RCOhzqDuZpUNsIoBBpO7tP6zYIuh5O5vJkie2HnjhIBPJ8MuRg/XXjo/38WtTLUqt1JWFUkXDjqmIAPwuvrN+5+WMP+r1HgUxhyBI6MmiLDbLZMkd5+/JxsaHnU88w1LMvRsAiyruEw7wUh/qpONP74NOp5j2m1zYWpYZ8OYhjJgeWiz5QrqRI/VlXnixS8Av3WJdPp5jlM3dJBi+qhJ6ZJWsHdHlmnOUSr4VGFOhMhrVbBabnSlGcgzVCPP5fnPkSBoaTWAbtXKXX9PcKXgwx3NMhbvNdTGlssmAO21+19QZWRdojqRv2d/stW38p3u42zQsQkLGjZugNhxlpqH9sihDFVH4Kk+R+EOGyIvSBXJjjV7d4LDSFrixf+NKI/m5IiqvxnRMGLEVfGOsPE7WpUoLf4fWJkyf6QpbE61a7c46ZnUPKzx8LhJBVdUgn6S+e+OTyt2NAbgKn44W1QvytKqQnkGRFBtcYmQFK/cc8P4FJzcous+VVK7aaAQFTcTR0IX+jd0AL67Z7wWPZszyNv0nX6EQsjSKDXEPadqtI6LzDQzVa3qKR8gQ+Anez+DZbGgwUH+OOE/RtqrhsCQE3QYT7+HR8qoP8Wv2Sc1l6s9XMBL4AV/V/wHdQfteoZgu2xc95ydpxbJ0KZvrUk8WpA+2futrjHAAdaleaZoXalTgmp3wbJbRU0VUoumM/WqqjJRjYrVmCmslqPrEFa4PMpiTB29Buble0CJ23d+ELSDsVitxMEtnqKvBYLisr4CzIq1lQSBQ6udh3qMA7UW7NLyQF01nOTta5n8v6BTpt4Wg88zR5hP5bsRxslsglsw/8D/8TjzkFNDAucrevU0PkN8Fmp3DHgqYJbcO6kael1+Dv4WxKFdkSnE2raT8Nu7qj1vu1xDZYTQyIn97rYbztxca7ZLuG8xLtHFoC306En3FQt3PlH0yy8C2KjFfuHl/9wGSgRX57JUIVaGUtHJsCUF472W5e1NKH79k1+/uRy0pbu5Fa8E4nTb+7by2dQj0sT1uQyoVLDRMEmvrcrwMNIr1qF7C4ond6uEI8yjwqvvrMqeBFY5EtTz38koPngDMmXdCSzfcXDj7baqnlT99sT9sOhGu23Dy/fFkk1v60Fb3FpM9xNCqozq4jJrxnmWzzrTkzxPjvlAVU77z1YfLAzYXftZOZ0T7HxLEPxcI98R1lcDQ0AyKnMcRTRl/6XxIJ4etF5hYTLpzCovqOA+NPD8tD9xtwvgzZaB1w7id9w5U0UDQO48I+faimpAkieUj/Y7w5li/6ldAZRREtsly551r0QQVY9JWcZqBitPJ3WV0wA3V/EccFCmacIht7PnNck9VV63aV48CMEkKuFRg/NRmch0bmhF5K9+InIaCMxLNkE1z94+Z2IfEb/67apP1iacyCYhoTrJ4DPH7DFudi+BSwZBw3UEB5h/Iz2RsEZ3h7IpY2SzaU1ynzbdtnK9j4CIVgHOGOcI44YKEJNfutU061PXErVOiLdDXMhnEp/cD71ZBghOXzWXIZXSC6ymUs8T/XnXCMdVKPbCOnJ/N2nWVv8rvFtOXfBmcrx5ecjr5V+Flgg5G22evODE+znr1udCZFr3HdCDy51tuZyXLAzln300dwD7RmYQi0V+89pEYHLm6KLHaxxATUn1JSUOER6RL6JbCy1MWbEJPBbqAjGKD0TLCpcf0lsl/pYm46Tv5UoXN99wfGDbSLp93OiSB5hLJDtOmqRHhDLJJFARNV7FlXWkhyHwnErKPrH2JShJsmCRqdR23PRR84yXJikPSy5l+mCXBdHeuqW5WIKz8me5Y/vQMbPjZOcL8SxtlusQKbXpX2FfPGv6btQekIqP63xRfSq+p6v9qzWCMQrAINi0rKLywaqOAKTrSKqFN+fXeo56YLUjEXxu747aEqNGQrUBeWWqdULkTMU57R4j7uBKzm0dZtsF+1ZoSE0ZKii7P+RiAG4KUUTxl9uCcRc6O37DlhHi+QW02K/OzuNI3GUg912nH68N/E+VqpqRQs5xIja2/H/PkY/ETxhbGWHrrDaT0zZFb7KPqtqpS9lzcVvl2qfgawnm9cGebJT3wknpIoWFIPRDbI7zb6tR1P3/yrRKEVPNCw+oBY2VD72SlgmHV93ER9BH0DpsNo9jiD12q1nWP3c2lRGZ79FzUJZG4vTv5tkoIyMIkgozKqdZKV3P7iq/V8qSiFl22/7cK74TL5a0BOd9CtCc3ipA5m7kiaX6XMZt5U4wzfmtJgPNXYEw9aQw8Csb27jLUwNTOu4Ok9uM8L04B27PC2Dy1GsaUMawwj01V3dOQsox2lgW3i4k8LTBrmPOqrHs/vX7tgqOUee3xyjtBFQgDva5uZ+VZaI3q5Z2a9gg9BcVWYCmWN6K7nchhJmQ2U3gQiHchMDG3ddgGeZ14Q11q17d0FasVLuxS3oFt7OfFNcQWxJ9FFGFAM8MXzjmI2ps0V99k7mD1xRyUhbwHlJnJY3G4YFMyW4vSYIISuNQ2bZTWjtgQQsvbinlgs0fO296ebkjTt+BciHDW7B4vC6ytFcStlriFy+MOdo0WaCBqcZPVmmqzuo15fGWgdquQ8KkVF34Ks54DuGRk5RijY5ozvoynq4Ae6FLBkPrIFM5xE/ut+CSKFn9rck+gPW+YKuRJxQlfGU4DGYjx5MSuFwxlWGB6mk0zi3aOxm/wT/t4vtMJZU0nMolPaWcLhRB7rahGBCKxLY9cXVfJzmSAV5yxoNtf/XdFaOt2R0NLzfuVZKpAryEzDzzb/C2VFTvUXmX+9WUiRAghWgTWKYENC8N+yrhHpVlTN12FE9JC3+O0H9XTxQgsaPAx2c4HYRC4oHYR9r8FLRQbGNch+yPNw4LBYkVOpQCdCkoTgGDXCMNMJRsrivNeUQWaiGsgOqSCc3aejS7cPvPIEScdpi72ccjaf6pijRCsl2mDUeEKjlTNAG8tLQn4m9Q0H2VjeA1sS6scXwFFp/mDs03Dmh1/zB0bK1TriJAkyzBEBsMB1zTYQTot1hPuWt9pDIKHbm0DaRgPgVhYC4hjeaHqeHZ9RNeiU3KYFbghY/TjN9nD9cUK5WZrFdIoY0hpdwh/jolm97Qkyhrf99dBY9skHa0q9utUVmczTqe88Sde6KgHn3VXT9F/cL9+c8gGbPBNjS1NJ7v3LgD10BreGzbyR61VAEU1lNirudFozswdQZn/HX7NmYrSkPClMgTktGcw5PeGnkYXJgDG48p8VZwOvxJcSyVXUmHpBh+ndyZoFuZOqo48c9ITEdjdaY3rEcH5OnSAiOxzwQwfMNo3i9DRm/+VoNrBOzcOYvSwdToorkSrS0IeB0ntL0ByzhlqoNN3th2MLVHJILhp0sfw5nD6t+YdiVUJ8jcjrsg1sylRoi8YjRjLzrpFRfVrD4N9ptmrg2ZMHK6PNne5o4yvA6535s7w32JuzNeLvrQ/peCo/5zaNifRVzWa+owC0X2KGpiU50uX9DHeDhvgjazRMlKUNSjFa1sHzDRrNq6P+96x0GyD3dBFTC/AVbUFXCufbb2gaEpP2tWBvb60JUyXbcTgsIe7IFbPS+ITVfo54yw5jkqFFnemJFVCOpreaKjRtpulJp8LB5iUm5ifJCroZPgcgKdTwwdA4yLJO7ohBMdhtyumASdVNBu1LzZAU46WYub2WRFbUS+fn5zC/ebQYiwRsX9YervlTBSMkrk21bisdGdO5x5qe00hEu3QiLlKGgSE5eSlwouB7oBDefz08j2imbgpP2e62j0bpoJD6mQ5knPpvbQnkS7L+OZZDgITDVlB3u2aGJ7kVBAD7m7deM4PrSU+IVQIXtr7dEg6RotboNG4/+ZXzVwgN7ti2Ebo7OzjZGmtPrACpTE3ycXELmVnj5InMxAGjF5t3RMj8JYJyOB1bqPC86nJCBASIDvhm01X2ml6zqkZBVKDpOUy09UCzOGZa+Wbhka5+eghSiexPGnRZvYeK9Vqk79pulBIL9gd5sX4AyGOjT3dpPvMo99AnxzJaK5F+4Sa0aKhY8Uo1hVFGes1zuSq/K4UFcgOmJH15F6UUTJvIIHUpGFpk3rcAiw8SRZvlF958CYDjncpEzmB4kyjVW3Rv+X9LgcNrd5Zz2lOLi2rDQCHnfBKC0qdoMH9wOv664d8eyGWBl3Uj5wHdfGlWr6kvzGrWXqXmNscZqISikgRljQYFAD+wiNIbXek+SARTEQ1oGxe5bsUCNEEDpyEYkudK/lC3FeX4jkpcuf1x6eFzyVJB9ryTCEncvmMlry6I2ViKMIkVcdXB0FS05CHgWNRdvChDH4jH5zyUZNcFgvIw3Q6Cm0tvkxX9d5mAbcv/+EJ0eANIOdXHPx/okTGPtyf3sx0jPI/HxeypeJiNO/WmHNi/aQhC2N3Otn/lPUymJ3W+zF/BgtxVNIs8fbfcFv0SjVb5z6ozGuDxtlojm47yWDpGaXoxJM2dJz2SwnSJUyle+5ADLCd9zwFCcNd29UJkpLuSMpVQyLuUrLrnK0YX2HiJYifMEl1UcBj9385znklYqVsHVqx0dw4wkqFALljNGFoOYW8ANYHQCOcQL4M1rUuelQeCvb9jEdG63yIzDarekTVtr/HApCSO8fj6yD5n9b0rKGWcAbAzSXY5oL8tj1JUtQqPlNHOkzKwVx1p9RQj4y6DYy4Z8EhhpgkA0SvTLZE/fkLZF1N0TjmCMunKDF3CRVt8uvQzGeez2hAyddnmThK3XkGZErwSHQUa9HThbWRXkTjmquo+roYbRYlDpqOxpIJAyoccMRmGbtJahFp7AArj1mussLIfJdBDZtLrnAh0Sjj7VmGp3gQ7CUOK8wTE5vo6LTwF14afCKaOxrWfY0dmWAxKD2aYeECbwLyZpiNo91lXu18aJSKBnGQ2oj5ddrQ3htWrjzsgMvfz3RSSbCieF8SVSoBiGe4HgtWigD6ZfyqE4QsIbFFARJQsse4s5EqoFHd2eSePJE+G+rJQpv/U+OWTQhZRhS6zNUD9mPGXDOeHdudFWkJ6XCeH4MidJ7e72mcrpWdsYgKMWtTw6ZLuTfHGpP0WdVR6KpMTND+YjpI1ZJjpiOysB8JTjXQiuUX8KgvOynLX21uk5wFUM3OIDOFyeTf36OTCnIcDYiLL1a8/KHoi1nfooZbsfHc1GFJRwVQy2W4VhqSxQ2X5LciMG5WwUb54NUIj5R2iLo6lG0r9o7rDjqakI7koDdzw/tkBp4oBR61zrBib77E3IYNrbnAq9o0i7vBxr7MjcEa1qBm7lrxaABUt+cgU8e7zYzVz8gpeoTgeGD4NVzQ1p9djvStKh/FMvYG/2+dLAanH+UWajUikICGUzoGc+pqZLp2wz8rPMm5g3hsVIBFtssX0PSNTy0KvkkV/kxNqGa/iut63/Gp9K5t2nTfanw3Npnqz2P7c5TC73lU2U/p6YTnLgYJcRXnRwbCtpDHUTpNHgJpf7Opql6yiDNu/q5vO0Tt2G2tGfr7CpwATJSQigKYpDcd4B9Liw3wVKILEFCad8uGqjpAwcwezGBZ5L4gTZRBSTHEkLzgbmrXnb0AVayYa6rnBEaFFWXghpE7/7BZlA8h4IPFh8wzEFk9FQfp10O3Sp37Jz9i0r7HniJiOue1U5dLMzFeZMacQHewECIjQA+C5gQlDejSS0hb8mcDrjtb4fCqa3J9E33hvze3cRRYIVVs02+8/eP4LGHvQbtr85+j/jhHs+4xb/zqnyK5Vc8M8RDdlATpUx/Yp66QekdCX2CyW+ELjwgG+R6XXTq9yD6r+YiGnvh3RvJFQaYmLRGFSJEJrxX201SE6RxMNTnxKKJttzpY199Kfn/ZcY40G4YXiZbuhgoscwDpMatrX0w8qEPDas8LzYeq0hsGc3bKA8egN8KT1H2KbzSfR7fuUKi9sJCFhl2vdZ0F2EEjIm8zsn4+gF76+GKjsApYmeOnUzFOCO4aIegEqLL0/ve71po4GxFrZiV3DA7iSCdnJ5/c+HHoBo3rjSk5Y72Vg9WBswpA7fA267K9WxO4phLVr5TL0cUCabqOWD6h5IPnQG6XQwRZ2agJMUo3pRGdeYtAPoNIkk4PLTmUyNH90Ocz/pGi5HCBF1QAWpDwEiyXblJ+jK9ncxmrAXoBUKz2JU/223zGTsinNehM/24IdsDCJNpsszyu+LVLCihSwrA+EivhjghXC14p7JCdTh8qcFrU6HBe9pd+CgtyGzdWQHZDzr8np3BQdU0weVyG3T3Ff29v7jyhvXkO8Tf5HfJybvvmUVYnw2AWvhxk3gj+/QeWnHz82l/ZZNyzbuq+Rzga1gplntaQ+02gtH4g9Z0xEciKUiwQLGGy11EipYO8KA15et12lul3hoZyjv/6EhHK5bPtOJhr4oYu9J5c++NjmWZwpVZ04Uyc4E7J71A3EbpqeV/ME8QS2NbS0lVzD5XJETn7f+zV/osH2CcpXpP0jRCa6ugz0a1GcMfph1+wzcmzNC5HgltpA09keIiSisKu5+hmpyGm9kgdZ6mpm0uSJG9Lnfb+7mvxleaKJeB8h/UsZvvV6wSETGA+G9N3zV</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:01:15,277 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:01:15,277 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190115Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_jimgeb1bwrubvnzmhubibdudpc3zrrpl5t8jdw1|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_4ffcf182ee6b4bd828c42fb1764313b5|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxS27AjETx7ghrcBTYom8UQU6THIlva7ZRFQHjyJ5YIuIq5Zsn/kuGhpTC7iS7PB7hk2BHs1HPXcPYyO6xz1jS6yEUXOXdGwY/QX8/DNqbHPUWI9FINKzUR6kBNfwZui0TB+YAN4mLlJrfTR5HCbTuvQlki0dQeGE=|_8ba9e984ff3f2ff3b6d2f02cb4657ff0|
2020-04-02 19:01:15,444 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4019-8y6Rl3PddFThN1BIXysVKO9GJW7zdDTT
2020-04-02 19:01:15,444 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:01:15,450 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:01:15,450 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy"
    IsPassive="false" IssueInstant="2020-04-02T19:01:14.479Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>X6dB/VIBbwSFdy7mxq7RwMvp0XGkk5RD4GLo7G3E5C0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
PTgx/DLui+wARDvLRIWpTci2mA5ePp/Ldw1WnVd3MkCz3EkVf7sZR+T6A8L0x8AKhrgSxrumfXeo
u/IcNJ84dXudsR0Af6oWF/R7d68L8IRsJzhKrSKLAtCsS5jVeU0J1kdx4l2pLRgR6gJzR8ZxUWw4
v3uLi31PPQ2H4fHYJnHIduvDPEEKlaGHNXRjNomclMXSm370kF76hyrQxY1UC6BlgKxV6J/IB8Qd
Lsnqt5oMp1GqV1NQPuqVZcGKlYjjffTr/xkRWbfA+u+8TMkhT8xb+f9R0hY3MyEvyWBogrMMnyYx
O27+kGMSf7Susr+cE4mkDhxIQauq3ZF1Ddling==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:01:15,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:01:15,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:01:15,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:01:15,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:01:15,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:01:15,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:01:15,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:01:15,451 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:15,452 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy', issue instant '2020-04-02T19:01:14.479Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:01:15,452 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-04-02 19:01:15,452 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:01:15,452 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:01:15,452 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:01:15,452 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy"
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _w8bbtmugeax3arz8gequivmqgskpchty4ssclwy and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy"
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _w8bbtmugeax3arz8gequivmqgskpchty4ssclwy and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy"
2020-04-02 19:01:15,453 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:01:15,453 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:01:15,453 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:15,453 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:01:15,453 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:01:15,453 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:01:15,453 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:01:15,453 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:15,453 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:15,454 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:15,454 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:01:15,455 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:01:15,456 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:01:15.456Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:01:15,456 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:01:15,456 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:01:15,456 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:01:15,456 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:01:15,457 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:01:15,457 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:15,457 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:01:15,457 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:01:15,457 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:01:15,457 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:01:15,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'client1.priceright.local'
2020-04-02 19:01:15,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:15,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:01:15,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:01:15,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:15,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:01:15,620 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:01:15,620 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:15,620 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:17,974 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:01:17,974 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:01:17,974 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@771164121::identifier=rick, context=org.apache.velocity.VelocityContext@30540184]
2020-04-02 19:01:17,975 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@771164121::identifier=rick, context=org.apache.velocity.VelocityContext@30540184]
2020-04-02 19:01:17,976 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:01:17,976 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 6200ab26ae7583e4fa80de5be193a8043d06b1a73fa230c1a1a482b251f66f65 for principal rick
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 6200ab26ae7583e4fa80de5be193a8043d06b1a73fa230c1a1a482b251f66f65
2020-04-02 19:01:17,977 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:01:17,978 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2bb42e2c'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:01:17,979 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:01:18,145 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:01:18,145 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:18,145 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:01:18,145 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:01:18,145 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:18,145 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:01:18,752 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:01:18,752 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:01:18,752 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190118Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:01:18,752 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:18,752 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:18,752 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:01:18,752 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:01:18,752 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390078752}'
2020-04-02 19:01:18,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:01:18,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:01:18,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:01:18,753 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:18,753 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:01:18,753 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2bb42e2c'
2020-04-02 19:01:18,753 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:18,753 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:01:18,754 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:01:18,754 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:01:18,754 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _402fb9b07deb348797da4d67efe96679
2020-04-02 19:01:18,754 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _402fb9b07deb348797da4d67efe96679 to Response _df16aab52c5bf95e2a0bfbd55a661db7
2020-04-02 19:01:18,754 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _402fb9b07deb348797da4d67efe96679
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:01:18,755 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:01:18,756 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:01:18,756 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:01:18,756 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx9G3tLwWlxEFRSrdGN1qvD31zOwMxfO/c93RT4oCzMPQqIaNwkFjPMbMXqcpUiH4DRD6g8AtdEdQ7X8szfkOFuSMM9wxJcmaZHAT+f+qHiiu3th10S/S+HL3GsDlV0ckpik/ZEtvlvkfPLlinCYlmDe+BLB8us1I= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _w8bbtmugeax3arz8gequivmqgskpchty4ssclwy
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:18,756 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _402fb9b07deb348797da4d67efe96679
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _402fb9b07deb348797da4d67efe96679 did not already contain Conditions, one was added
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:06:18.753Z, to Assertion _402fb9b07deb348797da4d67efe96679
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _402fb9b07deb348797da4d67efe96679 already contained Conditions, nothing was done
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _402fb9b07deb348797da4d67efe96679 already contained Conditions, nothing was done
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:01:18,757 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _402fb9b07deb348797da4d67efe96679
2020-04-02 19:01:18,758 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 6200ab26ae7583e4fa80de5be193a8043d06b1a73fa230c1a1a482b251f66f65
2020-04-02 19:01:18,758 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 6200ab26ae7583e4fa80de5be193a8043d06b1a73fa230c1a1a482b251f66f65
2020-04-02 19:01:18,758 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:01:18,758 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx9G3tLwWlxEFRSrdGN1qvD31zOwMxfO/c93RT4oCzMPQqIaNwkFjPMbMXqcpUiH4DRD6g8AtdEdQ7X8szfkOFuSMM9wxJcmaZHAT+f+qHiiu3th10S/S+HL3GsDlV0ckpik/ZEtvlvkfPLlinCYlmDe+BLB8us1I=
2020-04-02 19:01:18,758 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:01:18,758 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:01:18,759 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_402fb9b07deb348797da4d67efe96679"
2020-04-02 19:01:18,759 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _402fb9b07deb348797da4d67efe96679 and Element was [saml2:Assertion: null]
2020-04-02 19:01:18,759 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_402fb9b07deb348797da4d67efe96679"
2020-04-02 19:01:18,759 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _402fb9b07deb348797da4d67efe96679 and Element was [saml2:Assertion: null]
2020-04-02 19:01:18,761 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_df16aab52c5bf95e2a0bfbd55a661db7"
    InResponseTo="_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy"
    IssueInstant="2020-04-02T19:01:18.753Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_402fb9b07deb348797da4d67efe96679"
        IssueInstant="2020-04-02T19:01:18.753Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_402fb9b07deb348797da4d67efe96679">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>v4PG6fv6GBeqxHMyKH1JVv2KuPBZKgq31XGGSOdOEQeUO21OaU5XZTfqDk/opPoSbqOB4wcv3bBBIFMV3tlVMg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>JHmPElB2PKOKCXc3ZqDTF4yWxfOA5QD4YTQTCfFpDON4UJno6j+zdIotkfG51ULjWb7Amp6KXqqsyHbp01F1l/r9lGo+BNJqwEJOuKjUrgBbW4EI0ffs65rncefG/rH8016sWUmabinObw3avN1O5XoJqpZZUsiWBJtFyZn3dT4u03fBvurzHPsa+AIBuBwplAi16BGRBHglxdk6DEidWIxqH7Q0fPFZQo1gEw/OOgZrd35nUq7J7uQLQa+/kNAws29EyUcgQmSOJRPVNqIjyLtoyGg1S8ReIDkVgyYiXm0A1xuNk6xtI/Kxdn/MxRPtiAZx7Xm7JHBycM5nNeQ05Q==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx9G3tLwWlxEFRSrdGN1qvD31zOwMxfO/c93RT4oCzMPQqIaNwkFjPMbMXqcpUiH4DRD6g8AtdEdQ7X8szfkOFuSMM9wxJcmaZHAT+f+qHiiu3th10S/S+HL3GsDlV0ckpik/ZEtvlvkfPLlinCYlmDe+BLB8us1I=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy"
                    NotOnOrAfter="2020-04-02T19:06:18.757Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:01:18.753Z" NotOnOrAfter="2020-04-02T19:06:18.753Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:01:17.976Z" SessionIndex="_4e975fcfd6a7c330caf9799975a1bc92">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:01:18,762 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:18,762 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:18,762 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_df16aab52c5bf95e2a0bfbd55a661db7"
2020-04-02 19:01:18,762 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _df16aab52c5bf95e2a0bfbd55a661db7 and Element was [saml2p:Response: null]
2020-04-02 19:01:18,762 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_df16aab52c5bf95e2a0bfbd55a661db7"
2020-04-02 19:01:18,762 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _df16aab52c5bf95e2a0bfbd55a661db7 and Element was [saml2p:Response: null]
2020-04-02 19:01:18,764 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:01:18,764 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:01:18,764 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:01:18,765 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4019-8y6Rl3PddFThN1BIXysVKO9GJW7zdDTT', encoded as 'TST-4019-8y6Rl3PddFThN1BIXysVKO9GJW7zdDTT'
2020-04-02 19:01:18,766 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_df16aab52c5bf95e2a0bfbd55a661db7"
    InResponseTo="_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy"
    IssueInstant="2020-04-02T19:01:18.753Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_df16aab52c5bf95e2a0bfbd55a661db7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>datwMObu9F5bQRxYkwOSlnMgGAfM2+EBwwcRRQOdRn1txT7enK1jFAxZkKuDwIhwTL9qamJPwUqjbULku9ycOw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>j6qfycuuSe5l/cC/vCf0akyrwfnlkhLNjvGf5D6dUiC33pomT11NRlSWhRZXlAVEqWaStD6vxNLVzf64franFeyQwHPizkRjSCNql0EzRtwwuvasyDT+SZsv1LKoTFd9bs0pvaQYoOxFiTytZLS3UKBd5kyKD7PGQC3EgovVkZq8BgjrQeb/ahqb6sur/bNGIQl6yAU1yVyBGsFzSr/YHp9b4y7LxpeTk3Mf8gMcCTSmwIXE0XK5tgo40ZkFZGK/XdtW7iRUaxNQ5VCBAjbuqONjayWLolkb6C4RyoB2CdvvPJ4NuSFUQ3J8NcRz+910oZLWmA9GpvtziuC4WVaFLA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7c0a3d79ad96ddb8ef3b524968e1285d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_8ad926703ed6abf96afd80ae94406df0"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ttBBPOPgzCdPa0rr9vSel1uHs88xGvFlHDdTjSx668ZSxGt8C0bLn0l8rOCusDNtAasYYK6ZL+nrYYlqfo2pm2wT1c1nj4QHZNT1AiVvZLq4dRQC2RDKJPzcneN9OzLU95CLPWzTJUXxSRe1fGAGRaDoyszU1swOGmeKaTO+Ux2B1SHv3ZljPSqS0v9kGpd9AW2/f7s+8Wxp4VK8aOkZnd+Asjbb7tAYqJdbxadm5OwnyInBJg2t/k2FJ0XkDpwiDZgqyYf7bjOXQn+byYeoJYN5KtWi0WhVfdip4FobSo+pKg8iMHwzxnodv2yojOE2kmm8gu8ZJCPfaC8PVQxjNA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>CKSUh5MnW9i6hoH9rrBacYCZvJF1j10y6I75h0ze7AHc+3Pgtv26thVJYd5Y1FCYNmRsfLJkWmLqfgeylS8tqyJC2wAe5SR4DwmIfiQ9wHBkjYA2oHhrEBrJLObPQ4L6qJmjKjYgSJxaW3+fb6BeuvqCniD8g9slrK91pvoFJrBpTOgPR43gibJeE6jDp6W53tl5P9X86axhoGmrW+qbGAzPZdeh/q9TBvo8qfM9SXvBY9LkJrv52aj/EW26vhU+UG/z7yibqWy5mvffupfcP7S3TcDQGfzhVASIJzPEbi/zYGhj1TzZkrbhLfOMRQuCi9qdbW7wnS/GAZ2YySMnZfTl3hNWiwhpk63MIHDywWhHC2m33H8+kFwTmA8ae/eoHBBD45EZC+0V3kdHyz8r3uInHMTem4Y74UVEDKtqTAYmRQSa4CpqtepCT9YfHPijyp0yUki7iMVP2G9eawKAF4zDOA+FgO37fCHk7bTJ0K1MVnQ1UXyxFHON39wzi3zn/KokV07o+9sfKHivroZIWhpkQkiKe4L0ZKD+pwHidBSIsakkI+GYpOlhSoAlb6s/Jw0Yb/sLcHo3zJrgIqgOEr+qWhQlCysTIOb4a73Fp6oNnXLrFpQxFGaY7ylwPjFPOCDfDjptfvMkJ9Y1qFOYmS/YQLxYfW1I6vgbabFoeM6QAWkdtC1INcDLLPKFYfM2Xif9t70+rO8KXYtbP21kaGnkxvOpetUYE9Bg4DierVLqNUCfgdBObf56U80BU1n5P+v3o0wQix/onvpu5VS4q2hwqoAFuY8+utEvOYZqSg63VBpoYHvR+zPC0xFZeYIyj3mzMWmVekpCr4NJ9zRi3688ZywbQuAZyRXGmXSiDhj0LnFKZ18Ys2ctADZB1IEtx3vYRJAL2a6ojKxU2lWjA2kqtRguNlwtTnKPn4zscGvop4oZYpQ8Vml/t5fIy895mj90sGNkrcbh40xiQ3kS4R3Ex1ZSGl/L4Sk1/QIsjJHfmpyKlfTP5iztqGteqEMZP761UOiSjXads+CCvFbY8M7p0pMgdBSkloYoxL/exoXHSsCpYlV4HNHysFNhl7EdJaZ/NqeUeBV+dv3WajlCS0DSbeyqFY3ugM5MXh4jIoxHRLjVEonc8WkEsLi8a8sYofWPkviFZ29W5rnRR/wUUTnOA4MvQBEB1yurWCY82ELX4mgMOHc36yy9OXH258oCIiCSWkN8f97LiwIUTh92ZJkbIZ6+LSS4Ewjawfjr8LKGNmMv7xkCVAKE4qTo0jl0JEO7Q9q/yRhWt5jDA3lTtz3JW2ZNf6Y97/lQwHClRVrgJkmasS3l9wzLUBcBuKlhSdRtJpuigK620zLC9unjA2dec5ZM/0nbwAtfuIxRH4QVb3WESh4mfTKeXqIANzRtmJdhYdp9qIZCaD+TByrLcHToLPuvMOQ5nvtZzTAlY0P0pELNSwhcDnz+2MFWiIVsSULoGvP+0xzGhxT7hzT5dp2NnP0xgKGtNsbADweOXNLseJRB1GHrUltdZtTpFsFLYfWO230jEXh8y1CkQIentWQLR91hh0j6Ge6l+wh46qtfYImXzuTa8kSa67ek4qpuTxfAnhuAVmHW9/94Pl2n40e0uUV5izF/bbTNVYHhmCWrCc+5GH4UMlUbT1n4J7HVAeiYTy8Osie011awQbkZsr/aFs4uuGk1971jk8NtLDipF3+7SUHcsP7wEBn0xgpWCjiAOZ/06dUtm1QQFvzzlVrebfIyCvpb2/C59HrCiavgoktBN2YJ+JZu2qCXgB6ihz8pmsCijiEBGRrLhXACzmeFmPYMo46c/jn6zwaL89g9Xv03T7Lbd40E1mr6DNkGx007bZ0fCVJaMYy2CSpSORWEqthCiDBK9buthmyiRTECy9HbU+zXj4dr5aAWm4xqyZGI5VS2BAnzIufajwN17DVbv49xCQ+AVtO957kn4qt+qA0HkTEE3YQDS8KcLuIu4iRW3nWJn2GbjdI3EmrRzMEC1z3mwQnOmvnM0Iy7dC7fPC6EcgG8VhfR9nEC6RPylYJw7Fw439Bf9Dm8lQxh7cXfIzXAwn4T9YTuxYU1n1MuVaF4KLVkk6Yakqi7DCcwJUsHj+B2vdFZwOk4NGtDoLVtyyMjJB7VNX4wx75uztvsAAd6hVJ8ALYlmeLR2AcAyLG4w/k+GpgsOCcHjmnQ8TeFD8Aa1qcaOPOSiO/hMaItHykO+tHJ7XJgz6N3oVK+JvEhgFXQo1rlPhnK7tvwVg+Wsar4tI7v0To+/6HUpMPwB/gJysJ0pKqH0LJf+v6cRtYxcwji6EnwkSycl/tEeG0DN12gZxLMpxGBKzsVmxftghKGZlN3WcdtMIGMmadeJ+KLENDvtr384DKfIkxUjx/u48vkE0BCSnycBq0assPX4Nri2bwb1egGX34OI3cg7ufbM5c+RMUBMBPbukVb1FAzd7vh+tTURC5zvuPlMhGJTkf+nBKmpa85xlcIda0WBbgaXHeRaObPQrab37WrW1GHta4x0lcpe4wbIoyu9KHRUAVT9C4gqiKrx2Nw3M7NvLhG0cTB+6UXzGV/APskvFAboE1qpjlw/4rfR7pU0So5nEMJm9qluMgzbGVEY5hc5vGUBOAwNkIIwzk4G6THHKEOP4wnA5FK6xRPEbc5rVCuP8esFameX6cfkGz/gGUC9cYXXuxshtyxhQ5Xx0osqFbU0CCl6nAC4IY88DUA7uDWEADDrdXPIlRD5EHbROxvbcGUx/iQJLaDcv1IEefBAUtqx5XsnK0gqMxfUf5rhwZJXyKn8S96N/xmm1hpiGQNJbhgEpxkx63xHwuxj7hHTtY1Ck92lmMe/oUuCKBu1BYuR0VarRq3LsRhuHkoP3WNmsNvz6DtsPVx0VteITmShtyp1+yN6Z+1dp7Zw4xq7wGfsEzqTtjMLqjBjcx5DlG/bnC+Z7gn9ln9kyghHcNq8b+s4LxMRWyYvJTlTeVOPrDVfj+F1ut1+UZB3Vj7rYPHEzZa1jp2/BSv+IgUw9gpugjzgwet/PImzbRmQFZEQd8J4UOovLXUlWwEGKx25cmuF8iuzXnmAa0KjhVBDIvftzFh64MTVcJZwWDIGCG7Rj/2B9VTn2RMPpAFTn/MGgxVJSaCyzKUPOOOKb29mmJqGRalKlXyrCh6f/d/0WDz8WQV65c0qfTuQd3ahV0VTdMFMVutR5g7tm3amCmcsnq2BG/uSg8a0xbHlgWRQVzbZSBFYKYxRYb7BbYeWTkhUCF0qDBAMBNqEGNOhLc8EmPMMSQ1UlayHz972sNCiZzV6/VCBTlaRLyTPzKyO3Z7IjfriAL9XqrEGIf1tkMnsfjrUEk5wRPuDjdVY7cNTIZgqusrOfdZQ6xPxz9UriWjFbwxQm2xR4Icy6pw1i1ltYpdxoY6Pp0D39Tx3MkZu6mdgJLogeQRQpyMYJr7zyrRG8CN9qaDpHZ9/wcELK0j9/ESYhcT2pI0CPqbApHuwrGxesiXhM08ktcyRydQEdn8U/OoOXj0vvXPE6+iIMWuwGVekoCK/oMKdIZj7EoZUplgsLfHdqg10BBvpVACqvvy2P6qa77q96VhuLAvA17LVrn0lTPpbw5Je77s9sZxoyiUkmND4ICjgPYV8ySaJ8Vep8IRadggXmrXyaVhcZP3HN/7VHMx4yjJLY9z9ilmY1DUHhntQPjv07NgCeMjnlfWPWsnPs947h233aAhB9c4pKGB92JW2dBK8QNAldgPrSn5+pT0fzthHWy9Ll0gl4bDKv+gpEJvjZeWBmhmMtBoiiLvbqEQt+RClhApdH3nTV1xvW1v/zYSXFIVtwDzAqOO48A+QPFXHA9KGLFx/24EOr4t0uKBtpH9NrhA3x+bsSMsDrSUlg1i0lKRvKsA35sX17reFmlwHgHfKDBnbZy7yf63dGoj8AAXB6WMtGCiBy3h7CG4SWQ2dlFj6Sobb7dzaZluR1BRk3uEpDRTOmMARDswSh0OJQC2KhPmv1eTnBfjhrNY0UOlTjzMi8vROGavC/dUyEHatGMS3Nfx4Hlkps2DS+otgl6G+gumgYTZ1pErpyqA/efD/vyLduzfFK41H2QYoYapW8HwLHgKTiZKY6+CwfakMPl5d9s1g0ngJ6GoEodnF0AYWJqpzqKfHJalsCzgb2D5ZwdrIkHacLjDJY6vbD+kkUeYB+ndPbk3g7rL1fZEDE/SgcNmSuHPGz+ndadPuKyAR0LWlWthM6I7CCXa/VSb11AzCqBT3A1xIoJXDqou3osaCpHhAPCaizCvT35Cr5/q/MRWP0c/nARIEwu86FHUD/ODjMiq9jCtNiqIod9eKmyP/8MOYiWiQybM5YmVKzxE2EAFpHPningU6aOMaPWrNnfemFmetWlpz4EJBzI2QFwAazkRo4XvIuiqVxjw2LYS5iAwgdeZPj5ZI7hisQMwCT+3zv0f/NaMLCPzNQAaQXvjFWydRW2dCqQAOeuF3ChNyIAoPs+liZJgokyEfK5aOvik+FsMmmmG3/UPtfSfkdQLtNAh2cu8Fy2kU1xhb7NziqtYrz4PVvih07pGGdA2ruA4QLmfNsJR7hMr4KrQ3OspjdkxM63gPKv+oLYsH4gX6rkaCw/0Q8zmhjPunr9NmfoBun8W5JvZjFWpxG1aBnnhw1ph2rls0spDWQUDsXKKYmmVbKEkpzOT0RUOdGq7xK/66SoOSZAMVf2f+EWrO3sdBH9hqEtHoMilRufEU6R5+8hIM+YjgIEkIsieISbmmI/KA0wXouJW3tSCitJ9kkxUJi03vsOkLqi4Ejfh/ewnCIdsqLc0S5dnbcVmXmS+d1YAP1ATkleGFI41u4n1W4Lao+KFpql5ZTBWsvzmYJUbn8Ozotubpe7hBDQoGfeDCc2Cu6NTATJSjYOmaY4mu6wqny3vMfJXuXJBf/BJ1Z4jM5FNjY+EjcEh5fZlSrUero/JlAdfrHn2t1td+cgMcCvI9I5udzt37WkP+G3BYWUGwmzCiXr+dDT/x/3sPnIQwcJtX4lytFvahqWzCz+C0rsPOJBLA0WuIGlhZFejRrOeXViiFr7spwxY9a50lThu8Lrf5IaYRf0RoN+GL0X6TpFtADCA+9lRBkgDsGgJ1WuIoIkk2XsW7wqCYM/3CcAoyY52ctvJLbHAvOfp1uTtyiF/I+SjrFmbUHa+7oZXVVtG4ifLN/W/Go3TuzoMTPs3jITOcGsUrSsqJv7UrGTApi7KHyStMteu/8iaIXojmGGaeEEq7LOTG7mE8X+w17OM5ROCXhAhevdgxLzUDqbBroGMSvSnQvx9igduLaB34lSrF7WG8dkFHbjv5p+LmowXOwNoZLvfW4t5WWv9x4le4wwVfEIyaP5TrlHfQ/uF1dUucx61NciKKge0a9fCC8eIRV1NaxnjDuPyI79IcSb58QvoEdZVpBMft6hnQVOcqnbjm6TmahxabmKrrsBII5M5g7/eNCWqXVyBus4je1hzyXoJTnF4QZS1M6JqJVO991WDtxg3st5bJgJYm7XbS2ztetSVpgvIE06UlcTjD4PpM0kJcK5m2bISX1HApIyWm/nuA6Ddd8GAvgSu5RB6Mf/1R9lMJomO6rjAT9cxz1ejjg/cAmNVrU0Z5mZ+1gUahd6/xvEpIg5KzLGEUtqhYspQFAK3+uo44NmIVHgpDpoQfjMXEP+PKTclNX2qrmIL0tiyrxqamNACt0CIUbNcfaKAXcZo4TV2v04t6DspKOZ5eH88J4t8XnYibPp7yUAqMod54kPoljb0lCrORYTLaH3ey9ulAUvykTqtlukiJJ317k31Z0+kFuHuHrWAB6zVf8q/gk89P/ro00YLSq6082VxfJ9dfLU5TKqxamXn8vptk6BJQ6v5mXwjE5Y8NCnU6pvO0k5AQSa/OnswKypCZbSps54clBODENfKvfjnnv0xIZnWDxDJEKuwNLUjRGDBo+SfN0+udmdauAVxTARRv1wIZQCR/DFWjidm+QSbWhQD2H+6YxD/RMp7Rm0M/J6Rq0cBEsvcbQqvKk+FVa9J3+vifizQQXMG8HHPWuLxiAX0IoziHNJxXM6V9lfe27BQmqIqgmTNw1/SihvDgOwQZgUFQVaHHOZ+txtWsrJn05Fwp+ja9AHyzJY9m8VDs86ALgVLWIsZsfvu8oRVbKVrTV1XhmkZONJMKYdmS2Lh7jwzkr96PHJHyweTZhbWHpnuPQPqjkPUJ1pXTejlbM3urg3+02US4sWS/NaMwWJMfCUjR6sWVwZrOKSMaeGf1A5v5ICYTf44ixNgEyHM+diaBh+kp7LfFhmjUoVAJJfeMnogURl78VDFEymbRGB2esV3/8uMkqfKrjk39ck+2SBFanseIFDfh3PPUu/31zgPyoa3XLd14geOjwB8N5zj6CPJYAgYt85tFy2W8oEI46Cq8/8jmoxBFhtp1VgMDV487NnDAEjrznfg8PLo53gTkS+c0i6js+9MEVNvUyEHi88+aXR6IjCuVpiaqFJghuJjCIHOayO1kakpUFuCRtYYuLDSGs12O+2eSVm4NaCQRrk0PJ+ivsxaOKD6PN3C46XN2533u6mF5ej+wj1DlrY7mWZWrUm6qhceQXQyHZ0M5JkTxWdyWhjTOkMYR0eSB7tlvPchoyy2mtW8ak2tjkCsdxq8oDmz1Mnx5aADgUX+ultVBul8EjFvKmak5GL2muf2hykrRktkvdWQxfiUPBuXehKDOkqMKmhnFg4VKzj3PMSqdbgOiwZfJgZMRbyUNz42gg/6MxcYMaOq1Lo/ZVZWgjvPEP6LwVP1mD3FGz27E0DWt013EhbRFZHE36SX0xVVU1149Nz6pOp6D3EleztcNj9FhXkWnjkxqZdD3K7RtGUaHeognos0IcW+hu+/wDoJmr9DLfkHZvtR9oQQ9ahtP4sDjEUNxhDtwO9pJF8H3PWDoMPJvpjakTV+5DWko3X5BxnCahCh5++OKMYLdKXycvvl2MliRm5Q8Gr8ObY8S6/YybSJfbHiO0hsDGDZV+biZRAXEg7uHkcM/i2UwmviRYr0CeCqX2W8JrsSvarhrEKHYy4sIDF5tFSQv9YMWNQKHfxJHAcwCIi3oJWhLLlu0Pa/JZ/e2rtMTbt7JV52+1j3vkxurqlCQliX6PvPBnF0DXvye5+9l41tPITdPTH3N+6XMjAOlgzG+yDqrlVzuE3u68ZWcT9Nioh9bZnA5l26KAFDrknuGRWFa4MvneD7h4ZWpgezg6BV9sIXphmVP0CkzSpULugyqOiE9jMDHLmdd9EEgdiShglSX70uvecx0IVA9vo1BRTuq3wEcGTEYgVwTHDo3L0mVJs6edy6Dtr8ak5iItCfQedKAw4sZ+8+iyfQIMD4EH14QM7uEwwr5fDdVa9uaVlDg4LJL54Ae9oF9otLw8gXsPHegMnGFP/rf7bfHEjDijEwzvj/fv0GF1ej4byM6u/8uARiY1iPYUZbsnw/zwtpKGhCtS0VTvY3I7U7uVfxBgys93+bizXN8gHcFnvNgQv3Po634ACN/16eRDS2cEK3eej14XTSOPSawx51gMJE6mvKgs/aHoPoNJAg6+Xp3Sy7UY5Q9LPfCnxn6Ew1/k43VBW7ohJNQ6FQD5aYlKxmFT9rPPux8ISUhj2UOCPPpCf137PFBn5ulvRYy0cVTrpw4W8CC0yMhHz/iaj5GQwg76FAal5sP1TJb/AxTWjvnNSYJU6KY/jgCx3aXLddE8KDxjWoFOUkRbi80FttccVKlbDPv5Og0EkkCV8Ks7meaGAfjdXINZ40v6XkeY7g3tKARkggleYcM7wVKyRFJv9WoJ1T/QSTApD+KObDEEESxyYei9nnvKR2qeHmFOTntqoajTGqVjOMCHkzpkllUwIP0slrFoDvoPrctFvvznOj427viY2QOW0K/UCwZ7Xf3eGr7V0taGiLqlrX5QLh1UoXp7mYtXQQ5lirIhgbn0T8yiIVp0XRqNf99ncV1SlL0vKcwbZRzOhzt9SMm2bpAKASl9wRCG8j/3kzm0vyE4K83kleFMzD9khnn4XcTN2Zka6Q8QRG1TR6Jgv4xOjxDNAJJKRCJzBDbxJfTz57XXf1kx1u5lmMxrMPd+6hXAltJZF+5yxd5+RBaZ/FM0YL</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:01:18,766 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:01:18,766 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190118Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_w8bbtmugeax3arz8gequivmqgskpchty4ssclwy|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_df16aab52c5bf95e2a0bfbd55a661db7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx9G3tLwWlxEFRSrdGN1qvD31zOwMxfO/c93RT4oCzMPQqIaNwkFjPMbMXqcpUiH4DRD6g8AtdEdQ7X8szfkOFuSMM9wxJcmaZHAT+f+qHiiu3th10S/S+HL3GsDlV0ckpik/ZEtvlvkfPLlinCYlmDe+BLB8us1I=|_402fb9b07deb348797da4d67efe96679|
2020-04-02 19:01:22,612 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:01:22,612 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:01:22,613 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190122Z|http://client1.priceright.local:4000/Saml2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:01:22,613 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@26a99f88'
2020-04-02 19:01:22,613 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:22,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:01:22,614 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:01:22,614 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:01:22,615 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _28e6953bea528e4b4f04c108b2b68b76
2020-04-02 19:01:22,615 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _28e6953bea528e4b4f04c108b2b68b76 to Response _170a09d64fdacb9f170249e5a1289d6f
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _28e6953bea528e4b4f04c108b2b68b76
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:01:22,615 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-04-02 19:01:22,616 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:01:22,616 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxmrsAhHbJiEicdm7s0lDoEohL1G96zEazi4yudX3AAhLFEpspZQiYvu36cHS/S87wO1K3Fi6hA4ouX4IOsXwR28UGqgEusSEhUVvlbryO/toZuj6HyvNy+HQ5qDltNAyJC/FX6QrPChp8Li76 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to idacfcd311612e4e29ba1dfddfdc731c2c
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://client1.priceright.local:4000/Saml2/Acs
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _28e6953bea528e4b4f04c108b2b68b76
2020-04-02 19:01:22,616 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _28e6953bea528e4b4f04c108b2b68b76 did not already contain Conditions, one was added
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:06:22.613Z, to Assertion _28e6953bea528e4b4f04c108b2b68b76
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _28e6953bea528e4b4f04c108b2b68b76 already contained Conditions, nothing was done
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _28e6953bea528e4b4f04c108b2b68b76 already contained Conditions, nothing was done
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://client1.priceright.local:4000/Saml2 as an Audience of the AudienceRestriction
2020-04-02 19:01:22,617 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _28e6953bea528e4b4f04c108b2b68b76
2020-04-02 19:01:22,618 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://client1.priceright.local:4000/Saml2 to existing session 9e201fbceaebf0ab15782bb00d1243fa25515b2143abec57f4c4ecb53acbccb9
2020-04-02 19:01:22,618 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://client1.priceright.local:4000/Saml2 in session 9e201fbceaebf0ab15782bb00d1243fa25515b2143abec57f4c4ecb53acbccb9
2020-04-02 19:01:22,618 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:01:22,618 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://client1.priceright.local:4000/Saml2 and key AAdzZWNyZXQxmrsAhHbJiEicdm7s0lDoEohL1G96zEazi4yudX3AAhLFEpspZQiYvu36cHS/S87wO1K3Fi6hA4ouX4IOsXwR28UGqgEusSEhUVvlbryO/toZuj6HyvNy+HQ5qDltNAyJC/FX6QrPChp8Li76
2020-04-02 19:01:22,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:01:22,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:01:22,618 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-04-02 19:01:22,619 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_170a09d64fdacb9f170249e5a1289d6f"
    InResponseTo="idacfcd311612e4e29ba1dfddfdc731c2c"
    IssueInstant="2020-04-02T19:01:22.613Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_28e6953bea528e4b4f04c108b2b68b76"
        IssueInstant="2020-04-02T19:01:22.613Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://client1.priceright.local:4000/Saml2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxmrsAhHbJiEicdm7s0lDoEohL1G96zEazi4yudX3AAhLFEpspZQiYvu36cHS/S87wO1K3Fi6hA4ouX4IOsXwR28UGqgEusSEhUVvlbryO/toZuj6HyvNy+HQ5qDltNAyJC/FX6QrPChp8Li76</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="idacfcd311612e4e29ba1dfddfdc731c2c"
                    NotOnOrAfter="2020-04-02T19:06:22.616Z" Recipient="http://client1.priceright.local:4000/Saml2/Acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:01:22.613Z" NotOnOrAfter="2020-04-02T19:06:22.613Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://client1.priceright.local:4000/Saml2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:01:15.218Z" SessionIndex="_59868e91f1387b9b43ffd2c2a659ed4f">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:01:22,620 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://client1.priceright.local:4000/Saml2/Acs
2020-04-02 19:01:22,620 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://client1.priceright.local:4000/Saml2/Acs
2020-04-02 19:01:22,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_170a09d64fdacb9f170249e5a1289d6f"
2020-04-02 19:01:22,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _170a09d64fdacb9f170249e5a1289d6f and Element was [saml2p:Response: null]
2020-04-02 19:01:22,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_170a09d64fdacb9f170249e5a1289d6f"
2020-04-02 19:01:22,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _170a09d64fdacb9f170249e5a1289d6f and Element was [saml2p:Response: null]
2020-04-02 19:01:22,622 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:01:22,622 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://client1.priceright.local:4000/Saml2/Acs' with encoded value 'http&#x3a;&#x2f;&#x2f;client1.priceright.local&#x3a;4000&#x2f;Saml2&#x2f;Acs'
2020-04-02 19:01:22,622 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:01:22,622 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'wEMVIxQuqpQRZ0PGmh-EfeVf', encoded as 'wEMVIxQuqpQRZ0PGmh-EfeVf'
2020-04-02 19:01:22,623 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://client1.priceright.local:4000/Saml2/Acs"
    ID="_170a09d64fdacb9f170249e5a1289d6f"
    InResponseTo="idacfcd311612e4e29ba1dfddfdc731c2c"
    IssueInstant="2020-04-02T19:01:22.613Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_170a09d64fdacb9f170249e5a1289d6f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>r6cR1WtybtQjhnnljttZLxRDbE3W9fzFgXx41WyzzLs=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ClHg/J8mnSd1gHwaTOXrX1zOUFW/On6KBs7zQM04i9XSHGrlfgz1qbI8doEvCKICS6imfKFh5DwHPe7U5ZCIMutAF/GJhdBRiNsQ4VahlUdX/68n1xuaTEZpzOrZt/rSnh3L7YZEdFmPysQK2cK/XqYZ+2lMOIpGA7tetFn8tGvFN9iO4RO65k0WoJ5rEEk1oVkeaf4lscIR6TNryEYWyrVhdOiCuF80Ohl5jtush1+7JIfTz1MBrWrSAONy1Z+9HDZtPXv7wt2M+yRXbbrQAwFwWoCkx6+lTw2/8QVmuJXcqxwm5Ug1wx25nC5Y0WeWA/AwNYVBSIsNeiklrKKE1A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_3cd156dc2b5a44106459ec534bd5225e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_419a1edad9788e510619de94e78d6cf3"
                    Recipient="http://client1.priceright.local:4000/Saml2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDIjCCAgqgAwIBAgIQyl66X2NfPZ9ItR+QGeFgUjANBgkqhkiG9w0BAQ0FADAhMR8wHQYDVQQD
ExZTdXN0YWluc3lzLlNhbWwyLlRlc3RzMB4XDTE3MTIyODEwNDExMVoXDTM5MTIzMTIzNTk1OVow
ITEfMB0GA1UEAxMWU3VzdGFpbnN5cy5TYW1sMi5UZXN0czCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK3KOkmZiRCRh37yDqhm7YDpmO9NqcrKLqDr3PLcBa46sGNKcqOtJ75mHvBWcxnR
zs2aY2lidnHXYZu3Au5i2Isu/yC2gYTfnsSx8gTf9nfkD0IGc895cJyw9jmiTXY6N85yjVY0GFee
KxiI6GMQFN/MSh3kftRGF8ERcfjTV0GXByMAoo1xAUwHZeEF+nc5xp4nJ5bHDL48cWyh+NtuWhXg
o7Be3S0cJkW1gxwEuflBETR6S7+u7IB2N6LhSFoFpiXE6F53cLlYbxgaXoIfliGQBvryPAvpUIyY
ItZ8rDfg1x1SPEGsJBcTSUopoOGBd8DSP/Kx7eN7yqz3LlG/CE0CAwEAAaNWMFQwUgYDVR0BBEsw
SYAQuuOxcm4IHKU2M9sXyo4A9qEjMCExHzAdBgNVBAMTFlN1c3RhaW5zeXMuU2FtbDIuVGVzdHOC
EMpeul9jXz2fSLUfkBnhYFIwDQYJKoZIhvcNAQENBQADggEBAJbFk/8vvIzn/4PdOwqHIez9vDtc
AokXoEm2bJrwdAGnhZ6ThEgP+Bt0H1jtHQrpKqOEAG0bKyCg4WQBcrWXkIP+9WSerpPy7Y2d47hY
uQASkyinCFRbnjUtfLedCcp9uSl8pcGRFBDUdTi80Ht4D+BJEAjSugIMmeTwBm1U9rFASIjzXHJz
34RbBvECqBEe6LA7nH1UQd1K0IU05Y0kuj6Hdv+QVlzRrZaY6gMpigpHNJyWT4BO8c5glm/T/UKv
Jol8oVaxiKpVNFUQnPBPhcyTGjxRkKLqZOStNh9rDg0c4uM1smZaChE+mvH9yhT4yx1KZJqwIXxX
EPrtSfPj3Xs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>cuYdQS5GLk0liYJs/e0GY97//WPiK+Vl2TzKqG/J/yVpcpk7Anetc06gGNe/pALC3ijdF/Qho6atU0riEKmOOPDsMCQV+DFT1PpudZtpEe6+1BN58QQu4n0BxTFVfNh/TNIv2uu2OkUqI+0+UwAnGgu/LdxklAXL6E/tD+Fl43AHMUrycBlPkPnXVwDNFgdr7O6Cbbkc/NqW92NEjrL0IvT+WyC+Pkm93PzumQkWXltsCUXkHgmlXiVbq3wcZbPdXy7q175TWynraKYsjFEpivAdXI+sGCv/+i0ip7CPqJ/k5heNBBO/PSIwhk+PEvwWGCG6IVAzBrhVTZIiFd7/MQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>bgdAq1aH98BAnoB3QY0OU+nFQfgEyCWb7Jocnja4g2OL++f6eaOBipJNBo+PJ5dbV58OTFZnqKlTMvJ/qGiPRbNYFPpuDhwIngxgtYWxet/0OwB1zjicanQRY3LJoHuFbccLzdVSk8OEbqCaiF62LlC1BLKboeQQDLrAs4LSpWXkFFiaZ89W8ubfqLrvaBpDTo4fvyxbRN+cK87l0o+RwMo5PJtFs4lHLYNRPe/awfiBdy8Gmd+VjS4kt67saW4FTchGv/WZjy/rVUgT9BeUxzL5qh4O9IjXfHkD9qcvW70qBUitUsu4maoE03a/tDjRxCB1hGDsHT+SQnZeqBaY1MbzEKaLz7fso1C4GOPmLa/rPUNI87Vsyb+V4NyVTEF/sNiJtrxEGizyNtccQ+kib7wDfXbWTnML5DmA/s4XpNdH+TMBFHqnLRifHEHyPmI0eyCMeQ1wsuZAlZSqXhLCTZCBJtcm2/CUfLp5e92xdyddFPGcxWvDYRDFH017EUAnIkn0UrlOIEVCPs5yTeZ5ObxrYqb5wpSRezbEMp91YIQp4gJ10kTGVY9f7a9Vq20b8DqlU2P9y/2O+1WcTqDF3wMUA2lJ9w4aksL5pHsxfhUmh60X5WvC6ozgRSibG07YsZhHdYPlWNSYNB2a5wWArfX1ucefoHwbCZt4jOOFpAmSRfcdlDHTldPZIdck4YfnrFTH89pT7JMRI6hZsfw3XYaXNAjUDkVww60xzqCTcJX3EVgOVuaq0CYFrFWYo4LSvYSdcBbXrpPtiAI72Hs/986/bhePJ3J+2vivYaIy9GJ1hn+l2NK8t/+/rlStktDETxsI8cTLU1cOdbVhVDWu/lE2d1dzWhBx33+LCHo6Ni/M0+36PZvZ8EsFloh/BvONqlmeeLDskzm+F/NmT549ZjzfRRzxYwxptp79+woUYF4bAIEba2KMdO1JPj8vCeGdRHcCv1+odthY9ZUSMjnVXbyX76Ghlf8uxn04eabVqGlfrrwxIAgq59egHFmpjR1Faj5/IOgiPSleBFZyxSVRE81SzlkgesdsLx4Ysy5WL0tbekBmyBmgbXlbRnCKwwQsGsq00rMKSVzL4Pp9MX6sGuggzwceTgG3bK2T27UgAzS/1QePeRmTm3e5yTVW/zS7rgiAPeo6lTjkaQUMMtWjihL7uU5XEr2kae8U65EBAxR2MkuE23yt7hNMTXjeUK8AqGDStg5Gd1wqymq6/2L0sIejjVWWWV5oHpR0eh+IkfraxE+hoj/bCKqidxZNtU73UixJk5QlLWKluFi6FW3QLU7xEyJgx9CQJscwGf30FLEKM4od2qSBSUf9cDthgjPLAdtLxo3+3/G5V/pzHXMLvldCdiqqytapVQvsiLErLB3Alui6oiQeLma/JIokysUiEdn5tC7z/AixRWH0GigcppXIaPMLp+UdhdhqcA4aQGrDOoax3gnEVjf8bBXrKsIu++hCdMdfmoOLrRQi7TMaH5EShfqr3KdStBBifgNHGM7HWEvKyoMWG5i8d6/ho4wcu9k76zHniwzFKm7w6An+1sXCI106gs7smcY95YGwcV/p6Sb0FcB+ViiRNusL+8A8pVmjd2OaGBn4pmjRuYL8viENhLlKV1g186nHfLKeCmndIddzyeAk9ikTSopJ5CiPld2NlQtub+Qmg66syG7mU0KG08iXzSwBl3cnL1Zotmp5z5bw89hS6sQMIvzQaQPpTNJM+y0e0SowlHZaPjBnyuCsWP+oDQK3M7gkby4EQ/lc3YOfY0o+mPdWr4YOoK09mOZ4Hhknc79qBv88jfSlUZrPfbHCDtfpvT+aneDYM7uNQaRhwg+MRij2E+6sEJjtt70rLLs0hf59oBRpWBZusUwXfM+t3CwWPRyIlj0G1OOi739Xf/XjEGlnCjRADQuAcqdz1D8YYf86TcbrycTEDTYs2dfzrsDligfVdnIO/pQbDN8EHYfNimLePLBXzZ4LdB8IxVUW2d9+3i0NPUgWI08nvFRkxLEb7NtvnBVLBiWMc0OZr+ym9zZFWgASJVOe3I9hl9caSrfj05I197W+qh9jEUDOB8DzojwJBYUWpe+jQyfizDwkaRNABAF2/dFCfGYGqC/4Z42UJgiWnQGJHHXzWvGY3lt2Lb48+C9BdxkmVEaPdF3RWjSIekqT2+S9Hb5VoBBU/H5vODkuITSe2NQ7N6R9BOznI1pPfyPZ98YN+mPLzf7yJ1GN/EfBHSqcKJTXwfmED93c0CyUL8sMHM87tS/qfHjlAE19zXE2q212pq24jO64HlJNoF9OIeu1lkpAmPF7dzlsCRygduKa00jwYf+5XTx7kE9LqDwunh51JDvn3B+tQyRpmNl+IMCmrkM5dimZfvl7aWWqZDYqnDNGpH5B7O4VBQPXlPrLxHsUuBn8JLhoDHM2rMgKnzgbVJisUeLWUo+cgieKXl2GDH4m5AZxFJvhzTOu/A3/yMVpHs0ZzHWH3x/8YpID5NuVq9Aq+ySZpJeOxo+fXAbNloIk056Ux/WwlG/WVnkuxwRyiQqlRbwgEpT2zGCNdQ6dq83P40sGeIG+jVXiI5ayk+82Raqm77mO3O1SpoRIsoDQbxZpdganmL8Nxfg0AVk9vs0L/aU0G8GDNZcI1rGqZ6vo/ua46QWsjX1eLtA6epEDJk3tvpDXjVI4NPuGKF5rou76/2yp5J1AryoZh/6F7RSWj1WWdItkmstFVmz4mKzgiyGsPZyNt/NujDW3F/Y4t4RkcUk5u8RNGs7Y63Tvk/4JyhSJFvMSq7Lw6zc44I3O2BRal5w7n6eYJNFLKdx1lmkV5pLs29K+rAvfCJIpw3Ge4FcDi/8GF5CiHDKwrMO8yqXl0rgBU2XuR0pcHaG1+ll6KaxkT0826qdu4fR2AZkWegPXZyWzl+4fOPrySsgha+6pP3bmo8QD2cXGFq7RzRb47m5NsZZXWDgqsSRW3ox3e0EaZ3Ohn4Q19FJGFiXOlcY+sM4alwsuY6Y5epf0wi5hIfKR+Uq9k6ZiDnQ/y5d2pxSET3a7kfmjGbgkXZnMYbrhzd1azN4iZ9TTiigh9+0U9Ai3Ay64dX4bpwlC2gOknn5ELJqDyddPsprfCieGAjuFUzuSy9fw5lTk7Qjy8GBSpnDM9K4iDCrWN/hDGnCw3qqJalGvgkVO7wxsUmqyhDYcYoKc79A83UISSBXLnkftJDlGE4kica/joXkSIOZJ3ipwiTxrcTZ1sOBYHm2P8Fj2ldpIFs02Ul1A499nnRmkCENvpAK2Knt5k1UEG3jacoSj4BdrdQW46sXOO4M/BHXm8czuqtRgdyOcjGYocF2GBDsb+nirEZgsz/DFlmyUFQmX5ezNJtOP3wL7nsgIcnC5XBKLa/GtJQMZwioHhdgnIQ+D5J50CatPdl7ddaVxNeOuG7HXYRWJOvLLXqHTcvrh3Iw5OckpCQIgBuK4C76cG62GcC0mcKkGgBkQOW6UEOec6en5Yq5LMegV6GFox/7ATbDAj3LT9WThPbAjv7rgxG7FkueYzIl/r0tCUNcUUod52h7q9LqygLaKFOdwjR/jpRdvDkbygrAeycX2jD0DBbJPVl5GtK8TnmN8PgL7IKM7zXmGpZExgwvUquTlSbZ+l5GfMuwT2D09LhLz47h6bYK83St2nxFUvGrOUX/glquF41UWaXHnHyhqijboins25qRhJqdA7DTqpvLsHs/z3b6zCFstJatQf6UWD5oy0dHn3MxoDT+j7U6OaC5knqhELouFurS54LRMselQqAawYEy7hZkZGg154YxNYkIZiTiN3pmAdsWjOR6xAYIcD5DZCe+175SKzUJfxdPBN/iceB/Qc68IBExzUDVn0G4OosywVzJXAI3u7mGJd3UjGA2FFJ/sEV1f1TQmy1wq1KIXuAqIL/LkJdtTlpsTVGJ6xI0zfeyebQeDQbk6i7+udFjsUngWuLixQONMdQgIX9yKQiov2L6nxQX52KDh+Y0m/nAnXbzi5OLDZyYI91dexZqvTIoQY0wZnK3V0D91tydJHDrwn3qTTZ+ZibiK+sOsVyS8IpFdL33ruuwba2pOeS5PJV7fO0GNNBQ7NC8HYifJsptNBzvIvOe7gvKuq4tW8HveOGdlrJidvVJzgLebFHpfIM5osjiEjsgk0NbHtClMbb9sIjMua+c4mepXXHGmUGybA+Z6ehWVQmY4HISnOw6YAf2ClCaegDzjagz54dfOTThIHemKJeSjzK9SOW9LaGeQDTN1JuyJDnSAJdeIiQi7zsrAXPIEM3ThvVt3mzwXEWsOr2rQ0wg/q6rur8ZooyvZDpw63sg0Du+ZY3jEb/m7HY1zRpTM5edZw7oZLlAio5g/0ThsQQzTtMHRF3w5qg2871aeRAiM3z7XpuO7UIRj5GEyRS82mB/vCT1UWOscmHskX5x4Vt0V9+b0HXF4NI+/BX7XIBiassaBSv6iyzkVs2mlit7Vy7ZVK4xAnz7/58LO9SeYC89H6kUx7FJi/KWG1pSqUAhR3MZLLjscrAj0oAUOoIKFbvMyWiKS2fEZmXVKvygfvUWSA4XtVyZvT0ztTwYi/ZAHtfMI68mCVjlXzcrqI2eo7/oJQcBb3Bv9Am/L6Lf2VPA7dt1FHefQrzHYBYvroMiZ9GiNmbk6GUYBtnwaasAxPebDtVPn1qaZfog7xlEE3aBdkGiw071gUhkvKBJIm5JBNqmCzU1ex0i1aAOAEy7p/qQq1319JyqWr8Zdbg+l7bow9EyjPlhf1E0O8oi5VpSE+tM5Z9X+NkhkI7L4hknwpAk4YCffzByyJwELXzfb28N7hQThdg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:01:22,623 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:01:22,624 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190122Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|idacfcd311612e4e29ba1dfddfdc731c2c|http://client1.priceright.local:4000/Saml2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_170a09d64fdacb9f170249e5a1289d6f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxmrsAhHbJiEicdm7s0lDoEohL1G96zEazi4yudX3AAhLFEpspZQiYvu36cHS/S87wO1K3Fi6hA4ouX4IOsXwR28UGqgEusSEhUVvlbryO/toZuj6HyvNy+HQ5qDltNAyJC/FX6QrPChp8Li76|_28e6953bea528e4b4f04c108b2b68b76|
2020-04-02 19:01:47,648 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4021-JZSuGq7EbxtlXE5yIW6avifuhs2HHaNX
2020-04-02 19:01:47,648 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:01:47,648 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:01:47,648 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno"
    IsPassive="false" IssueInstant="2020-04-02T19:01:46.556Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>1y66sUMMexaufUVmhQsndUb/NIGCF5KV9oZcb5Ibc2E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
fS0jnsG2TjNx8jZs0PQCLXf1Ch9TMjeSUmZFOh90GIAYCj+F3HUQeziTDDFgB7Y5GcFy8ZwNEEUk
D/HgIz990Ih7qvifusSGTfdiojh82BWbKXIbJ4h7/FLSW4WdeUa0aA9l3w7OCWWnZxKNsyEM7IdN
LEYl2qk6xiyD/V3yK+UFcbUCjzofxbNnisMOAiSw3A23OGs02F7SaOF2pi0YAGM5wgcWBUO+PQwK
CfUs7WB4o2jNsRpZRSun0G4rsIZ0bqDZNIP9GNkoJ//EhQNBbraoydl3qmrVRn8+6uhujojc7kYq
KECgXrU1ok9s9EDI772YzWD+s5bEHsjYGqZUAQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:01:47,654 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-04-02 19:01:47,654 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:01:47,654 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:01:47,654 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:01:47,654 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:01:47,654 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:01:47,654 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:01:47,654 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:01:47,654 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:47,655 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno', issue instant '2020-04-02T19:01:46.556Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:01:47,655 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno"
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno"
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno"
2020-04-02 19:01:47,656 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:01:47,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:01:47,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:47,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:01:47,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:01:47,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:01:47,656 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:01:47,656 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:01:47,657 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:01:47,657 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:01:47,657 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:01:47,657 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:01:47,657 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:01:47,658 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:01:47,658 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:01:47,658 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:01:47,658 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:01:47,658 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:01:47,658 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:01:47,658 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:47,658 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:01:47,658 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:01:47,661 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:01:47,661 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:01:47.661Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:01:47,662 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:01:47,840 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:01:47,840 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:47,840 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:50,441 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:01:50,442 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:01:50,442 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@774729376::identifier=rick, context=org.apache.velocity.VelocityContext@2ab2f943]
2020-04-02 19:01:50,443 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@774729376::identifier=rick, context=org.apache.velocity.VelocityContext@2ab2f943]
2020-04-02 19:01:50,444 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:01:50,444 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:01:50,444 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:01:50,445 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:01:50,445 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:01:50,445 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:01:50,445 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:01:50,445 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f20f389c44b3406ea20c2cd0be4d4c6ee2bd9589801191c95f4670a75b6c31f5 for principal rick
2020-04-02 19:01:50,445 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f20f389c44b3406ea20c2cd0be4d4c6ee2bd9589801191c95f4670a75b6c31f5
2020-04-02 19:01:50,445 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:01:50,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@739698af'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:01:50,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:01:50,629 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:01:50,629 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:01:50,629 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:01:50,629 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:01:50,629 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:01:50,629 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:01:51,211 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:01:51,212 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190151Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390111212}'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@739698af'
2020-04-02 19:01:51,212 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:01:51,212 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:01:51,213 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:01:51,214 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _63b86a20a85a7d0b5b866de4a789aa49
2020-04-02 19:01:51,214 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _63b86a20a85a7d0b5b866de4a789aa49 to Response _a3ff42c13be9552e1a95d6b319d6d065
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _63b86a20a85a7d0b5b866de4a789aa49
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:01:51,214 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:01:51,215 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:01:51,215 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:01:51,215 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:01:51,216 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:01:51,216 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxY1IZp2sSrqOgBPVF/40zPya8qwGTzytx2DkMGt1Z2QjCJigGEsjEtfpnTEB2mQAARJjPl/xalKgT9lLa+sLbniR7oqdSI1VSvVyjwJInsujgjuPucH8bzpHa0syHLkOVnf3ngAOdfxLb4APckWLQxOq1PWSRnMU= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _63b86a20a85a7d0b5b866de4a789aa49
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _63b86a20a85a7d0b5b866de4a789aa49 did not already contain Conditions, one was added
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:06:51.212Z, to Assertion _63b86a20a85a7d0b5b866de4a789aa49
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _63b86a20a85a7d0b5b866de4a789aa49 already contained Conditions, nothing was done
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _63b86a20a85a7d0b5b866de4a789aa49 already contained Conditions, nothing was done
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:01:51,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _63b86a20a85a7d0b5b866de4a789aa49
2020-04-02 19:01:51,217 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session f20f389c44b3406ea20c2cd0be4d4c6ee2bd9589801191c95f4670a75b6c31f5
2020-04-02 19:01:51,217 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session f20f389c44b3406ea20c2cd0be4d4c6ee2bd9589801191c95f4670a75b6c31f5
2020-04-02 19:01:51,217 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:01:51,217 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxY1IZp2sSrqOgBPVF/40zPya8qwGTzytx2DkMGt1Z2QjCJigGEsjEtfpnTEB2mQAARJjPl/xalKgT9lLa+sLbniR7oqdSI1VSvVyjwJInsujgjuPucH8bzpHa0syHLkOVnf3ngAOdfxLb4APckWLQxOq1PWSRnMU=
2020-04-02 19:01:51,218 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:01:51,218 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:01:51,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_63b86a20a85a7d0b5b866de4a789aa49"
2020-04-02 19:01:51,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _63b86a20a85a7d0b5b866de4a789aa49 and Element was [saml2:Assertion: null]
2020-04-02 19:01:51,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_63b86a20a85a7d0b5b866de4a789aa49"
2020-04-02 19:01:51,218 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _63b86a20a85a7d0b5b866de4a789aa49 and Element was [saml2:Assertion: null]
2020-04-02 19:01:51,220 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a3ff42c13be9552e1a95d6b319d6d065"
    InResponseTo="_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno"
    IssueInstant="2020-04-02T19:01:51.212Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_63b86a20a85a7d0b5b866de4a789aa49"
        IssueInstant="2020-04-02T19:01:51.212Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_63b86a20a85a7d0b5b866de4a789aa49">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>qx3kBbgzRmKO8wcdF9eanew7OEzQetTOvCSEwyykEJQ4hU7DL1UFCndZ7B5Fkrp54wlmRLR4qMmZq/1T7z/vHQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>NSb5GHA+Ae1jQlaT7gG4Rztn0JFZqidUm9t1njRANWty0Lvha6nDXdRV7PxU9sqdBGD44184dVXNBE5W/RTUNCtHBSan1szEdhx9aIuWEYzAjr9nmiwaq6+jk4B1iwMVFaeVsg6CqKGnwOSFzKI0O1YX5kAPG7vre2l54cXcJ3YQcDHJ/fVyYzLkicYVwhRPNyQC6oFE8CdCl5FtPwfeHwJ6GRPGd5YcoIwsf4HraaQ1FXr/xC1I2lCAaMl+GAdky0xGin5xAGOiKCaDOcLNYRY2nATymHc+2zbgCfdVTQEwPkuUlpbiHepRGK630irKimlNI92DF+l3fw9XTOS5rQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxY1IZp2sSrqOgBPVF/40zPya8qwGTzytx2DkMGt1Z2QjCJigGEsjEtfpnTEB2mQAARJjPl/xalKgT9lLa+sLbniR7oqdSI1VSvVyjwJInsujgjuPucH8bzpHa0syHLkOVnf3ngAOdfxLb4APckWLQxOq1PWSRnMU=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno"
                    NotOnOrAfter="2020-04-02T19:06:51.216Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:01:51.212Z" NotOnOrAfter="2020-04-02T19:06:51.212Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:01:50.444Z" SessionIndex="_a6424d5530b64895d6ec9b2779c25ac2">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:01:51,222 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:51,222 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:01:51,222 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a3ff42c13be9552e1a95d6b319d6d065"
2020-04-02 19:01:51,222 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a3ff42c13be9552e1a95d6b319d6d065 and Element was [saml2p:Response: null]
2020-04-02 19:01:51,222 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a3ff42c13be9552e1a95d6b319d6d065"
2020-04-02 19:01:51,222 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a3ff42c13be9552e1a95d6b319d6d065 and Element was [saml2p:Response: null]
2020-04-02 19:01:51,224 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:01:51,224 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:01:51,224 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:01:51,224 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4021-JZSuGq7EbxtlXE5yIW6avifuhs2HHaNX', encoded as 'TST-4021-JZSuGq7EbxtlXE5yIW6avifuhs2HHaNX'
2020-04-02 19:01:51,226 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_a3ff42c13be9552e1a95d6b319d6d065"
    InResponseTo="_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno"
    IssueInstant="2020-04-02T19:01:51.212Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a3ff42c13be9552e1a95d6b319d6d065">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>2GKcUGrTsj3YZeGkH88siy8QsYh7/KRozV6S9tXLk5eIC8GrLENqaOVQscgE2/VW3uneSI2RUNlhBrklKBMkUQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>bIUSOaudmXpoNpC1t3JFxI1/KVe7vIWi/fVJWGFi0FF7QjTx+g7u0x4DIIRGoQ1ub8d7Q+Bs+G3yI9zXe+M2j6IIEFEJiGK54gVdPh4xm+yr3/JlQ25Z+qhRjqqN/83JCOXoWzmelvJL5U7Ok9CmUM6CE+VqmSGh6xb10Fioh87hhiOtLOm2cFuvcW2c3tbcsJTYduJN09GsrjBwNl09MgPKkeDI0C8hN9h6U+jI9st8y80lBKMtU9BD4Rg9nTovBRN51qp6WUGIESr4SJwE5oW9YmtErrGf4Sc8LAMRbpJuMRl7yeh9v45TO7C96hPFwomtWvPMwMzddmJH8y6pVA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_1646106dc7af69291922f0cc880d543a"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_aab85b16838db48b8080b6d64ab6684d"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>dDOry1VMxolDw8hytUVD625/hbS/SBn2CYMI8+23lSFDBSMHRbFZLIgiv9/unP4CREhbF/VD87KETIUCJOGpjGasLkPqU5JmSS3cpUItKh/8GmCiOM1437QnDd2CWQxoUv0wywiZXjCPIy72tTSWnLGWp5Woc1PUnClVAqZBmxSwEKQMrPWqEM5HRsAsNDsaX+86CF5mgYYijMgTk5WWHhc03PTIUy0IDrnQt17IydY66jTVUXa//WkNGD4v46Q7eqfWuXldiE8EluLhG7RhpMCMMvBCyGqaZdINderFQY+QkeT3ab/8y8q//ccVlSItYMD4iGpdAcoHCOx6EhTryA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>OGzKBPSxj1vCh9ztcKQfmQ3CA82uMR12zwiU40g4BVMnnesy4/HXufcrsE7QX4wbVO/UASEt+0k5LQKJR5bUWJWEL3FrYMVaRKPLVYcAGyf0tIqGMkGctPfXul7OgnDuLqH6RGUkoQSXAp+ydK6obfTLznx40SZQWQGx8FtCXdmdi2hxT8Oc1KRiy7Ipzminv2Icjb++b+hl7qsrbN8bNakx6YqvJBkS5IXOOwQUtlHHo27rmXUQiYjFT9roTwUAHUsoByFs7+XBgEo9sQsOTZc0dLTO+iv2wBFw3UkS9ujxU2fTYGM5BnB4JTJsMooPJhur/qCJxrzeAzEp/FT3BcgXkk46lpafQlhYOnqLegJJwC9mQWvXKchRzAgW/e/zPoiDOtK8dZhCsTzGgde/Trw5+eXedMMm656WFtWQVbUmb7Y3AsHCcaLamtiJIgHs+P2aVzVXc/Rsj83T5GqNu51scQgMFe+BVqGAOMS/O0BOzpDfnJVm78Y3p54OmVtCiAqKuad0yaQDHMIPrTiB5PNC9e8PO9SI4d9fRJANwomRcPMrmxz9ZJEeDcefUU5jVMKqxyP4LIxIRYCIlwS+k6PGnOq8V825BKepP8yvqJUsB7B6iCR6w0CJxQ4bWMdBbpBJ4xNT3vz4DmQ81lUjgltcxmaASREPmvxZ0oJy1ap5jpCS8gCI4+N756lcKrGp1yIpXzGeHEv/sBDafPlEZM4u1R6lG0aFS8ch4poUcmj/W0xd5diS5Af6rdZbaT/0KyY+fggDgyROlCrlBW+MVbVfNizstCk953wNyp1FzYkaC5Jsa63ZENqBIKNYYc+6tXka3sN3Pju3biVRCa5f9vqIRfSG7ytG0KjRN+jWoGK/P7gl2BOWbJs2+/yrGzQNYQQYSsudayLZ32gfLZl/r4R9xsbUjZuN8n2sTEq+ILBnteD3u7hlGQUaNtuKdDavsRtT+RRX5d4TmynC6To/QAmN03/XrRwGqp5lBhyt71IFQ5vdYr8trCRjG7MOADvhp4OandEJgYFNf2+YudMz5kfn4cZfFBWGcN5IL0svIntds5N/GWrLxr35KhNaaFfS0EQFiYZZgwSlOILnuqZ7cq8d5mfUOy6XKN8UEr2gfbRhgXlbzX2PbPAG7IHGbFnSwUs4MEo30mDuX8aTorpyzlj0LVzGSFsRHyZKyq2SoyAjNVZL5dPOXKK65Cp0g5d5KVZpXfe1CFRKCmC5zwwSyQklLyGFdeJ/jCn/xIZTIw724m61uw9aizDRRFYGm6AXOAwfMUK0KARn0SQPYaBYWliqMm/DCsNifILVYCgB2Fj80BX5QZiiTmzMdH5yRvnaYkYCrpXPwk2QemPeFT2Llr7v/ri45da/7MLq5L6oJSdqra1NdOsbN/g9dFuWmIdp6ByH1b5S7qmKIX9qqegb4IYoZaRMUU9Yg1UmEUceysSMI8ErbfISc1ITc0rmdihbzoAiE0ZUSy7veiRemO2tYa7LEyUT/iqBzlgdxhCffr1K+k/hsWPVuCoV2BN+2ZFFv08MjJx7D0f2D1kWkVI1z1oQuRfGuaJUSP1knWuOTk+gN7Ii0kKuAWVkyEpCuYGh4gHk2+qvnZZyhxPLBO9wHwMawhWU2QUjZTEo1IDSrFZTVCfng09sdaPJ5EB19NYxVay+kHUB/Bd7mhm71lb6F9kLevbYmh8mLjgOoCS9Hn94nm+2RGmkZnERsQzU3kKZlVghgchhEK0yIQS4pQupQ8CipG9Cze0sBqcYVfzw9kOrNsLVSqUWWeZIJYCMCGA21GPtp6+hXnvOJEdscHR4+Y1BTlrSK8wCDaNoCLygIomLdYC1ljge3DKzvoWxNSC/yDOEaqOs6zZaETdq4dsDpGzW05wdbd98xeRvJAapTsZk+xiwuprWS/OfB0FPXYHq4CahQddCphf0KgPGLAQBtySexHaZLjUwm2E2qvOOzW3RtIiXioAkppjBcq/RfMaPbzo99q6RG6HW4HGFPSLmM/Af1S51iTUqDXc3sZDykh9tMEI383v+pmuXKlRxd4/1FQSaJ55HFK3K9luT+KHMsAqHTuKrLi+FaTVJ3qqCqK3YeLYyQ641gdUlpnt6e4c1FScakzh6OSie/bH8QH61rcCn/fSFIihA8vV1RJS9Q2ishQPTgGOQv/GpSLE+fL/UKbC5WFRWq9e9s2w5xViYCx3+A2quJn0kvlLmrnp1VBBKRGHvw4V4oLyHLDg5+2oJj/+sSHxinTX1uqEd2XAs0MBS2fdLY3vWA6qdr/GRhPEoQbFxDGdBnqE7213wEZSp3DDaAzCcHjgp6g2BpgggbYbW2kt3POvxv8Nw5Pv81j79Hth2G5Pnr57Xzen5XuiMjQnfItK9+k+aDYsM9kQ7Db/v3L0GTK4nuOz3Syglu2vT/k7Js2jGqU1C4yb+rC+yMMP3q4cmq5y4pbTnsfh4ypmHeBaS7bTyT6npqe/RKzREhzQpqmSCflYsZHKywVJB+3rWZEYNleijyzfTtAp4Xu/EiP12ILbH0nptAp1ylDmQb5T4QUTFb0EVruM/BcnDPjK04b7GeWgAcPW920zequp40VyRaZ9p4eoWst3bmsqykC+txH1g37d3F1u0Ox9N3ST2KhZKUx22DZIN5bnlxE75LMSO1ige3A+TxP83iXLKBMMWIhKYwgLqcvK8OCe657MmQPjIW0raoz8lVAQVogbJtmsTIdphuc9Mi8n3dr8B8yCAFDkVxoo/C7/4yb5K/V9N6jVMRSbymvKwAVmhsLplrA+bYxYOfqRDxHtgZs05N5WY0u+rHK6OmJZC2/s+QWxpPYs0LMvqHR5EaKT4a9Sm5cFWzcx2BgtE/sHpTA94MAxYUo8oS+5u31Sex7WWb+HmjnVDw0YCPTOny02rx26545jZZAKMoNEsnameDh5S33lMxBjIgQ9iNV3wduN0bSlPRKCBPDo1OKodhLUf9wHlWJUyi9CxovSqmv+oZonCatrckhMkXf2nADZQcKOa4VTM4ZtFaZwTWyBVgCZuxc4SOwRm0tQSGjQnqI2oUhtOyteAqBqVirdDGDrLqQJqFT98vwFRrzSFeldUEQpWFP2aT2QgpLvV5+cACOrU/PIopNp6abeEcZkchs2pXuqXXOiVcqkpfcItlF15vr2B5whO170d4S1RXPb5xHdg6XFHO5YydgGXKNIy6WqEBHnt6S8fLXGMEIgxXyd739ASSC4Ojz66EUQdb8hFVEAZT5ghc4tDfmHegvmiPLqdvcT5gZ/ZwO7I+JK0QR1lgJfFah7hHc/3SJ/XBN0Qn2/6nILTuEvBTsKDw3/7O3QR5E+9s2M96NBkSGDQL3HfHce8sjtNSyslbX5t6+Rnds2MYfGgWfVxGzduC23kWwZXhUmoX468e9A8uz0YB6QMcH/5i3vKggRzjjGkORkez5PQxMrQUpGkjqGCq08AjXrVTnjyGhE2Oqfv0NdAEfd0upm5b7bfgUhuc6eHCt/8/HaDUv6mqzK9L1YvPYLhitgpqlx9O8o79fvOZV0kGkzDm82wtYIn6TAdN+6WhreqagU+DqN+tFykr02v5RQSYq4pb045uZneaZl9v7IsQL9tlsHOw3h54shFWPZW+PRnoFKdiOKGxhd0S5fr/xBF65gqsD1m6B4RatVD4kApjfW9K+MJH4ot6S+a0t1d6afcD6EwdS/U54sO5ryAjiFPnwW/7p47WlpEPlOoo61J59wtERfcdeG+5RinpfTtO0lzlHoB+ajl8o9n930870C3FmroBeou5KEHrw+qlqjpti+4vxZ1xzbgcKj/MWF455hKP4WM3DmLieLj5mPPIkGGKrrt2FYoaQXxXCg5QI6M6/B7Oowxlo2l/JE9XuEwdCjQLoJoxmrYvEy09ufRWHZ7t4Gr2ALC0JTR4EGhx81EwUTiv2Vjt6bzX1LRxb4RwveFrjg6oNi5Xh6MRVkdx3pVWERMV6pRTsEtgO+TBwy129r1U/Wu7vfJwGYXaqIMu9ck28gw8052sk/9VDRso7lUJWMmqbW8EuB1fwlUn/I4q/D8eYI0FN33xqhnB3wEsxLPoC5EhVafTD5ZsHT9Oh0Qi0Oq3WudaMLYpV1P6wvEUlKCq+yDEBUOghebl0Vl9IWHzpZ2yLm//c+vHurqn5ZPmTHUsbp/pjW9PjTCNAeqfHp/75COz20TS4QRrpeXLWSHpoUtGYdNjUZquZCcV9i7a+7DR5ubyIjLVMZNGJph2syBP5RsUIxHxb3C+NQ9tkDP5E2JQvKeD+7iScv3c5fbsM5B/KY9BX1oFdsixtLoktQhjY36FAMwZjNVZwfJZSsW06Fq0z3YqXq4lGKj2joRDlGPbxofOaBVKCV7gvkkxodaDfSXkclmxlb7xBh+8bmQv1yYSCBH6axx3P4nN9S5LynxzDcjuloIvKwrDNPWn46fqfihC5omXcnxokQJiw+aQrYfxYpBED3Am1c07oJDx2TXVWa4M2Mo0iym5ZicfVpRbZda/wZrPM7e35aoSd3jrg6Qe63h7q7Bb6RA1RvssvFnVMkUOlIxBEim/N03/i5v/Gv9Yyg5M0deCUa54ixc0EKzdqjXX8Zy+PooRHpdFyWsIDnYLCPYQj0jSv4PmLNniB74kOeLUz3rXqryBuRJvD7yM5tnkb5z0ngkUoFfI8M9lRDXP7kNMahZG9W5s2r3m7KioZSOgH57orMEYwUhE+TZls64ii7ckJTghSR8lUAJM57wJ0ZpamCRRefvRj8e37AUNlqI/SuqC2dNdZNOvjU+IwQJDToBHoaugw9pQ8tExx8X4c3IvaCx0vGD5j5lypsg/rxW/xFtNkn+Sz8k757QiLQUduENu8h/os+qwshnztoC3ceAwsa5oEoqtzX2B8oGv75xtjCy1GtPHgO5Oy2Xfu0MppxUAcF7sPET/mm3/RCQ6qHaB6yMoTsQllYaT0FlmnqlSRaygWQkKdlmx6CX8el+KLPf6pODbzQmJYtNBidycGq2CGLbLlWpixp4FyPnZoLH6pvlUTEr6FvEbQDnUj02xgwx2hIQ9B+5t/LaYv7MOoGHqzpaPLJ5nSSr+gfe4OCGEdERLxXeMWt7xYGGuZLVGOua/cALNlmKpxD0fMO/sDYVsBfbGNfu1Tptmucg9AlAVtWpi8j3ynoi/oiU79h7LCeTbcQ4a/HGaYsMSjj4tPZ8gqgiJtzA9gCwBzsJOt93NVhj2tHxpDnzm4wIT9TSiUVErvAJFkEwD9UaCYaddp/7BuJzTM8U+WJKUUJ6NOmZFFHbGxKo59tuWdXPXLrW+Armhf+ztNTPcEHpn3oH/o2cWaebKPKuOWmsXDx2+ThOHTAgMhvJhhMzMxFyfIF0warqCUDrkN9piAePbXbkDfb0ezx4+86RdOFFgeRwP2lXKk8fOGSUWZWWjoJuLoB1CC6wYvP+70k+nCfn34ig2VsKi20oYvfGQ9fNYq/gfXqif4onnmNwSIqUKpNzZDMLGPfPBrdM4C2Imu3dC28xGQVA1uOLBUvWQOimFepK7GLPY5UfspW40CY93M9/3ydBhlqsFzJPcRFraW4gKNm/Y3lRz7n5lNUevfeOcx/8Um8RsqpXwnQuGDpsTkw5GOQh3reaOPfgbOWH1kUG3cJ3ie74TvE3g0A4IoTjDaQIuC6BrSsaLhstQuMuXSZhr36qmP5FIvvbyLtLhgRJgQrzpZpCa56rOENg2sjN3fdhH4bHYnUuqYkQXeQELSZJWPktxBbrAHl/szMgWbx8UqP4SZlr/TD+p/YQzafp8qOGLbvOBW8FyXtDjT+NpGdI5gbC0CgtCcbCLXbHOYPaoplge8iByUxIpapcUA3gsubjUyqB8DeQF1Y76AnujXGGxvyk6kw8Hts5MbWCyykoUVuhlc+6mKffU0/8SN2h2WcZ+WpNlP/kVxi4Fb1r6qXrrhziluJGE4vEZz00j3KQs1mR66+OAy7HjkITPMk+7kESg7IdPnHLBZmsWSwTgY4GeTYEyII5uStLVc+0r/z/K+3okxyK7zdQX7mXGkBQNe8M5XgDPmjSVz2/qWaZsiVtiOxdiBcO/z2xEhpeLJqUAGEgxXQRnk55vtRU8eZik+t94jvsvKHW5phHF00bM5QmU2V4xUajaKxF0p3ir0ax3vRP1VXjMq9TfBCQGMZzEQMrPUPgJDcEVn1xqI3Ezwv8q0EYTGdosBmcHU374SUCQ5Mje97ryzAM+M8whXplAXyeE7VUhzf/MMOY0rdDybtTcWZlBBW1lx/hpKKWH9g15couKHKVd4enmeJcaBtCecG8+1WJFZVuGXt4SzjjgleumnlQGRNu6V4MlwjwZz4BKxlNOonxO/li/80BQYohB0IHTM+uqpqepDCWyKcq7O89Di4txwNT+MXcKwJJjbpQHa4mJFTO6c6U5B9Hl2sEefgT7M1doxG/s8eaVZkJzJuBm4cxZWh5I0LHnLZSIbxtUYFRbSbjcm6fh3H/PAGfynK4NXPnr1ADCAvvesTqlP7gWmrcUGFfuB11RQxZ+53bbhKnJFfm4VNacWtgaNJvaYJwXVw0jYUtTkalnOnIMPGqIYb4J8A8TEhmn8rrGQhyqvlBNsFssHz+PC+ZLlvB3GA8TlGAqf2UCBQZ7MPMBvazTjiEYKlG1n01f3XZyQV6MXb7IXBLkZDulepv055dTTT4QggvBsydOiPmiafDSQb+6EZHkpwX7PTq3nauLfXjM+J4xI3VrwfgFOmc0ziGONBqNZcT6fwYD/bd9xn8jakXMYAqjkeTtyZNkHvNWq7a91Kh/Km7dAppx1jN+P/+93kIx9YQeJTXSY4fsqkXGAahZJU8GDiBj7aZMJ+oTBEhViuS0/iKMgDVW8N4Sh2cRhnK9XIeHJpBLGtctqdKcq7YCYxF9Wlv07bkPD/MIwQdcOto14WoftzosLl0wXPqV+Qi9DmwqaJzEsQRcLyZ1zv4r2cdcBccDTyfj3yRtyz/vyRkwdJpqhRMTbjc9OrEl2ttZH7j1dJFbxbyWGhTm4aWYhKgkypq3B3cmydDo/DwQF5+CV6/w3zepzNlFdENEyuOe7CeSl/Mi5qvV4LK5x2mkA5QnOClYlLbBYa2jsfE40wHM2FxMkR108D405XZ9GlFvl+L3mn6mmoSxUkoXBE35cUjHsjw9z1+rJ8hMo+yGhV2RGaFZZ0oNflQclVzRMXJLZWm07mYDCIbYK0R0fLl08Av0KNBpQpfGvT/bGaNY1l5kQ192rUb1crKn3tQV6HNwlQ8yLJ18PFMA7KGnOonitQ/1supvLDJ2+mvzaaUMB9ExWejJGgOrx1kLfHy1Ygr+e4EGtPfvufECE+vXmsjaePMalWaGbhAjQzQM6bPegdH12W73p2UXoTRiOMJ3yDNTzEzFiJRSnbBDXHqr+iTtRlX/wwES/Huuddz2Qz9Dc5tIcgZd8jwBRFMGqO/zjjN4j3K4CSCk23GvaQvOhvZ8kFiCbKkG/W9ztutvwYpYwXTgQEC3+D1kh5cz3km2LbVwTHYSnBrC+NBSH6j6smOtIRt8UsW4/0eh/sYwGQSrX0OfMPL302TwODT9yXwD1ATCSWPyU0uMSVnSN8uMYXoFxD3fdYCt0wNLctrpq+iuDVEX3lun0EgQS4RcSiKeNQPFoiWP3nY3E9HRBHYwS4d/YRngoYsr6lSkeRpMZDDwv09ezmwBBu19Du/19LPhAm0hQHY+JYFEgLia1v8jZ1iNVh922cZDnUfnr17fzphJqk4dyhUQTAFoHSsSuueZcIvcx64/CPwEXQ3cH1Mv7ImmrPaZ5t0kUTiPTk5MXd9jm0onjUo8os7gQZ+ZE/hWqhYoyRVXabOwnWCTIp9vf/u0EGJbj+QSUi2ORDK5fECbzfUx4YUxRa2uINXvZ5Bw8OyeyLHfATOFSH9teEUAosz2MM2xDeogMK055wkDLUFfXuTcHjZ5A1ACj5fZXQVdTSCjai1rEdizM5YsOMnMcSe1lBPd+nE6cbICOfEEfS/0iQZPRRgeyYx0gHq2svfLPES1Fro0zdD15UehfHHBj+IgXNt4gynCnP4EgQwxs+2X52tBidd7Tkb3vKT8QD+a44rsQ+utBLJc2bbWyOIb5krOhOHJ4YF6gFMI63cLgSEDE6/</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:01:51,226 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:01:51,226 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190151Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_31ueecunnpkbdgd7jz7dpylcym97la6gqlusfno|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a3ff42c13be9552e1a95d6b319d6d065|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxY1IZp2sSrqOgBPVF/40zPya8qwGTzytx2DkMGt1Z2QjCJigGEsjEtfpnTEB2mQAARJjPl/xalKgT9lLa+sLbniR7oqdSI1VSvVyjwJInsujgjuPucH8bzpHa0syHLkOVnf3ngAOdfxLb4APckWLQxOq1PWSRnMU=|_63b86a20a85a7d0b5b866de4a789aa49|
2020-04-02 19:02:45,819 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1585854165_aec7
2020-04-02 19:02:45,819 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-04-02 19:02:45,821 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-04-02 19:02:45,821 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_380142851833cd0c10848c838733ead4"
    IssueInstant="2020-04-02T19:02:45Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-04-02 19:02:45,831 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services.sheerid.com/Shibboleth/UK' from origin source
2020-04-02 19:02:45,831 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:02:45,831 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:02:45,831 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:02:45,831 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:02:45,831 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:02:45,831 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:02:45,831 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-04-02 19:02:45,831 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services.sheerid.com/Shibboleth/UK
2020-04-02 19:02:45,832 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_380142851833cd0c10848c838733ead4', issue instant '2020-04-02T19:02:45.000Z', entityID 'https://services.sheerid.com/Shibboleth/UK'
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:02:45,833 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:02:45,834 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:02:45,834 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:02:45,834 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:45,834 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:02:45,834 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:02:45,834 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:02:45,834 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:02:45,834 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:02:45,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:02:45,834 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:02:45,834 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:02:45,834 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-04-02 19:02:45,834 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:02:45,835 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-04-02 19:02:45,835 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:02:45,835 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:02:45,835 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:02:45,835 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:02:45,835 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services.sheerid.com/Shibboleth/UK
2020-04-02 19:02:45,835 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:02:45,835 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-04-02 19:02:45,835 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-04-02 19:02:45,835 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:02:45,843 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:02:45,844 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:02:45.844Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:02:45,844 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:02:45,845 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:02:45,932 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-04-02 19:02:45,932 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:02:45,932 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-04-02 19:02:53,319 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4023-GlsH8XknKeQmQ-XCAfXDgdkR2IbG6TYT
2020-04-02 19:02:53,319 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:02:53,320 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:02:53,320 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd"
    IsPassive="false" IssueInstant="2020-04-02T19:02:52.267Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>DEyqW5x1EzqzramcLyunfC/0NN8nXCWwVAWid/RnTaA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
HiX/KBtPEgUb3vjmZo3R255dhGHwXHsL3HubWR0dSp01jwJFFQFBsZvYPGsLxtPzmOcWGuuiD48S
3RuB3FGRe9/moJclnUZH6keLYDUymz31KCa/+NDgPbV7jA6X0w3exkWiQYfilLmOHTDkVhEukKqY
sxrKalAUDfc1GcLrVU1xnaw64Fil0pSxOUlpt2flUZJmZ06ZVE+iY1PKM8qLNqOau0JMdXO7RHcI
mgduZL/xqvLzoekINJueTUmIl5cFi0MA42Qx9Bq9buW5hhnL+nB324lL/fJxrwTWigmtw+c6Gm+F
3KgoD2q1qruhAJUN4JsNYX4OJQ9/SEwlQ1tPHg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:02:53,325 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-04-02 19:02:53,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:02:53,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:02:53,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:02:53,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:02:53,325 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:02:53,325 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:02:53,325 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:02:53,325 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:02:53,326 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:53,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:02:53,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:02:53,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:02:53,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:02:53,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd', issue instant '2020-04-02T19:02:52.267Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd"
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd"
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd"
2020-04-02 19:02:53,327 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:02:53,327 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:02:53,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:02:53,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:02:53,328 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:02:53,328 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:02:53,328 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:02:53,329 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:02:53,329 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:02:53,329 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:02:53,329 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:02:53,329 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:02:53,329 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:02:53,329 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:02:53,329 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:02:53,329 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:02:53,329 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:02:53,329 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:02:53,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:02:53,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:02:53.332Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:02:53,333 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:02:53,508 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:02:53,508 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:02:53,508 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:02:55,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-04-02 19:02:55,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:02:55,645 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:02:55,646 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8088/authorization-server/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="a3aa588i77j42dj7ced42cggd3e33b"
    IsPassive="false" IssueInstant="2020-04-02T19:02:55.124Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">OAuth2Server-local-embedded</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#a3aa588i77j42dj7ced42cggd3e33b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>EkGjlubG776jk0RGo8GTa3zoHHg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>H9AOPvqq37DJNl+MGyl3vd5ghpeSUdJbRynDSN3YUH/JvcwMpbAAKuBnKUIXRczuntGKWfcpDZAOPCyuiKogMzqi63q0rEMWQGfxtxtjZfqO+DEApPVik8+gFXjXdWQDfGz1XyiEkASaCGTt6Beko3mr7TNmU/WpUA4Nd5hfmgZHE2vFR1cGffvIkqHd4VWP5p6BxlJ9XVn5Jy+EkMCrEINrxoy3VlfWXOdn1Cte6cCHx99pMy1S3XlfhzEFZop4qS9VbYmiOAEvUubXvFPieM36B/uDQpTHDgjNHIQZHiSJ8dCVZC40luuZHLBSNPklZsiKq3VySZt98a4zNxeaxw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDdzCCAl+gAwIBAgIECJji8TANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAw
DgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYD
VQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTIwMDMwMjE4NDc1MVoXDTIxMDMwMjE4
NDc1MVowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5r
bm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93
bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN78nIWRctWZD3ZdW9wd++PdlFyZTWa
MrNYfQd0ZH1I4z8y465j/Ykg7Svrg14wi+Lc3jDvCzliZPYRX3p+flRRt4leiUF7hwbxddYXFisT
hCRSiNzbyMtgU8LCDCxbR+qkO9Sqx40J59nlI3Wxjvg2G3Q6gjuBCHf4GWHdxGEVLxsJZ5TS1405
TkIXqjsYZ5oUhfHNaq4AMq+fKc6PoyDTeCmjotfG7GX0DBmDLgbNHiTWTbnNL+dWUF6aoAlYuaQs
h7J5hOPhk0aJ2xAEeXp898dhgF7PkmJgtVPD2UHttbToDQ5Sk4WnKeOvlJMY9ThFfN287Z3/PM9N
HhMMRocCAwEAAaMhMB8wHQYDVR0OBBYEFGVq+nnSRnGeakhc4BvMe4BNgECKMA0GCSqGSIb3DQEB
CwUAA4IBAQB+47zjjfjHhMB8PQMV1PztyavD8Zv31s6HSrpkR6rjeJaRoJe0eEDnax3GPL4YPOmF
/JBTTX2zueiRV847fT5iqttNAHVEovVGHN5JwjiBt5rJJ+fBIQPQAoXQzmWwpoic+gWspPlHV3Pp
pZehxmUU/dP0NZYJIjkKtIhoUAAew14axNdGXjZOYAhNrFW+zsw/M9PaDJWl9y/OLI/LCuRmCTMX
0u72CALSM5YWk8bB05KREg6nk2wOo23jUe+Bn7X6EUMsCn6f0KbQOeUcA0z66LQ60iJs2tCCHycE
BzUny8shUwxPcYn/xFVGaxB1Z02WQaCUE3z3wisatPta9jfY</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:02:55,646 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'OAuth2Server-local-embedded' from origin source
2020-04-02 19:02:55,647 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:02:55,647 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:02:55,647 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:02:55,647 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:02:55,647 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:02:55,647 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:02:55,647 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:02:55,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer OAuth2Server-local-embedded
2020-04-02 19:02:55,647 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a3aa588i77j42dj7ced42cggd3e33b', issue instant '2020-04-02T19:02:55.124Z', entityID 'OAuth2Server-local-embedded'
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: OAuth2Server-local-embedded, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'OAuth2Server-local-embedded' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 18618151400002236436260888908291816000934014027685398302075298221575202197786481215559863201852372201881994391916629878281933313226471894433191663074240923890122601548407518061102326135109854610776834328614744030379311436519460646844046355889959262438773640399525805586056377852650317477347079883987418295908435210203699843270962248491822430675844519884567348865285203183736996492698314800949743646525858834967421164635144640242291153596282604423154576680231467658371110299258621009434770837451087018927933903587379298888997445436459619677605784755872772382914360340268355915268812119684977894603519724419007027889799
  public exponent: 65537
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a3aa588i77j42dj7ced42cggd3e33b"
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a3aa588i77j42dj7ced42cggd3e33b and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a3aa588i77j42dj7ced42cggd3e33b"
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a3aa588i77j42dj7ced42cggd3e33b and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a3aa588i77j42dj7ced42cggd3e33b"
2020-04-02 19:02:55,648 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:02:55,648 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID OAuth2Server-local-embedded
2020-04-02 19:02:55,649 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:02:55,649 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:02:55,649 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:02:55,649 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:02:55,649 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8088/authorization-server/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:02:55,649 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:02:55,650 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:02:55,650 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:02:55,650 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:02:55,650 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:02:55,650 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:02:55,650 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:02:55,650 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: OAuth2Server-local-embedded
2020-04-02 19:02:55,650 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:02:55,650 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:02:55,650 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:02:55,650 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:02:55,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:02:55.652Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:02:55,652 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:02:55,653 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:02:55,676 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:02:55,676 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:02:55,676 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@266234028::identifier=rick, context=org.apache.velocity.VelocityContext@43dbd538]
2020-04-02 19:02:55,685 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@266234028::identifier=rick, context=org.apache.velocity.VelocityContext@43dbd538]
2020-04-02 19:02:55,685 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:02:55,685 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:02:55,685 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:02:55,686 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:02:55,686 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:02:55,686 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:02:55,686 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:02:55,686 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 41a48b04d98ecd4e26c1a04f8f0a3b0aa4f21835361a0836daece13a360779f1 for principal rick
2020-04-02 19:02:55,686 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 41a48b04d98ecd4e26c1a04f8f0a3b0aa4f21835361a0836daece13a360779f1
2020-04-02 19:02:55,687 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:02:55,687 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:02:55,688 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4dad2803'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:02:55,689 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:02:55,751 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'OAuth2Server-local-embedded'
2020-04-02 19:02:55,751 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:02:55,751 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:02:55,860 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:02:55,860 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:02:55,860 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:02:55,860 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:02:55,860 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:02:55,860 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:02:56,363 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:02:56,363 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:02:56,363 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190256Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390176364}'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4dad2803'
2020-04-02 19:02:56,364 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:02:56,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:02:56,365 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:02:56,366 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d7aa29b37181d22699e79d97a5635972
2020-04-02 19:02:56,366 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d7aa29b37181d22699e79d97a5635972 to Response _e64556dbe5614858bfa2c5385d931111
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d7aa29b37181d22699e79d97a5635972
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:02:56,366 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:02:56,367 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:02:56,367 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:02:56,367 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:02:56,367 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:02:56,367 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:02:56,367 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:02:56,367 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:02:56,367 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxTz6Mp67YEn3Rv6wRWsd2e32P27OzH/YjTL82Du/C8/G64oFFBNXqaqPiSVp5oqcnX8HRIEhvvBc6B0BuKTBtw6yhhVU8srdWIobwc7SdPR4r+8pLZkSSbAr+KIrOqj03j6FJyf8q/gbC58sKPupNuRau2v3to2s= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d7aa29b37181d22699e79d97a5635972
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d7aa29b37181d22699e79d97a5635972 did not already contain Conditions, one was added
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:07:56.364Z, to Assertion _d7aa29b37181d22699e79d97a5635972
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d7aa29b37181d22699e79d97a5635972 already contained Conditions, nothing was done
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d7aa29b37181d22699e79d97a5635972 already contained Conditions, nothing was done
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:02:56,368 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d7aa29b37181d22699e79d97a5635972
2020-04-02 19:02:56,369 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 41a48b04d98ecd4e26c1a04f8f0a3b0aa4f21835361a0836daece13a360779f1
2020-04-02 19:02:56,369 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 41a48b04d98ecd4e26c1a04f8f0a3b0aa4f21835361a0836daece13a360779f1
2020-04-02 19:02:56,369 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:02:56,369 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxTz6Mp67YEn3Rv6wRWsd2e32P27OzH/YjTL82Du/C8/G64oFFBNXqaqPiSVp5oqcnX8HRIEhvvBc6B0BuKTBtw6yhhVU8srdWIobwc7SdPR4r+8pLZkSSbAr+KIrOqj03j6FJyf8q/gbC58sKPupNuRau2v3to2s=
2020-04-02 19:02:56,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:02:56,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:02:56,370 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d7aa29b37181d22699e79d97a5635972"
2020-04-02 19:02:56,370 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d7aa29b37181d22699e79d97a5635972 and Element was [saml2:Assertion: null]
2020-04-02 19:02:56,370 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d7aa29b37181d22699e79d97a5635972"
2020-04-02 19:02:56,370 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d7aa29b37181d22699e79d97a5635972 and Element was [saml2:Assertion: null]
2020-04-02 19:02:56,372 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e64556dbe5614858bfa2c5385d931111"
    InResponseTo="_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd"
    IssueInstant="2020-04-02T19:02:56.364Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d7aa29b37181d22699e79d97a5635972"
        IssueInstant="2020-04-02T19:02:56.364Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d7aa29b37181d22699e79d97a5635972">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>J2ObxAlUYt2RE6RVK2un28hnV7AuY0hhytvx5mPVadTvXbu0BUyOlbOHtZPLMq2rMF/4PPkarwDdyK4YhYIrQw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>IjzRf9NlRjwpJLCam3UxI7WTa2nnRJCy7fDxP9Y8oR5XoHpUxeu6pmEEf7vLFGLOiL3TgkuoBhY25fUVU0H6P2eIavaVS7qtNv6mbq8aXDyCIDTOa8nPfexKRrcvUDroQHSXYrJgC4n7qlOUiDlusyrqvIMIxXurz4PnBjKj6+gTfruCQCiop4T6CLZQrL6ddWffbeLoP+DPJxQwwjxeRcUFNx8s15h52M1UicnVQpSIeqvxPBzWAUPLratK0NWK/e1ajYvixBApu1tAe6jJLMyPvKjRg+765PnxAY4EQrTz6Xe4OFrwQtU2/8wo2JNOV+By36vp+YHjMi5aioMT6Q==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxTz6Mp67YEn3Rv6wRWsd2e32P27OzH/YjTL82Du/C8/G64oFFBNXqaqPiSVp5oqcnX8HRIEhvvBc6B0BuKTBtw6yhhVU8srdWIobwc7SdPR4r+8pLZkSSbAr+KIrOqj03j6FJyf8q/gbC58sKPupNuRau2v3to2s=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd"
                    NotOnOrAfter="2020-04-02T19:07:56.368Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:02:56.364Z" NotOnOrAfter="2020-04-02T19:07:56.364Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:02:55.685Z" SessionIndex="_b263158abbb52a69013e206fee08d47b">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:02:56,374 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:02:56,375 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:02:56,375 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e64556dbe5614858bfa2c5385d931111"
2020-04-02 19:02:56,375 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e64556dbe5614858bfa2c5385d931111 and Element was [saml2p:Response: null]
2020-04-02 19:02:56,375 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e64556dbe5614858bfa2c5385d931111"
2020-04-02 19:02:56,375 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e64556dbe5614858bfa2c5385d931111 and Element was [saml2p:Response: null]
2020-04-02 19:02:56,377 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:02:56,377 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:02:56,377 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:02:56,377 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4023-GlsH8XknKeQmQ-XCAfXDgdkR2IbG6TYT', encoded as 'TST-4023-GlsH8XknKeQmQ-XCAfXDgdkR2IbG6TYT'
2020-04-02 19:02:56,379 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_e64556dbe5614858bfa2c5385d931111"
    InResponseTo="_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd"
    IssueInstant="2020-04-02T19:02:56.364Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_e64556dbe5614858bfa2c5385d931111">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>4702CeEnF2dwUigzMxYd9te0dMdbsvlVBjlkNmGaPCAM+SGgc9YiDxIWp+G3nKzw4CzDDUo/OKDZhdooHMXu/A==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>sHYIAvXboaGN5yZtTR09BBkJabTve2Pj7YjcDh5p399Pt2q2TvQgupI291XTPlUZBYhdxoi6tnmMlPe2U1Wlj9NRA269FHj7Lm4ym2pOrikFjIRf4KkkwsSRfyrDAVVJi0qDRYOeLDhyGAX86PYAv6qc1Kmup6TOfX4d2h9SU7agFwsRaNYa8ze9V8365POgwPK4RUNbOBk5ZRQc7Ft1/lTl98Ke7Lj9NEMFiVija/YjaCgOplm0n/IYNYxx2Wbe8PTkrENq6GkaHyapbKZKAobEzqmG5Y13PuWcPW+RdmsIKpmS5ROozRg1Gp14ggizZS2EDSEGwtwOxxe4GaYX7Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_fe94c3734b6a4c0133d4a89c465c49e5"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ae883d1e62701262d201ec6596ca53df"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>aXW/snG6YrtTEQCdY02oT0i56NP/gPpP90HTS6bL+oFyRmll53pkVP2hzJTH7Bvfl+39GpS9M6pSX7jhZ4OHA/5fHGa+ptrAIHUnTK2ClAqyCjJGEzvpIZA/BNrIuG8r2E3Xi0oBXeM7LhhDOSJ9OwE+m7KS0Fbjd5Kpz+mhX5Vc8ImA3mCdvOrImczbhEOiGdsJjHyoYtcOYLQ1/z0f4xjHqN6CWQRI1qMt3WVPTiCmy5+DMTOypPEvXUR3GyhWah7sWPBTRfi5o67BkpQHFN9yxTT/cHLDSwB/1CBu4LyRUZ6zEBMRUr6PusHNbcp3EfaaiPL/wdcMpRUzyoVQcA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>vfksuhRDXQUEtIp2wbz4c2k1/Tg+73bpMXMcrlhDdRYxI5HaVHjle+zumwf6WTM+KdHpWxwU38IQcIjs7v9kOzNvtltdoezuAY9uyi7tEmI0sULXUeOuDaaH+Ax0YZHvRg5tqixTFR6lKFPKY/Hu0T3nflXYCvutF/Az5yJ6CqY0wCUyUPfyGSja9TJIHOtP4UecG67PRihb9l4xdSe4N36slcTwt9n+4pPWtNzXmn8LGTM/RMu326lOzGpnMyBfdpxdwgKf5LIPmNwq9abdH+Cjj8WdFuq0Dmz08SzTcb4ZLLjgRhcnj70nLRXHcxFyw5QhOvpbJCxuIkMMmT/DlUKa9p8eCuN7ImdYMsY8Dev7JVt9D2TNUvxS0eWgGLo/HNXOh5bpT85CvXV3CxJnWR5ULOTkjQiiJPt/sLTxI403vB04uL1PWbkq6NV0HpiN8O60IswW/Un8ehyjgIbMqqcWk3VPI7xzOB9dl6Gh6cu0az4PVHTrZw065ulAdiSrIJW4snydKZuxOHOfTZTr/w0GW6jKwIUZljMElTUj/gOp4qH1sXJCXklqohvITD2dnz46IhXNb08Wsibpmt6SG4lY7eOv41T+sFlLZ40Dz+TZffeawDvNBRO1cuWxupxmgs1+pzedIIN7gY+G8uq1k7zjnSuolRl9E27IibkfTDXA6rSD2uFEN1F1oEgtmYqe3yIHqgku2zxLDeENZwr5PBaDiTRkM/Mre9FIGOx1qDyjQpfHGYW1k3Ikezgkr7M8rxjZzd/B+cXw5gjCEEIRUimmb5R5mD06cAPLPizaO7RoOe2f42PWjgo9SUys3Jb5TzGDTnrjRCXvwNIjEjCSMRI4qJUBlGRLdJyJQLWSJUdlgsApUbyw7tbxOUTM9HHv0MNWzfjWouFzE/ylUXgaZHxUqb1OHPTEao20Rq8Dvg5vkd4uQxUYIQ2qC1oGVCe1vqQWwMN2agf0ZJYfORROyvpGFvKhHGmn8odJVutYD5FNYAAvzsoQ4q78SGedKs9lzH3fWZk48+MPAU6lxnNvomHnCe0/dK8igUDAtqsog0Hm+8VhbHrrA1tERpWNrcomrk5lNKZWCCL1kTK4GFV+4zMS/3BaOkxPbLYoOzRAV/d2hR3xedFzw7kon9QtqEwyNuk+/kqQ29Qv5lLRVy5vqC4vzqZbSVIIesoEh3fk2Gqy9iD3wj917AttQqGVKtlC0o2iRUW+PskapLzp5rqwsvvRCjk+ucIxBw+FkSd01cglMLoA2nLpGAOUEG2j6jPoRPJS5CBNUC3Z+yvX3bNpkv1mkySVuD0+CMgl9bd9OqWglPhq0DWTT+0613jOmh9rwfgFbr876HpLc9YA+vfMXRyvFbzd1SaTPvl2D/YBz3qY93mxwv38SEdzZ1D3LSbzR6WIEQcr8QD4UIxRkvHX/AhdKD8dUWysjZ6FKaJXLS0xWg4EfHdvvZ/qeTeaHIjkKgB/lyiJOCJ/iCDVvXK/uWsDytn6cd9gEAMr8qlcTK1okFXy8FzpOjtXuohc39+WcCLE9/+4mpYdRlq0z5u6ec9BE4v9xUsJPZE85EFYEog2yfjM/ugGVKG+lV8xsrKgubSsCD64T5svOiSGqanFtNdFjiOWDoZVnWLbXkBV4G4jSzWdFNaBYMGx1fSSs6HOtQIc84VYZwD3j5DgIYh3mer5wG5XiSKr20duLzXBVYEiHI1HPkXCTA7CeA3sYlxojakL+jHpKnAsjuliP+bNgAE0Ke+Bs8LxJaZA7GAliP0S5VpA1q2lktgH5qqFZ7bJUtJqXdhxcE7FGfRCtdo6r6SllJhh2kwkJTUQNSfSORfiX0lE1FjyVzdAD6GciPuXnf6BE1qqAVcCv3Y7QHqAgcF07ZQTaWRUu3rLh2nMIJpATOh76vKAZM98bD3OYdzs2VfQKCDduvHBXxS6TBovTuXvVMWYFpCvoFlIFxuqv7Upf2SCa7OMScyulhsP2F6x/4qHdgoRUZIh1s1pnpKDE7gUr7khKJVBflo7oA5xXnNiCLwJ1oPh3w0p8PjGpYzYAIo3vzQpO4V4nKXbKVCduMocqUUq4ZCqqwO0vFlrNrHlJc4y2k5Mjl8qxQvguq+MUSHsFv/VwmSppTH95wjN8NlJV0duwLa6PQIbAcH2ZwlLxxegOrHiiq0yVUEqIfvcy4HEftN4x26HaD94Wl+MYMqMwxRsRVqLJsRzo97qWV6EfGOmfyKKf4WYgRpU2FubdGfwa31OemGy0eoXfMl8REBcgr79MH0otHiIcHowe4Aq8pPnlG2TofA3JGTOpDaC+BLsTPKUCYm9DHVZjkjolNYjNf2WJOtOB5B3liJSkxW9oCsATU8G1+8QLuVjdB1mxBQrA1kKkmW6BhoVcfEvrIfF7LH1keaP1JY14dps9ySqvDxEPS1TAVBc50eCq5FL0QQ+qFfZcN8MQu/9LH7Jt+Ozsirv8Q+l/8a2OaESj9CgSPrUAeIbsgjY19TkGnkw+EvmlmO3Jd1r8O10xMzr71jD1ELdRDfD/uboMDZwaWfaKAnOSi/VSHT7kygZUIDJ+JYOXNy5Joss6vWdWVt6qDmmMKQCfespv+pruvZPtZ97/3moMwLmIipbx2BiTyU3UObUjV2d6Wtzz5SP/nULPAQOKq3cVCi5uOXxhDcFKdpP4FxQZ6A9DsMq+H4W4Ynl/cq+Ht8v+y6QA2lZbB6xqnq7cZD8RnA5KIUj8JC4g3FXR5QhXYZ5rkeFZhfCKZqOfS6lFxyDE5RSACIq11O+0qIBzM5ol0qlDAkm7W97H7tjWQJ88V7IEohkYhsro3d3q31Mc2odz5kc8lp/BXW5hd8q3yqAv/27CzKro5Z1ySw1kwU2H+ntuTQvEwynRUwVDNGKasg68xxUkuLyCaGUSXZxno58qkApC+MwKhOhN0v/wGU85QoDzBH7G8pMu2Ps3X92ihwyu4bO51Q6mLLpRpuOeK3pjlFFiYG9zE4J7Y9tds2VW5tmdNLD42b0DNSgf1EMPAA7FSvkqEVoM6Pfik+zWmXAPNLdamOP2LmtGBU/o7NroGYwoNMcUChvdy2ZU2x+NxWg+XUyvNh3wd3RnSBVeE/j4vUAzgnOI8rU4vv3Nl76x1VM0yn+OtHaJq2z3QSmzx2QTCYL78N0nb7Bewnrl/TzgBCYQxwz2JPZDwXJsRaQcDmbEqzcCOELM9cRPqoloXY6YjoFjNOOeErkuuKiQEyW9d80ZB/44MpZjCjjW+UCtX9k6gdCiXjZ5n/O8RzybmsSTyFbdFnv5oDLHzt5MKUs+3AmBdx8qu4RJ5nzzvoNaWDB+4cwOKxFYh1VDsl6pImxOOht/2q/NvJIzoAWMOzzKtVvfWLyuM/ujdmy/dQV8M7FJqtx5jR8EeOqF/psRVI5pZhSpbI3YocZ1M3PjPWFwT/AOl/8lFNrAub0B/gbJMsSjfh4ISaRnz+NCmPK6ZVw+GpyPO0RN3QGWQcmqtrQ4XQOE1p7jWsE7axHoYpzi7RUnFoqkXHwc4lEKl+r0HH8HhVVcQYD4z3JGzfXMgOaLoyZWYYIHMsEwRdH4Y5TKN/w1TH+cC1WUfPNow4U68Yw1DxSaHkCU3hH33cq1dAQtUFnPU4fH9zFsrIO4SeLMUIVpG3l5dU4gDSqM36V2MIm4IlwUjB1mhsHEWCZE98g5oYE39zTVtPE10IhG3tiuovFOVudiEEnDpv+ofcaS/mqvK/EcJm9tTDqNCW/tROW1m2WvTndLEOW09wKbPEfDuI95ybz7xToaScTA9m/bIRyxDIqr2jBYUIpALeYQYPGdE62R5L3zs7RJAbanAxLrA4DpOtsmOma+i1uNDb/vadVeWk5T8n/PhKTiR9mpvWXf4WRGOng0UFP1Cx8eglQOfHtGZsGF7AcP7ICNGoPmJVCzEnnUvBFuyC9FiuSdDfGg9cwr59LeGPMFn9U1eQHdyZJ1KyyJeBZ2KuPKDxGXoSiQ0dVekEa8YQfZgeK2v7+7WF2GBfrm/SVynRA/PwXIyqPiyQhLhRusDDe24yAXxioIOpvM+o+snj705lgMILV3X4742r7oVGzR1kq64GrV5nQD9axZPm4IIqWro8QhIK/oxQULVrL5IkGwOw8N2Ka0iyF5gycBSAy49fB1wz4ByLA3ROfVe/fo5cSZXETZqS03fmOYtc8t6W6LWxviJjAVd61nGqi1MMKMLvYDEUWflFuDJ59aOAHqjUhM/Hh2UA60bsTg5zMHc1H6UKw7E9f5VCtIsFjKR/yBu/zwurnNAPurM8GT/m6118aBzH68SvIgYdJ3C3UOn0tg/Ks6HO2mxRxZ7+1CvH4oVhDO3iD/1cUbBUN9yxogZMQVyM/HEYDi32g+bDjoCa7ms1Ye/NImVnx2QdHExWccdvKVnKb29ZpNi/NUEEuk1ilES77NPDKGGrnzz9evexAR/nwjvF/sXkx4YB6zCXRyOt3K7a4ChItKYzoe9xqm+FxDzs7ppxaer0smGuVTBRJrq41HP4hwVsmld4xOsY7p6h7RXfloGUryWshacNm603CyEaCRIdRJBi5S/YSzV8n2qTzfIEl5Ox8S7CGl5W8d6rtAiALEnSxsIJc+VrXX2BXWzNqYO1FdXiBJ++7fQmU9o1zs2KPwRcZNLNJw3Y2aR3op84RCtqOzQrDYoYzVbLzieTZT3djMZsKayBDAIdgBqspw/weD4mQ8wKShdWNug4IGBX6OdyjNbfMU3dl7eASxDT6AWPIx8X56D13/Ehvtxc9LEMNqqwUkaRuslXafZGnJAHqcHUG/RkR/lJEsWWyk+eLRt/45tGEkMeyUGTD4jDI6eIAFiiY0MWmyiyNWhL7wad70a7CF5LhNyHuHswRuJO1zkRFKCW5VgbE9uO3EU+2z77jdBuFOoUt/CKVFX9T5UWuVstgvgcltTQS3mOvxXUU6O5bdJ3twzcGZlLwlgXmnWFvXQ1Tv8HyzB+gMbnrIpHLUOYbRbGLR/8sEs/VkPQUzDP+qPx5bHZrj8Uwinicw3LKfFzROfs2NflY9II+lDGaUyXTmePi+aCP5wLUkehcu6qE7GnHawtOPE49RtwkIBQKgIQ3WY6ai8wJmrdhSkAWkyw46hCR5Ipi/MSpnV1kzfIs8uzI33M7RXQ1Q9ofMj29Z0g9NDbZSyQExS6XsYyiGIBtYK9O8mgLPLCnBeA5Uqa6x5fG0Aa7NPMrFXuuWfn0t5Jf/slz4vm8p0uUph70OG5TX0rn1+/hCDKxPvrBMrqMdMa7Lbh0zVwB9IVXaxjxqY9Ka36PPSqSi7x0QidsAHO13kGHwP4gC4kQ4T4TtWSGxGsQvBNB8Cd64H6zHW6HR5cap855Bc+dplaFNWESYd+qudY5mXx1/OnlVqrqriEKvwlDct1sjgrVcLtzt9VwN/NIuCurIMk2kD/4EiEBNpnCFejt3nm10bZa2DjO3JlhB4MnVAepDzGkNzrB+vbwA4yvJP2SoTUq3P/G5wM8J2ZltD8+gel6Mw+yXYyszxIYrvTBdohEZcnK10Sg7Nk7h0duPYE85Rs/rmLkhY+24XQHVLSjztgC84iz0X/Tu/i0MAqOoWGmjXSRJF1O/GfFzxpjGBElDZMeTSOapZUE7RlQILkwQLLdBAdUmh6kOn1xXmgp3AcYGyNgUAxQwxiqro9yDSvQ6dzybbzpjzISgqsOgXv3QnXUGJQGJHuosI7oKJQvTzJMvlgNvq6qMTZiHZ/yWAq4HjL3rDm5W3d53UTnwObezA9EHM0TpQIWb5uF/fO4W+uFRHeIj4ibB0XOJhl3rVQkkQhtQCk+IyT9bD4M3zNA2bSxk2wKmAUiyR+DQgljOIItJiOHrqgsY2L9xvNxWfqslwWC0D+G5+IAnj47jW05XA8Ly6Sy3JVMYCUlR1eGYPRAwvR6c+iqHQ0BN96nRAt2Z+NhTo/zsuhsUmLGLruRkG/z6mUcL2NS76qKsbkvNX04BymqnvqwrKHhUDkU/12vpUCaKvX7Ck8dtZW6w/VxCWNBCGWhA9Gxemdam23eunPb4wVMh+ODQnjTrq7hNpeqV7+s0CXagBJ1qOiOZjND8BAgZzU+V3JfCuH3FngudVT6KmU8LvzkERUeGiEWDXkr2S8Fbd3rb8R9NtL/nbTJlbZoQ0YF7FIBrm9qidJzgTNYeIoCOUSZtaWJfEQ9SGhqzG3lEz0A2RbbK8xjbQRfNPK1iKSCFAGS+22efEUtLNaUpsLgdUHbStlyrvyjXMVB3KYqmWVvJ44lWrEw0b2jPRWDBkG0EkM9fVAg63uhcmr+UUySWpqjRAjWkaOk9lMCn3nrJDElnFJFBVXZ65AGgdKAwLMvdZk6FRR6RYz7oDJ9eIrKhoOxLo8UTleNFNHKx39HVtK8t16TqKLZkSX4PdVogoVQ6U/9fEjGp3fpL9KInj/1WPq/7XA/TB/GYq92QT/tcppq2JwEUr2Gqa7+1WVaeTgQpMaKBjV29aYszFi6yrRp5Iivl8tmPMChwhf/B5kTm1ej2LsO2GubMoSE0XG29RcE/KcEeou9rKGxxVBw8j7bYPMm+OXLTsPXvtiUqjzvKrZbI6WLoAW4QPcRAQg759jU3sWqaUzv7amaK+2EiUCj0fMvcSFA8D/RVhSUIq1ada+yKzTQYoVl+yxhUgNL6fmzKpn7eL6+F9NXkypLC4wxe74/qZdcCUAElp34NPKdZcKzGnxmunUU61h7d7VlKwdiJ52JQw/vnWmOLzgPsCI4+3fW53mnmBiDaSU4GgGem/yxiSVNZcAIr7uJrgYcm0Plwb5MfkKeANYop9A7pc7r6S+BYaag1ySrmZPwfcSRHhKICtSdgtgo375NQgGl85yXZi31Epdezb/kft95K+ayPPm548Pj0krYy2pwWuSj7s0ajPhyVIZLAA6PgxNkrqeSTDf6vTW6UaC7WimlkADeFSW/eXtFNIW9RBLpLaP0XGvAY8+J3yUwFOGs/GhEftVK9RpcL83ymkQ6ILLhdS/q0eWQ8Xnsx9SG8uPqEyHU+Yy21YXpm2E76U/XlAd1BcmVf1Y/qyuM6EL3qxrascp22xlOcM38v5NRw3hhyJNFBlDbmaEi1jlg0Dk95nRAqmN2roEvQnn9/jgfx/1s461Hwsx29YOhplKZpysBiNLfQusdrGCWpxXPSAlqc+YNSDWxeeVFkArayNpqNHkRxHFcUuu2lLQuR6zm3JocmnuG83g/pJiW9k+yYad1SQxDew21Z50n5LMg4l8WpWkhs4Jv5F4GQNerio0gReb8ci+BLOJ4vF64QNtUugC/zFTEQGEuyVSB5ydZz92y8W0LiG0Fv1OQClh+iC3IXFJk0JOFis2XhmbGRWTQrI+5Kjv0uq/xu8HS44sXOM90dRqrCwzqvf2GWGN8Fzl5C7lk1hV3cfuQnZ4H8HrgbhopIkIsvmzeupLHvuAsQy7jC4viFn4LyP8zrSxvPTDC+eGT4BeDfF3fwMsQZING34OfdpRNpZSWI9ff9NZk/jA4A6JwW9NL12V4sKCNlLWfuPGPuWbKJYHft1A1JCqUj+w0gJYceVsWnfWEAJsXE6fbvoOz6vHNGCdWVVoEx9XfX3e3JC1ZOrLCP1UCLmd9hahOVTPIby4Piyn5XSFDmWUHT3B8AbKXunjJP6Aqmxv+mpa70K18g8csOgBq3ZJJD3bwakawndIt59rJqPJ6OeRFnJFpaLw5vzXIwvtvG/7XJvIj1SV+tOwnCcB2Hf1bYmJ00lsazRDhxj1sjyteEmfqqYtQTjY9TGvDcmPNbAPmapzN3KI4RugOITIBx7E8tpTdhz7HMd/cbSn3WZtqfQE56StMXTxaBDbNBSgr0z4RPpyA/SLx3dAvxEJ1lrie432oxg2VvDfGg+ljUQC8Y5RitdhPzi4pDU6ntfjRSsDLu/ei795VGFfpBq0n2laUh3SVXg0DDcQARYbAvugZCO6H8728KMMvDLcCIufy9jIHSQh0W7mdEzdvJRPmUZqZFQxtYzCBliCqSWuoCLqAbDKCrP21Iq9HBMYSa6U/fV/MVp5wR3FcKvc5NRlagSER70ndaT2m6m7QmdANt33Sgz3/n4bgAYERjvohUMHyigT5x8N/arY8wOkMnH5HKudkT57ua34VCP/L</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:02:56,379 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:02:56,379 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190256Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_rrvjgtvslliqmtdouxh20kgb9hrjnyux6hwkymd|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e64556dbe5614858bfa2c5385d931111|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxTz6Mp67YEn3Rv6wRWsd2e32P27OzH/YjTL82Du/C8/G64oFFBNXqaqPiSVp5oqcnX8HRIEhvvBc6B0BuKTBtw6yhhVU8srdWIobwc7SdPR4r+8pLZkSSbAr+KIrOqj03j6FJyf8q/gbC58sKPupNuRau2v3to2s=|_d7aa29b37181d22699e79d97a5635972|
2020-04-02 19:03:02,680 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1585854182_e0a6
2020-04-02 19:03:02,680 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-04-02 19:03:02,680 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-04-02 19:03:02,680 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_8770b781db830c5284edd2620046be6b"
    IssueInstant="2020-04-02T19:03:02Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-04-02 19:03:02,681 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:03:02,681 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:03:02,681 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:03:02,681 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:03:02,681 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:03:02,681 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:03:02,681 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-04-02 19:03:02,681 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services.sheerid.com/Shibboleth/UK
2020-04-02 19:03:02,682 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:02,682 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:03:02,682 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-04-02 19:03:02,682 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-04-02 19:03:02,682 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:03:02,682 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_8770b781db830c5284edd2620046be6b', issue instant '2020-04-02T19:03:02.000Z', entityID 'https://services.sheerid.com/Shibboleth/UK'
2020-04-02 19:03:02,682 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-04-02 19:03:02,683 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-04-02 19:03:02,683 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:03:02,683 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:03:02,683 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:03:02,683 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:03:02,683 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:02,683 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:03:02,683 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:03:02,683 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:03:02,683 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:03:02,683 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:03:02,683 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:03:02,683 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-04-02 19:03:02,684 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:03:02,684 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:03:02,684 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:03:02,684 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services.sheerid.com/Shibboleth/UK
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-04-02 19:03:02,684 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-04-02 19:03:02,684 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:03:02,685 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:03:02.686Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-04-02 19:03:02,686 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:03:02,687 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:03:02,782 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-04-02 19:03:02,782 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:03:02,782 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-04-02 19:03:26,221 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4025-hkVeHfXG66cLpnr24JxdXiI83TqZ9R8o
2020-04-02 19:03:26,221 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:03:26,221 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:03:26,221 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz"
    IsPassive="false" IssueInstant="2020-04-02T19:03:25.381Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>HyEWiuGxYiwZ38ICk5FsHFvtZS0ZegMYEgWm1T1acAc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
fGbdFMHqdjYhqY3ze5c/ShsT/A507FwEXyHnaZ0QryZubn+B2ZzXW13TCPNiycY4bLY/we01oSSp
mKqYkk8xkBsw9mnA3P+gysjdlVQDWC80xebjaNka89D+5xqbsk9n+w9GsRt3QE1ZcRlSqHNBhR6C
ekWJjjnwhyanvEePeXkEJ2xBRuAeodY+4fE6HI79sKSO+KAIkQJLGRlrbJ/erw4wCvn0R9J+AKIf
8bKFedwLVb+/gp9JT5HgafknbLDLwFx1DyDq6rdD0jxtbn0slyR/v7afy57MGkA+cWm2iTwNX9lA
VS10Ct3dsXdzyo4JflefGmYpph3ibG81NoANiQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:03:26,226 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-04-02 19:03:26,226 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:03:26,226 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:03:26,226 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:03:26,226 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:03:26,226 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:03:26,226 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:03:26,226 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:03:26,226 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:03:26,227 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:26,227 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:03:26,227 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:03:26,227 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:03:26,227 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:03:26,227 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz', issue instant '2020-04-02T19:03:25.381Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz"
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz"
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz"
2020-04-02 19:03:26,228 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:03:26,228 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:03:26,229 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:03:26,229 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:03:26,229 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:03:26,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:03:26,229 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:03:26,229 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:03:26,230 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:03:26,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:03:26,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:03:26,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:03:26,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:03:26,230 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:03:26,230 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:03:26,230 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:03:26,230 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:03:26,230 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:03:26,233 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:03:26,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:03:26.234Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:03:26,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:03:26,234 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:03:26,234 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:03:26,234 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:03:26,234 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:03:26,235 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:26,235 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:03:26,235 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:03:26,235 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:03:26,235 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:03:26,420 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:03:26,420 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:03:26,420 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:03:28,856 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:03:28,857 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:03:28,857 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1832930490::identifier=rick, context=org.apache.velocity.VelocityContext@5f95de55]
2020-04-02 19:03:28,862 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1832930490::identifier=rick, context=org.apache.velocity.VelocityContext@5f95de55]
2020-04-02 19:03:28,870 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:03:28,870 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:03:28,871 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:03:28,871 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:03:28,871 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:03:28,871 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:03:28,871 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:03:28,871 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3e858bc3b990641c8cf2ef2cf4e954e0364ce3c38cdf4503e97ef6458ef811eb for principal rick
2020-04-02 19:03:28,871 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3e858bc3b990641c8cf2ef2cf4e954e0364ce3c38cdf4503e97ef6458ef811eb
2020-04-02 19:03:28,872 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:03:28,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:03:28,875 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:28,875 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:03:28,875 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@37ad8667'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:03:28,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:03:29,060 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:03:29,060 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:03:29,060 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:03:29,060 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:03:29,060 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:03:29,060 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:03:29,545 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:03:29,546 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190329Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390209546}'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@37ad8667'
2020-04-02 19:03:29,546 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:29,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:03:29,547 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:03:29,548 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:03:29,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _65e10d7d8e62e83ac3747ccf008b4915
2020-04-02 19:03:29,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _65e10d7d8e62e83ac3747ccf008b4915 to Response _99847fdb0a0d310ed5bf2cd1a402bf66
2020-04-02 19:03:29,548 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _65e10d7d8e62e83ac3747ccf008b4915
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:03:29,549 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:03:29,549 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:03:29,549 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:03:29,549 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:03:29,550 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:03:29,550 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxATFvQSvccO21Y9PW+2TGCl8L/BorOWSUTk3tg08nvcYxAtH8W723HYotNcPLxaqvrH898RxFbfMEuXG6Isvj5Lc9R5w8x2bccM4bW5vMMcgjVRxhVzoNGBQ00KjOe03iVYOkj5W06IyK4F5rOzQbHeDS6OIRPHw= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _65e10d7d8e62e83ac3747ccf008b4915
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _65e10d7d8e62e83ac3747ccf008b4915 did not already contain Conditions, one was added
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:08:29.547Z, to Assertion _65e10d7d8e62e83ac3747ccf008b4915
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _65e10d7d8e62e83ac3747ccf008b4915 already contained Conditions, nothing was done
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _65e10d7d8e62e83ac3747ccf008b4915 already contained Conditions, nothing was done
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:03:29,550 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _65e10d7d8e62e83ac3747ccf008b4915
2020-04-02 19:03:29,551 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 3e858bc3b990641c8cf2ef2cf4e954e0364ce3c38cdf4503e97ef6458ef811eb
2020-04-02 19:03:29,551 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 3e858bc3b990641c8cf2ef2cf4e954e0364ce3c38cdf4503e97ef6458ef811eb
2020-04-02 19:03:29,551 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:03:29,551 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxATFvQSvccO21Y9PW+2TGCl8L/BorOWSUTk3tg08nvcYxAtH8W723HYotNcPLxaqvrH898RxFbfMEuXG6Isvj5Lc9R5w8x2bccM4bW5vMMcgjVRxhVzoNGBQ00KjOe03iVYOkj5W06IyK4F5rOzQbHeDS6OIRPHw=
2020-04-02 19:03:29,552 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:03:29,552 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:03:29,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_65e10d7d8e62e83ac3747ccf008b4915"
2020-04-02 19:03:29,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _65e10d7d8e62e83ac3747ccf008b4915 and Element was [saml2:Assertion: null]
2020-04-02 19:03:29,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_65e10d7d8e62e83ac3747ccf008b4915"
2020-04-02 19:03:29,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _65e10d7d8e62e83ac3747ccf008b4915 and Element was [saml2:Assertion: null]
2020-04-02 19:03:29,560 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_99847fdb0a0d310ed5bf2cd1a402bf66"
    InResponseTo="_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz"
    IssueInstant="2020-04-02T19:03:29.547Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_65e10d7d8e62e83ac3747ccf008b4915"
        IssueInstant="2020-04-02T19:03:29.547Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_65e10d7d8e62e83ac3747ccf008b4915">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>47QEw4+feXBPTdfQs41rvqaGuIHt7WAJEhgLH4wP3WeKz9+Bi86UlbB0TmHuLtSpFEc2V/hAls3yI8ZnrD7F1A==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Afdn88CElQTb+V1WcilPhs1zU42Udslidt2180AGsaTdN4u4wJ2g1Rzbk00CHI3nCAdEGksxJ2tudnV9Qnxh+TKOlcUmvyVemVua+vNnWTRrVM9aBw/OfGHThk/GdDFWVTkcGCDHXgw7ax1zjLeN7QJFkkNTn9DdExvUemOm4kN+QdW9928ZNyRkpw03Nb76uRaRCyrpWrxlY8sa/ZaYnWs4VeLqmn10Q8pCy1gUFGL6MspJS/a4sZNth+VYIp+zFJsqsTm5LT9IAYCsimefIQLvUwK5zCoD2XN/WvAowV2yOCPGABPECdOg6K36EuqOgIkoCMPC3wdYhkjCqfiZmw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxATFvQSvccO21Y9PW+2TGCl8L/BorOWSUTk3tg08nvcYxAtH8W723HYotNcPLxaqvrH898RxFbfMEuXG6Isvj5Lc9R5w8x2bccM4bW5vMMcgjVRxhVzoNGBQ00KjOe03iVYOkj5W06IyK4F5rOzQbHeDS6OIRPHw=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz"
                    NotOnOrAfter="2020-04-02T19:08:29.550Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:03:29.547Z" NotOnOrAfter="2020-04-02T19:08:29.547Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:03:28.870Z" SessionIndex="_0659b242bd269df108aa3073a684a864">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:03:29,562 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:03:29,562 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:03:29,562 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_99847fdb0a0d310ed5bf2cd1a402bf66"
2020-04-02 19:03:29,562 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _99847fdb0a0d310ed5bf2cd1a402bf66 and Element was [saml2p:Response: null]
2020-04-02 19:03:29,562 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_99847fdb0a0d310ed5bf2cd1a402bf66"
2020-04-02 19:03:29,562 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _99847fdb0a0d310ed5bf2cd1a402bf66 and Element was [saml2p:Response: null]
2020-04-02 19:03:29,564 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:03:29,564 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:03:29,564 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:03:29,564 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4025-hkVeHfXG66cLpnr24JxdXiI83TqZ9R8o', encoded as 'TST-4025-hkVeHfXG66cLpnr24JxdXiI83TqZ9R8o'
2020-04-02 19:03:29,566 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_99847fdb0a0d310ed5bf2cd1a402bf66"
    InResponseTo="_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz"
    IssueInstant="2020-04-02T19:03:29.547Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_99847fdb0a0d310ed5bf2cd1a402bf66">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>BPU3ZdOzlE1TtsDYnpTaVEgZEun7xfmbsGJ3ygqLsrZmyfTtESooG3YDjw1L7Qrrc97r0WXlp5Ys9n/E4LO0aw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Xi85yxdz33OvkDkKfbMYCP+gEI2OUDRbpWl8asVIkDN6UVMYOF/XP+rcIYngCGYpOXSXqvf8MZgyz1jKMv7HQliB4P9ytxtjuvXUB6LbVTiF+pxQ+rTNPgDYK6hPR4YN6yPDpkWFNhJ+1d/WpPzD6rNDazmMCVYoxoM3UZBrUU7XsPUiIJEMW4F8Co0/GViubi+fF3COJt/4w6NhsGqOPMgpQnjmTJXpPCIdWxpKyPzcwHHTk2P8peGeM9uEhpWIzwWHHZNhCkxzgb1V+/VHaYw+yhYbwXXxWbHAeCEFKKgxQOAcw2nKgB6uGus/AlLOI3WygKPJ7bLMGP4CTx2xqw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_08807a8338ab9038ce4ef5b3c0c84247"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_e83512b5b9b6e0c8f7235dc915f9b4b0"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>YZjB986el+YoBY+scm2/lCsWjeYmVl6nRV7tHk2CDKlpYSCPQs48ZG+cSJ50Vle9aiQqbDEMJe1dnUPUe/pLYbjOocF4QWuCYE233/S+ctzvjQgH9wrILfUpqhIPibYLBQlNuZJ9Knvo2MgTvRKwYSl5hjH/CL+mknSsAvW87w8TxQL4WLyW1x0vrpdG2J9wBVcFH2OXmIx2RexIB0f3AqyzcpRWj2aGelhDiXz83GnLBSIMZfyqaQZmpDZUZZ3aXNs7vRTUjoWMD8OtXAstYrcDeq3jUm/dVRp0Hg+bkaDbdWL/y4QnPOxLP4v8zum42BtQXfLGOk0L3/Q3NK1LpQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>RxD08ou2TwcAtrsILGCFOcGALyGmk+ynaAQF+bS9/PahOySRbFfPfsrx2u4FvOg4LRLzvJaCAk/DxZ0iWSe9SYm3pVk1DYkk09MFe6wUsLC/+gvD3fBk+k8A1PDbxsSONBtgtLMA5WdlCYU6zSr5wbUDztyJaN9iplRNLiJ5y9fJ8boUR3mCpxVREjBWdV8zCKW488Y1pIPVdhHL6a9zl4xpTpvfJZGz4zdkVkx0nJVoXIlh1Xu4xnj7TVzf2Fj2QdA68HWfn0TfBPAqN2nwAQSuz+/6vFeMbB/0EFxpK+Q3YH8Nj3kaZwQWywJJ7fvhdQHS69M5d/34LWqtwEX2XHb2B1/QR1yyZOx2kfr7ll43TncwGeJWwgEpRy5TY1MIp5EsbhGx9qpge9Cpq9oJeFS7Akbwr+l5vaiUOl1yQzlFVpAQAdDoCYGJQw/284rbTgastPDy6OA9NKmC7Z3MGmzgTbZRTGtlj+WUWyD0fIFy1+5s4fKkfjVdMwz7M7VHhCjMq4LHo7AOj5W3MWN421esQoe/OFPFSLFS0J4dkhmGSuKtNGwkws0F0UBvMXi3SQ/JxQPXlyvFd8CPmm+V/kC95FeXBZUqYZu2mAjRPmtmPhgm5BOhZsk13hV1BlodbBci/RRB9FX88zx8FUpfzfUUfsw9OUeGoI8uGy6DxwHr/S5SX2RS1Aipb9KmEethj38gdMx/1IrgDfQQGJMwtYM4wf/2Knne/8Xshn09BWrxPEkqaIm/I7/Ab9MVxzEyuj0hMPgpLxY1CweNoOt/UlEVqUU4iALpLi+hRbL5355aJIKsbhwjjr6R1eCFQvD64ZaFMmnKJ8vOFVsFRt96/iFrN7VZ4PESdbrdnTvx9WYT1F7vLp8Hx/u8CGbINhpQTEFUoQC/3IJXeOy0Sc5iy/P8+N4yr3YuKTzbffe0WD1e3V48Sn0jM7/TzUQJFDUpD4PajDodzmVEOBg3xO4XMmpv4qDSkHpcTKeGY/f1/Z59/mMsxROs0WBb4GO1jDkDV1K1AHEAhA/jdKVmxBp6T3tfb7dSg/2l2NH8MTDE9zKdW6CXKVjnB0Yvx7lH+YcyHmhFkOHnL9Hah3NwlSuoBf6/WrzYNpSAL2q2Xz4pTMPq05v7FEd4d4azsTE6xOkRtmeYASf1gyFfEDhi+qECdNNbDDaTyfqhwdVwD+DlhQ3S5JZP5/P1V/gnuiCMtTODevi2HpA4dRhwPJ5fC5I580qa+YPpv69eqnMW12KhBMZ/Omsno7i2wv7sHarS/3Bm+RxsUr2kb1GcNaYvCJRCi09i/JPidDT6cccNURl1YJvXd3RRCocwjhRvUWqoIQ/v84YQcRM2uWXyEiTZRqwzOu5Nn6y8vUUZdVT7Kq2eYWK3aDIoCGDhZaIxT28B4iHwYv2bsaCCm5/W42L5DAT3QE84MtDtuyh6L4ogGa8KkeXhVpI++Z2X0plBN6NANxWJcjv4cEqbggfMQKORV+O51ZxlAsFpGJo/u9kE7lQkhGfF1Sz6Qs9EyUvFyYmtIcrOHMbZjjRn+qdSG8+ehCe7WmKuR0llIJAoHzOiOGqv3Q5vDFLYQQ9tcoVUqroZxW+3W3r2W02egvWSsHh8FZWLQR3mrw3a6w8mlQcCAaxy64EmADNt2BrnCILidxf79IEliAV5jlw74sA03lNJF9Kco43Ir5R+jbLrCz44QH9R0IWx4OBKl5zjn5QwjGu0uG6lpQSMJe2M0lupdIpIBTmwy67RQV4vYYbRX/In3DGT960ezm8qFtGqjr6xJockEcKYtJLuLBgKraBiEzRyk3HuiNictKYcQA4QGrmW30jLnxp8fzOUFsiFwZBpwjl1FX9dbv+iEaKxf0N8rEMZnPW7ONKiPmvoWXcpSlmMA6kXVK9tnQbWBd0uzeeERT0wJeRG5wD3LDJeqKlm8tcixm1EgwateEz8WgEvUB3TBYRLOaIc1x7BCjzfjpXUjMChqI/U0J08kPcTh4qwoNtBJIRUHQ3Rx+g8w6yoroi2sodle3X1QQSv16Jb8N6YOewLbu9T6mbfOMSBiT4n32VeO1XlGzGkvPqVFM4CjPV3vj2okpN64pqBugrOSvPptBfjL19xuXae61x784a0cvfJ8kJxHv7bXTzOfNZkWnWwOrshr4XxI340zF4kgnCMB0HdaKKoIy3NND9Gr77YewKK5RWaHm5HWCoEfW7UbekjAAW7DzbmfdiYfz56AS2e1HhNCL7gROqWVIuDZDj3MumMQVzdfOGjQXl+DU+ghjEpRM1jzaCwCepqULGo4n96fPy2lg9IEplWDSqjpMtCI0SrHD4JIOXRxjSoEj6MjvXmrm2gbAFPzLpQ7B3B8ee1MZiCgitL1xV2Nm57PwZdT+p1FYvjGuUHWjPDyfRbEevEz+dCxdvygsTksydcYuax2Vi+/6fr+PecxS/E0icKiAtdSRsOmYF3dV4NaYkV45FoV+tj8itKr8uou+tnJyxYn6VwXJsmDjqthLq3I5wAfcOL8Ds5dB0c6DYz9t9xXkCc3a1aDmu/9GKNaNM2oB9notNPMultxjsdZR2pIjIBxH7xaVhZ14LJudIWNdEzk5T/vEiSKjig9Wl5jNSK2gtM5hPFg6d0xR+0SAmNNzCT1OB6rNHRQZp+9EVkeDlvrfGjIZXnyvcSYpdSTNKsGvR9wKSbeDxHnYm+Gq3vZwlHxW8vLMeeadQkSG9Q7/X7TyZl/tK3Q+MGc9aonAvl95tW1Oi0PX1MifoC7PWC/hxXZ7hbeGGKeLcKCrZoKAGtyKllYjETM/AxxW/z5wS+TWkypkJnLU5CXA2WDxYUaw2vsiw3TYpXTxsQMsgv1eDFvNxs/q15LleSvC7BsLAjm9zRNUPIEuAM0iQ3rKH4ALh04tOUdsJgUJKjKH3UZ0kg1UiN2s04UvJcAJlyVBrsqkY8W7PDEh9J3BaJsCWd0kkfxmBIzmWDm5xnUfeJguRrWvWRJW/ACQe+PiDpttc8977zUpjaJPoOnn7I/Lzgr5QDl5Uch/Bqel6Qm0UtFnJVL5ojgLupmvzERxNxOdNLEfPxiwLT1ywF/tQUSX5YLgUc8+HRytRSopMkZBWgSNyF7TjCF/D+an5f2SwedKBfBpfIqsviQKFxLjO3ISld+jJC9BJyqkqs+QTEl1cBqxRmoLULbmnRRzp6QPrUpM5/TvKdfas+yUbBmi0Y4zW/SH5UiMHikHrk+AXhbRovLvZNcyHWyd3JCfiOWyMXQPzwRzoOjqkxMf8Y+Hdv1qLZW9KFFVaCh0hxyPmA5CpzaHdJ+KxkVEdTvVi1K1tRTr1EEP28qNO6K/De9GN4RRDIN2kTDrOM9Nis2ExbeNnI8+v3gEafB8AGyprp1OulKbQT/Svdg494usQadyLtN6SufwRw7fJqtUbv589XiuUx1X0Z42eOxrx060jfD4ESBz9qKoGdjQ8zvweXRVFTUZx8edhKQD1JTn34ZISmJc0Ib6zHZuki7VeaC4lPmDP4EXLL5r/4x1C8p0gzcFinU79lGZMtopvZ7oMUAEXQPhnjh9MP9FLp0njZDS178COXdI8ZbSFwQmv28l3Xnin1haAwSJqbY4LX7obNiclZtRMmF1dyXacLyaxmeRbHBB7Y/LDL0V2OoR3sEq6NbKnPPVqEF+/1dzi1oCI9hY/LsLwVukGAvOikdr93YZkEAH4jjdrhLcW35VM28Gfo2RSW0fG7FiPBOwbOz4JHDwKOfZKED+4IUaWtNdhCC0ivGaKr8w2dsQxuyK98KK/bF5uGabTAY6og3ktGubeNdPJRtHV3g7lIMLREdxInn2xV7ZlCldHwQ4YGhV7XqdtRuV/TiPj9Lf7Hnn2saMP+3KrccWk/4SJ0ar5fIa2l0crHRPP7cTZWFfWJqayN/ltMFg18vyDuT9kwNB0+9BAhEB03BE2lFFe6pbi9vbPpSyeFyI3NF7FzCDzCCN8+dCCqMR0yCD8Yn1g7wifAt/UOBWnjMgLJjrY+51HKtbItom6t2+TbsoiJ1mxU9Fs9HtAHQyMsrFwB+i0iP0acVj17PH9+J0dkyKxlwQCCVMZwNg/rLca3xmnYqMDUOi2/mJ+hc6T3BtZxidcNx3U7P1KvloCyl0BuQM6kMqnah4MjwsNQtQRY3MJiVKUhh0Vt38slzBexzIDXzjd9UEQJRzStzbYsdZndhlGUCPclGgeJ1iulYacqEvy7P1p1rz6gR6VGcuuE79lLAF0y9xanETJolPNiEufWvUvFW2M3n7wxBuYJa57oCLQqI0bQOCQccofcVcx4+BJzALrJdbR1W4hKKrX5yaP8+VFPCEE8hZU4B+D4ocVwGAam1fTmzEdLBg3aNGv9hW7kl3SOGQkfQRAcA6AIKyKjxbH7LopkDJL6YuyEh9uhrfIrhXTfYl3lxTv+Y4iMzkP6NOiha0WiR8seqz/z0YsFDU4gee5WQG9xCwg9PZxphtzX5+KhFhyb0OkesGu2QA6IGIvbhU5H/R8rGib176W9+Vz9KL1p5TIMrA0BnHySMIk6coaguvOqPhpukNmY9uZLtY53aofGcf9jkJ9JvA320gCqdYtEjM0f63GNKSp2UFu2n7YS+ipyEqqxtYGv+y7+VdeeJ1tuHZy2FoWIB1gXV+IBzP+6bYX3oliTx3B9e1p7x4kdIA40w+4uflM7l+7nem0puP4p72dkV02BHtcm2uHZmnhVF97Tea9I65/GrlrnlUJo8aTQsEVptJ27PD2+oeAfESihMir2Pwf6daX9tcnRhWJaWU8acJneJu8pZMmFd7eQzCP8uKHCg5voEzdqYtibqHKfx2ppWE4Dc3zdP75RJFH/0I5zWl8hzc1dODPM8zNLuypK+yqg5oGPP9zFiM/WX+53z2ZCm8kDSTuBJ9sX4Pc/Iky65TqwQPoH5hltdaFVE+7pPTgJ6Iw1eY9BOFPglccw2TgkVixyES6KqohqpMG54qpBWHa/+dqMY+lwTJTy0ZKPZr0XHa1Ov7rctgy6deucd914+vSCWWyDVpLNKbxYTzjAz5Q8/37GWrt2Aw6yEo5KzGMKXE43etCeoabnSkt2XtJT7P7DZwBxaZriZm5dCcT3HBHI1Ga+nP99JriZLpCU2sAlIUIEnUt1a//ooz6/udN2tSkGKpDaKBeYzpNrjbKH6DX8IEoJkvpStAfpxX7yFsXCsJKRy1DDGOs8zcaPygZWvZCxLpFqPBtRayTtfoCJErQcbWHT4b+ZNRI5iswa8l38roj85fXq1MzxvNkqEBvVeD0yfg0AFwnZUS+r7aGo8xW5rwtfkITT33vevQl2gwUviwmLG6w0aCTpAfsaQDzTnv+VIZvjxfgXhSPWdQ2Itb4pcRYOC03bXmSVCamdLEdiYpaycKQZtwUW8UP0qRuFuVz40qK0AOc8aShBYXzQdtmBoxSgx8wNGyqhIRdZp4U7Uzch4+3jNYMrv1lUlHk5lRHFse5Qyt/r3xNR6PSYiW57TBBgGLlenpmUQs2cYkXAAQAE/rn4dK8oIbdJUyu8K0AYRobToYlc2JsxWPAgzfXUDDp3/f6zGla5sTHtQLQ4qSaDtWqfMJ1xXoAjznGQTn4DltuWWXCLi5iYztsBaZXpVKH88Da6ASR3at13DUoFkPSaCKylAqB98o4e2+DxaSRdBGXo+hrsbyCaYIYv0Dh4LX0cHTrZMCU5nrag7DWT4HLg9s2Q+3FvJdiDgclYDFItRgqhVT36mmWmQUb6Lx3cEux1zYtRe10F/P+yBiugHPnUga8V4+AYfVOlE3oQcN84TCgiQcbliwRfLJ/TKDzEfgfQIJVVBGia7p4PA0PStKhS1zQTMs/B0lGw9moW7NcK10KGwoGSoUXVoFiSJ5xYMf1HgTJRejYuORSMDBV28T+bzoUQnQGIAySX0QfOoMmnGUnxv5hg2SfpK+T95icsOSWa8C/iU2swt6E8oIhGxA+GFzGAUeuuY00HJGxOdgLE/d5GzEFkrMUM17RgBqRtURovL943/89dHw2UabzGDYdnNl62GLUU+ktZwqtfFjKRMCT9b4wwsHQFta3MtXEvIRsAthkhjyYvhpraUFoCAL3f8Ex/AmolZuvD92aKHcHmI6H96BeMMNkqwDC42oiYwV4hE1alLCCymIDj7VTuBiIkOoKD1ehvm2Soztj7YGTi4+Ad6+YRc+yE0Wy4DA5LWrqXK4b0dbIVr7IbCR88RAHotBBYBno5QmGvddydKq/F/VAa9ISzS2kIXmmHPMoNUpMbrhF1rTKzKf2ceXHIfEScfO46SHGhpeVOhmzqQTONqBq9ltKh6fMWYrNBxHcJx6rcMdms9dUtPzZ7JiJS5Q3F9ARTpmMjLNWnbwfPhvMOQ7O82uLpfplUGl3z2BJ0PeLyqg9kcYzklHnB33Jj5JPJ0BY0AldemwVr8m6G+3Qu6TFUTOL2oYfh9tfFU/lXFjjBP7MhQnPF6+8YJ0fieF0laXkdSGnyBtK9WJ+kv+OxYG3NsATKYXoufzgj30IkTYmaVophVY7Y5y4vvYJVs238kCMXjzTzwZR8YCzDvKqVjCk21wosMIeu8f6PMaiiLosK1MKpM2eMoUKGqUAC5v1MR02oZlkULQM8Rz4RSg2XpjwjFoW+L59amEjemlOYOuQwRP5yXOP4uBLN9axd2qpfrEbUuaZGlbFoFuXeoIF5kkI7gznihy4b8Cwq6S0ew4d0ubL1QVHQPBiaKqGLWSIKHM5xhIff4HeUmKwP54NSyrwYm2rgoaCtr1dMCmaxyEEbrnAl6vmh39LsW40xMvt2qVjADiP2ee4cxlkdCVEzqI4qb9Fgpo5WVrSCu3WzDLrw6i1Sox310Y/nTq9gN8c6AfoIqekE8YrD6dkifCJhfsEU2dqh3gZrqJ1JCT1Kc46/QA4yUem45tMz6cPmlfjAS03ksff3tUNcaVtuAygCLFNsQxk5OUL1pAMbwxiLFEhq/+ogXTIo6p1EoFRG+hmGz2Nf6+ZfO8kfWBoe/kJNdh/TkdyUnC0NCD7rYD+1ugNWYlQCs8CqT615QuE/xDos7linoRdkaerEGIhWRRys/jRQ6vhrLp3LcGSzfbiMgi9EHEc2qH42tH2HeMZ14z4I+mAnQtX8AMoAsf6vmqv3iZ1kAPD/AtN+WMaQcV0EoarIXA4ZDErG55g1BxEkTsVXDwDXaJRGlaX/3FgfvoZAswfKHSYdXQjNRbG1tG29Llm4DpibpwdGwtXEpuRmz+Nll2YpVLYp5o0TCE6GEhBfEgQU/0SdiUiPgUiAdaAnj5nYkEEcpOqj38o5qXmGndeS2Un/b/42vmMaqRqROrhafojdBfJ5xnce1TDUTwG7XY80uI/XItpmHFugbITNGPAK6LnPG0G+IF4aa1YdGCwnJOli2Y86P1dIoIprdUY9Muan+CmPMw7pLEE/beoppUSPnY/IevkRKJkMiZdmho35mhRllcuoqE9Hq5CyZtIlkIIeJ7HAw/okvnAJVaYHk3nz9m2ArClCrgqcoB47M1YHm8/p97w6h6+JZVrglLai0V5qfkE07qpZDK6Ou1wD5zQE+qI7/a//Hg1qCqi1PQDGZoV8btz8+sJwAKcNShHvap9GdHLmhvwRLm8bSMFeJfkoaLmG/wP185BgdGDw0w70gQ3CVjML/COqbSCw7sgyAhS+DHTqhHCxMESen+XkiDVM7BoDidemjskO/HQPwyjTEKnQ97ellNvmBCtHLi2zWZj9DNBsEjg+I6QQ20fUIBT9lQ1vXKxUNXTWK243IgScajqDd1mvsA36hp/q3CdjJ34Ijpk9iGuPH209dRLOK3EZhRIYa0Fd+/gyvKTZrGsetyF3z9k/hcMJyMEG53ICzpPaB9S6WgA6zn+KYphM6/b/W1OrDP/SpA6WbyxmZSuRWnZ0Ql0glE+TyRTrzfHO/cSdshnCcFkaNDZKynLK6sitAaKV1pF3KMHvV1B2E8pBTw/xa0zpBK0iZIRKzYsTmkC5eTD7bjZlvgiBx1HdCOfd9diH+lZD7U3bOKdBod0+y9HLzTTtnBOWpr7T4noK+vJiOBJR8yPi1/pQV72Sm2+xLJvAB10Lg5DQyeMXcMS2JZLxq/+KVfe6nOYxPvOVO97WVwabYNwDdJ0qUM/1</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:03:29,566 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:03:29,566 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190329Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_sf1fg33gdkw5nzaw3owzaqpgcg9j8herqfirkyz|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_99847fdb0a0d310ed5bf2cd1a402bf66|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxATFvQSvccO21Y9PW+2TGCl8L/BorOWSUTk3tg08nvcYxAtH8W723HYotNcPLxaqvrH898RxFbfMEuXG6Isvj5Lc9R5w8x2bccM4bW5vMMcgjVRxhVzoNGBQ00KjOe03iVYOkj5W06IyK4F5rOzQbHeDS6OIRPHw=|_65e10d7d8e62e83ac3747ccf008b4915|
2020-04-02 19:03:46,743 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4026-e7lhBAp4m4ZyLIqUfQnoB9PfPEbZmcmN
2020-04-02 19:03:46,743 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:03:46,744 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:03:46,744 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n"
    IsPassive="false" IssueInstant="2020-04-02T19:03:45.847Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>IU21djneftUVg5vpkqhUAwDqL5A690AeqYQflSvZIaA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Qsevf9siGAS9oDM15hE6iydcwnGV7enTAPsbLxGt6wWAZ7u1ox62nNmIWoazxJGHL1OxzAJ8Q/1O
JKBDEcPHfOJCrRt3aqw6/MuLH5e5Pt+HLJIpE7FyH1FQZ0leoe3aYihoSTTO42NLGkFgg0XenaJZ
Meq6jILs2dq+mggjbda7D+sJdp1J94Fjx9ZEMW5xzmQk3BeHlNCLblyTAhDqNvCVGUbb1GQYKclk
pQgBmwHg7ucQHY0z+rHOZnGbqUSh0WodAcfqt1EQhbGumiNNcvdegMsUJu877NrdA+AqlJJcixRd
VyhF8Gz11uNA/0DXetKJIF9qFF9duglBOBz3lw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:03:46,748 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:03:46,748 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:03:46,748 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:03:46,748 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:03:46,748 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:03:46,748 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:03:46,748 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:03:46,748 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:03:46,749 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:46,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:03:46,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:03:46,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:03:46,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:03:46,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n', issue instant '2020-04-02T19:03:45.847Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:46,749 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n"
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n"
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n"
2020-04-02 19:03:46,750 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:03:46,750 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:03:46,751 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:03:46,751 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:03:46,751 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:03:46,751 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:03:46,751 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:03:46,751 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:03:46,751 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-04-02 19:03:46,751 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:03:46,752 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:03:46,752 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:03:46,754 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:03:46,755 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:03:46.755Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:03:46,755 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:03:46,755 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:03:46,755 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:03:46,756 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:03:46,756 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:03:46,756 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:46,756 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:03:46,756 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:03:46,756 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:03:46,756 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:03:46,917 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:03:46,917 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:03:46,917 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:03:49,428 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:03:49,428 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:03:49,428 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1053965709::identifier=rick, context=org.apache.velocity.VelocityContext@51691716]
2020-04-02 19:03:49,429 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1053965709::identifier=rick, context=org.apache.velocity.VelocityContext@51691716]
2020-04-02 19:03:49,430 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3d990f6f37af4169507e03e2ab1f61e4d203bbad273ab4c542e794c3f848f69b for principal rick
2020-04-02 19:03:49,430 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3d990f6f37af4169507e03e2ab1f61e4d203bbad273ab4c542e794c3f848f69b
2020-04-02 19:03:49,431 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:03:49,432 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@8672166'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:03:49,433 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:03:49,599 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:03:49,599 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:03:49,600 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:03:49,600 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:03:49,600 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:03:49,600 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:03:50,263 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190350Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390230263}'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:03:50,263 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:03:50,264 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@8672166'
2020-04-02 19:03:50,264 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:50,264 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:03:50,265 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:03:50,265 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:03:50,265 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0ee62495aa6e84f7b64bcf9501adde2e
2020-04-02 19:03:50,265 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0ee62495aa6e84f7b64bcf9501adde2e to Response _89850293df2ba2cbac1bf38771ebdef5
2020-04-02 19:03:50,265 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0ee62495aa6e84f7b64bcf9501adde2e
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:03:50,266 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:03:50,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:03:50,267 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:03:50,267 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:03:50,267 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:03:50,267 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:03:50,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:03:50,267 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:50,267 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxVBIOYmkDLiBbxNFLoioSYZnVQVKDyzOz2CPZBt+H+2w7GmYAgH4mxeIlgadrwF0OMtnamivIcocNPJiiJhFPad66qMR4bcCJomjr7S84UwqJ/okkBB+8rvEBF8sZHeyF7WKAHCpdBVzCCHdRE0RpTpV1DU6HoBc= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0ee62495aa6e84f7b64bcf9501adde2e
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0ee62495aa6e84f7b64bcf9501adde2e did not already contain Conditions, one was added
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:08:50.264Z, to Assertion _0ee62495aa6e84f7b64bcf9501adde2e
2020-04-02 19:03:50,268 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0ee62495aa6e84f7b64bcf9501adde2e already contained Conditions, nothing was done
2020-04-02 19:03:50,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:03:50,269 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0ee62495aa6e84f7b64bcf9501adde2e already contained Conditions, nothing was done
2020-04-02 19:03:50,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:03:50,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:03:50,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0ee62495aa6e84f7b64bcf9501adde2e
2020-04-02 19:03:50,269 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 3d990f6f37af4169507e03e2ab1f61e4d203bbad273ab4c542e794c3f848f69b
2020-04-02 19:03:50,270 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 3d990f6f37af4169507e03e2ab1f61e4d203bbad273ab4c542e794c3f848f69b
2020-04-02 19:03:50,270 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:03:50,270 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxVBIOYmkDLiBbxNFLoioSYZnVQVKDyzOz2CPZBt+H+2w7GmYAgH4mxeIlgadrwF0OMtnamivIcocNPJiiJhFPad66qMR4bcCJomjr7S84UwqJ/okkBB+8rvEBF8sZHeyF7WKAHCpdBVzCCHdRE0RpTpV1DU6HoBc=
2020-04-02 19:03:50,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:03:50,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:03:50,271 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0ee62495aa6e84f7b64bcf9501adde2e"
2020-04-02 19:03:50,271 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0ee62495aa6e84f7b64bcf9501adde2e and Element was [saml2:Assertion: null]
2020-04-02 19:03:50,271 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0ee62495aa6e84f7b64bcf9501adde2e"
2020-04-02 19:03:50,271 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0ee62495aa6e84f7b64bcf9501adde2e and Element was [saml2:Assertion: null]
2020-04-02 19:03:50,273 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_89850293df2ba2cbac1bf38771ebdef5"
    InResponseTo="_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n"
    IssueInstant="2020-04-02T19:03:50.264Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0ee62495aa6e84f7b64bcf9501adde2e"
        IssueInstant="2020-04-02T19:03:50.264Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_0ee62495aa6e84f7b64bcf9501adde2e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>f1SYdO/w5aO7Yujmrq8jLc0LwLkq/Z8c5GfyTY2AJOGyW7fiNyd5NrM2idhzF6X/QaPUlaOVFdmLRITECu/9Og==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>FuFD6vVriPKhlqKB85ABHs/PjGH2cCN2doArXs7obQgJkbX4TRRGR8cdxTGbDTUdSvT6YTwVUF/DevSR1oqsRXGDiM/K4slbilO7HWeOIp6fIyoVESg/Wd+eDsuNLmWU9+tjGSWYNteGATkw8zUuZyrTvzwbYDlVlKyIe6LoJOxnlOBg6/9BrUmgfGxd57JRce4w9hTDvfXIE/c0YRz8KupqI00uQnjuxdvycIHpV5Phn1BqOA5tiL4k2uQbNHtuNum1ePC3SORFjZTAx7wg4PHg13ZdJXBdYCawIRLVcG8i6BQ3vk1gbb2rNfsOkCH/nNbmObOfOPBIhhB3sRf6JQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxVBIOYmkDLiBbxNFLoioSYZnVQVKDyzOz2CPZBt+H+2w7GmYAgH4mxeIlgadrwF0OMtnamivIcocNPJiiJhFPad66qMR4bcCJomjr7S84UwqJ/okkBB+8rvEBF8sZHeyF7WKAHCpdBVzCCHdRE0RpTpV1DU6HoBc=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n"
                    NotOnOrAfter="2020-04-02T19:08:50.268Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:03:50.264Z" NotOnOrAfter="2020-04-02T19:08:50.264Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:03:49.430Z" SessionIndex="_a3932bca53fd1f2dd231d131c278c48b">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:03:50,274 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:03:50,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:03:50,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_89850293df2ba2cbac1bf38771ebdef5"
2020-04-02 19:03:50,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _89850293df2ba2cbac1bf38771ebdef5 and Element was [saml2p:Response: null]
2020-04-02 19:03:50,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_89850293df2ba2cbac1bf38771ebdef5"
2020-04-02 19:03:50,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _89850293df2ba2cbac1bf38771ebdef5 and Element was [saml2p:Response: null]
2020-04-02 19:03:50,276 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:03:50,276 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:03:50,276 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:03:50,277 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4026-e7lhBAp4m4ZyLIqUfQnoB9PfPEbZmcmN', encoded as 'TST-4026-e7lhBAp4m4ZyLIqUfQnoB9PfPEbZmcmN'
2020-04-02 19:03:50,278 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_89850293df2ba2cbac1bf38771ebdef5"
    InResponseTo="_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n"
    IssueInstant="2020-04-02T19:03:50.264Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_89850293df2ba2cbac1bf38771ebdef5">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>yj1IkP5b0fiBbT6kec3vL3DmCy2ky1ZV+SIGHVZutglFPap7l9CmW+V46rejzjVbFk+msm55OILST4JjUL7kig==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>BrDDoIxbKZZocnro+p/D/H9qmgRmUV1/NWEqt6xJbwnb8qeElXoxt3TfDecKJ6Voc2Dq0oNPqOpbi+b33ThJvB1iqfLBsbpZYFZ3htvxx6lKstmOodfjEv9hpfn1qzPstTQbebYLmw8tRhy+3t0NySApZaoYv2ZeiJxtmZ8peW37ffGIyIaKPgYhx4rKQgmicAgBfijbNS6MbaYKKaFXLt0HU6CnkveqCJvLIAr2M3TgX3Wrh2f9+mJJ5t7u07ZSNnyFC8puYLgiOb7l2TSmaqt9HTw6tD55xohPzRFW40sdw4smlcHtY0OB/nSlsNFvjllxrzWpUCisxWsij3e5Aw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_a4e3951ceaed3528fef7da8c35e1aac2"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_4c98afc11a1e0605ea21d1a94aa7c795"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>iOTxj34R6qZkWp/xrH0AMJ8Tq/xtEBOP9eSbIt59/W9rfFMdNBbVhVKMvHGJ6t+ZpiJ64DTaCtvLkyprve0GxdiyTQMxkn5RVZ1xcwFK6cIaMDSN8uhJptzVvMwS/ALCdJvEXW9JL+lWGBqkG7VR3YwJZoBl2ZWo8S59owhafhXKSbK5PqQNUALHRxJ0GTn2fbNRHLHVdq9Z9wKTH8teE7OWSAHFeMU6f/8/xX2kZeejjRf8fkhazBHhu8Q5ARanuOv81IPkl9EtoMsTQkUGGzgeLlb4oYmYH6qWX3y2udyngZ8vmaKSu/FIHZ2eQD2TrQKFUjpkJn09zMys99R8cg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>iumzVrhsjeU9PGdW5rpMSvtHjLurCSbqjv7zh5420jXYZXPNheU45CNQMJUoqNgwE10qEHlpcsB0UKCqsfrGE+ZuUEUOHCE000UYmzTEZYIc2gdtpLXdYT+Cgm2b49l/Gh0gdI5R2KTpdSpLHlDV7V7ee/K3DVw2r1R51k6wz8YzD5nONrOC2xb5qI+xAb9G6vGWnjB5HFDIZYePCVzl+YRDJXgQ92AsFxb9MJOSqxLHO66yitcP4mJefRoEoJl45Nw2lZ98q8La89rsJWQsBp2P+BCmkZBY80VKMzVTO+GfxELjUHMHb5UuQbvrS5B1KwioMP8xYqRV1FbmiH/hkYa9/wivXTZUvNgl2ViWTdhxV8DUb45KxySC0/dDQ/0kj4gX4PcYtvsCDGys014r4YRjnkIt6YDsqXhFwJPlLMlKehoyOZYWrQkTpPo5Jsjwd7gseToaXwTm7NRXEIiv0PVJc04GKo1FSXq8+N/9/t3EcLzzkidj3HzidbK7NwHloJKgYn/kYqLdOE6utTe9tWNirHU/X8qAjn8dViPMEL0o0eQFXLuOCD4HTKp2Wk6mWtF9o9b97mbfq/kcQK+fa9Rn+p1/7z9gcyCS6vQihZdFtZieJ57pnIdfH3W0BAnqjYz4W/9+Xr+8yr0kigoroSFBr3O8Ags//q+pfMOVmxb6BTOggC99DQXl9X2hHsbAz2ecsqH8QrLlWV4+hiTaap48c8GyAUM2mghC4pjEJ/eNaUiw+lQnNbgBQAe/UjQcim5C4fpddY+0w0sOhnW83zoLBsdtn3nAxXRsIODj/iPQ8gfT9oP92rjL99uYlLAz7t1Vjdrfq2q8McpH9b73ZjNnDH5OQBch7j2x0L7+SvTipHQ5h3kXCOZCNNsWS/0ucRfkD1JAv2HPeSysK8N9GZ9G71TMTUk/6SjGhRMjIRzc8NfyPXbl2x33qHrNIwlgmOapYqWXW6zS67VCgwOD4RTHVj8vHGqs4tl6S8Tgd+NdcXfqcqJOZIuPBBCS21deFjYqmBrlryLPD6QOwh7366ADhM6JXh3WS6zN4U3jb9rr8dbE4bSBw7XGwnQ4ed7wQ2YlV0cezxLo3+65DSzo209YErO5xJear6lzchvxdZNE5RfLDZabXiBlRNNcb1dl1dcYNDyIysjglSvqGCxjzrdxtyVDndZuiemTLcZ/oz7C6stNziKjiEftuG/ZS78eAqDw4E09LxxMRpMbwZgiozjpkJWbEA7EdHwNbqMD/YiIfSnp4iEfNb9cHldBtBSzdp6Qyc77O5vgpZAe721jSRGOlx+XGkOXVstxkyIJaa+rXZC5umX+xz1I8cwQ3QA1Gf4P1Tr+EJ9YTsbM01fiXmUtTwyiKruvDP44GLqq7ALAucqQvVwoxk2krKHVTqLScytFc7pTMtzjljFc8hX1Z8J4aOYldUDe7zHxn+aw4JJq2RpCXpe7LUhF8ZCKWrDhGq4rmPD9HkdhjPatldl52gsiLCl0ApP1afvpVurUcrHpv1chKFJ/cx+NAZ8raju3Jo/qSCpQ3CvGYtvEpbgFIYKQFQzdjcacUsVWllGVuqPdeG3CUxokiJZRNRGzKpbvaY221jBqRn4IT2+teqCHlsLr9AljHFwjgQkwUz4Km4pkRgmOVxgFKZ9W9DgkUsxe2S4rMt0OavR0nXEv02b3vUiPDFuOgvmWk5D2qSO7x3DUlwtfHd/jZiVXOoQKVhahDjlOhLdZLWSCgctWScOaFMFwiSiLA6hu6UKI6Zz3x80NTEIhGDYy0zPpw6KIA0kF6fguLaLGmpdeXUZVMGWrlQQwGVq7BPZsfpJFZnZDFbWGq/AM4ptGjxSX0azKNkrg2sYyYIT5+3fYcLAnPx2FEgIXEsoqzfCjOW7PEWus3DnogvguuUbZMaaRmCJRlEQhtas5h5S4942kYZbscvPOE56lxLvMZGmSqTtCs/RwPTc2TSoJlNhxdqE8e87F/7Pl419pJAvCpEMprtIWjUUTfoqx6BxIOw7ahBKe/bIeNEoo2UUXUTN3GfRN6jaOCqMGhrqKO5o/gVhJFfN8l7RprnJnUv6LP3+O3LaIbCxXKvVDxnAbp2NAnmCU6Arh3TeRU/DGrAcE8/KYYhbdkOLCsfduZ8QENF7dJNBdCmpMkRzvMBThmFMgDrtL8+3ehoAXDZk58aKdpm7K03Qv7DY8GNw5APeEqNq4DLvnHN/EJWDl8CbS9rb+yPrzMBkvMXY44KXxM/8L8Iob3oEC7/3lo2QRiKX91h8ZtV35An/PLPi9uWToAVto6RHP8mffkbJBUabC2+bt7geh5GCFYRhyM2/gGWK4EG/VD7WxPgse2xBjqTNBNw+YnRrmac7UdIVnioSQH7Zb2h9A7fF9b5p2jNN0OlqkvG9SAE1GsS2MgMj7DHd7razCNxHzz3voi0qtC1wv4R40+2yhznW1R0MMIN9OVht8R4SPhLQLn/WyMjrJMB9gucTLqQl+6KvETOzt1RHvAuw/CXTWUS2mxsrGE6gaCZJM1EfuT7Rbo+B0MB+oKSKLSCGmgd5W4fEjwfEGwvmvR9ryXYjtM6l1jmIFJthsU5Z8IXcKDYMvJQkYfMLBxPRcxJytom9b9id3YpFf7j2tcrknYK5YP+qOdpuQwr+AP0TF89DrXECaORYnCt4pRMyRgkM1daXh6kc59VbP5/XBVKeIubUMhNuG8XflroQD4fNkV4TZlakQ5oxcBw7DntaJlQVbOW6LMc/7SELQUrymkhA8ptWhCHNFMKBlzo8EKzxp/5xX/ylqwFeaKtdGBm7s/g2ufhFFOQfeRtNJWn69smRPhsYunF+warLNmgYuLZfV4wJHBlPauM388F47fb1vsJnjPYQNlEATT1HS0yEMW+fqgnUBz1hi/OlztEU6qvIZopS94y+6ABGmaCTmhbBzk7w2HrX5k9l3U9y3LRCua4eBl6WRi6nNa2Yr5gajO8xkX6vVQouNVOOgwGbl2XCqi4/ibdK/masSWNJGLJy+cAg4DYUnSbq2WP41nndW3yllBRg09K3m9U6SXR93ln28/VWQOGXcOw6Qvhumx3+QuBR8KNiiaJRv3h+gHD+0QOrYZogTiF/0j+PplqP0gmTsSNuEJjH3FhBhHZ2aqGp6KTRQxl6pIQ5elScgoOpvJulyqH7E9KAHX0ue4ovhs2YA8q/ai88unguzQjM7EnHVtwzLUSr+8nkQVBkWoaDbILQh2rsmkNtaXHxW0h8w8m06o8AA1I8XbRdX5Y0R/CrZRmhzZfKLo5PSAh4+OcFTxdWEnu2fMncxHFS27yGeWHoHxwIlhNuu3sw87JC1wNQVZFZ/lOXZidi7e8y+Z/XpXKi5QOd7qSxzbmsDxbhD0t2BHykRFDhw9Q1HDkfZ0CJ9CN0Xxfka4trNUD9A2Y20rZlvRcnZmOjWoOc1QizFaRPdJGN1USATSPPlWaoM1krqMLcSqwAJSQTmEBigZecHgvkJN43wSTnJFluxnMaSkReYJnZqMuOECYIzy5zUTE9kVYr4/Zp7N+YAUHCkuHgp21gAmbrWhFaYvO+P0BP5goEWC6KibG6guIqZANNN0+4896PKDRWhUFhJC0RLGhYdXKXVTwKLvL+fX1aUrnxQHey4MlOifr9GBpeANzfNB6f0oq2fuMCu+jEjmwM2jwPKtw/Y1fmPXdRGkXsX5O4TUc1C1SfXFLvyg25y3cJaVBbdmbHDa0tjXt/EQwUKXoHkYc7h7ofINCoDJ3EO6o7ADEzAyqy39KCrokbR1IG1Nw7AM94RZMpVDACoVfuN0DFV9X7c6GU/i37Urc9jj2mPbbtm62hniTO9yu+mtt2mn+DlGBP7U/stxz4/oBvooZhbCUyJ7myXAPfeW/gmUboSaeIcfri/hHKgArRWC1SX7gXDPVWYMEjszg6CTAWd2T6ZiC8quSmSkndDlAIA/zuotWyz3/k1/oloLLBRjDNEINYi89xymFEjGxA5/EGpKchNxEvQeAG/iUiJ34n76NBfjtx/KUAPuQifuMVrZXb/nFCDUCGvauKthbFS+AY0v+Eeodzu7JktRey9L44lWRj119ikD6tNA0WwvhaPBhgWUNp/4iyroQPTdrvmdIktfkyJz43qC3Q6OeoMuL3HY15PalVwjxeF9TZjamIQLpYQaZKTX9+8FkgslR0YVFkUdx9Ns7yh4/Ww8SNrTSNayYRjBc8ugnisxxgKnA05eMIy4DqqkLjBwARwAIO7Cg5fIiHdatMgJB8nrL2EXbmn636GlQrfkPQm/jTbYA2s6q00t5FKD80ePLd35LOhcNavBmNA0nKqQM5EjNrB7yBUi8csrqH7zqq8VbCpkDXcddIRKy3iWbQZkHtnKQ1TgnZga43JSkhFVVfHe2Jz8eGkRHpLCV9C9ah7ldpTndhx4HLD1swz8iqwz3I1LPaM67fQtC6TygozzgRBbYbLEj7Ed+fjggVMij3hc+1SngyqW0exRKxowJaFzW/HTeTalyqGatuiC4YC5ngNpEMR9uEfqZ3zT0wCwfjnpKKiXNdOYxFUzOf07J4YIy7WK3wvKeyaHsn6r39BRNqmRiPfGg+t1houPIaDHFL8JVb3DL5waiKDfwQnDKGWFFLmzGrGrdXyf6b1y0IfBtpGkm7BUc0cHEuNTdFV91ev9zJfvSQolbSiB4GkCdrqCaIKDNxFZkssd98yWhxyADxK/iNCXnT77mZRqRVz3imm3fRD1mhdnlEbPhvr3Sa24+JBietj4r17aIS55UxF7zbrSkycvGEQG7Mc0UlIdqsru4OEYaV8V6P1IhQagvnwKKkOZTOdwLQMCZngJSfEfUAMMYPSbYBwD4yD0imXegyFM6hEqfs8L5ZLElKDrJBwlyg3BnsEA758VqMr8hMUQSCgAMzXJaloIooBi5LNWb9/3R/HRHE/g7QT/dnvp0VdSp5xseRKlL8nBe6X3SGNv6DapNv4KTZoOTBYEGFRowD7mBDkkSdhf7WhrCKU/U2s/FtPB3VQGKsEBosZ/I7TtM5QRcF+9n+NzQraxPlBcDguiN2F1T5zy7jsmj0VU4GvxW8A96WsHFbGciHoAZKMAJYUC52nJ8owg8xXrpmgUSDC/jkyVQZprC30R5pccNOg5Geo1TwsmXdq5tjw3S1Rmgo/ruJteO5VZ/quhLIalopkGT/p0XRS8IMXl3DMloVwFe1zfV6qDUBpQvFNB0kIKbIZGPZuTkSVNygiedWeK+poxEz5e5H6J06Oj4KjUr3/vuJGzOF4UkcuG5q3+lK8VeL0xtlIGjG1mRGJdSly1q9av7L/osyw7NsZdv11xhb0/JezVL3h24j3BLKaLHcl4dbkSMgFx6pHVfpP+jCTjiki4ndfau+tm3zVp0FiMGx3SsPF39GWKFopVEesS6PCno+S0N2lj4y262bzDx1+6tinmJ6+13jnnLsB6lZ5LXALeievxw4+CIopcQeXjYWFV5VDWtpqkijdfjXnJxhrRiec8e2Y7Ve2Cqh6UAn0Yclk85p77VimMS4v47JdJzfsfFeCnI7e5M9Xga05RSSTJiVZTT87PNuMpu+u3so+may4VAIUa8JRylLm1G0NyCMjEqfxrCrVn22Wl8itZvPtLdxc312HIVcFZ7EF+iLG+Tu4Rsjo7/y8ZNpt/PQzZbBkIpY5cywNpaNudDLXVYYVwJZkLgcz0Tggr7hVZ1MfoxzFfa1rc8vTWDPYtX2liExqrsCYQmV93kAzPOdoxtbyh5JUCJV5nws7RdpvvXiLcJXkWJ5SnCDYcBgZaPbhLZ3BXzfm+/ViQCnMqCKTVkrqqfd0wzD+PKxYIr9+T/hcsN9cnwM+CUfPcJrPLbSXQAXYnDObHt3fNj0/jGic+IWeCyhUKIIZV6xecsef42Rw1Hp1MfYmJo2ZmdutP7OZO/f18EVPFGD7qM7Ta0xwb8fvxxEqAlTbcj69x4fHroI0s41gkQDyx5djimZ6rmEpc9Tk6QmGxGa8cg/C+BGOUDhdaLErGkQ5IPBd4Ll4g46SNMuCHqGizbF4DFvNt6UWZpWakcZvaKboV6SAAtuxGazfNF4P1Cv5WMxfl5HU2sw+4VQKWUKbwfvUQuBaCeY9scysEHLsqQA7yzkCbspdMEatpuIP7yKGkMViMdhuIvcTqAy+k1QSZ+7gicSaFv9DMU4unjo7LrlMLx2wQqG988HQT5lMlk9x1sJafedYWzygGsrkdtXe0vb7dJmThbr4WiMtyXNTeexEpFScpb0VtK1dZyIQxiI7fS3XKZ6k1FjAQG4bz1FTBjvMkOOAgwtHxcfwkPrDQ5hV5jeeAmPnbHGHFNBA557dquTxD27rBLjfdr6yI4hUs+9UQhqyOBja1MGUZLX48ZlQuCTJwfcdyeXBKmf8vnYKwkxwF8vJZqq27Soweu/Yv0GQR3TJSGzHLRDhpZChXyDLlOb75GX9Cb2HditHQMhVnaZb8tmEz541TZVFx+UK9QJfj+OWd9rRr9Oxzvus2uKhMNp12jl1Pojv2akSD3PAQP+s1khE1TZTHcI2vI7voJpCN3wJJdGceGRcR/N5yEFoxHVJ6YUX1FExNElp0qnStscaDHtSvap3ghqZAEOC730A7O4oTnySdIMvYUIojk8JnB2rlxB/CHd90dYo/hh3OZ6pqAL2lDmpZ6XyGnDKeInVz8J+d9qWxsJ9v1aLlp8kT9TcPdjZx/qlNEcsPcEdk948fHOUIEEF04GyHnrYqeHJn4dgA4/bkwRVuoXkFz5EE3udAlOhEiUocft9BlNCo79vU/2nL5Jq6KxYlk43zARQJhq5J08no46JSGjts2oHvudLLl3eSsDK0jkEAomFolkFjXIP7xT4VECXNyr3UdQ01yHbkwvLWvS8JmjkarGCE5mMNlhO/BpwZsLA66/rw4X+VDvdlNEB/VpSAOnqWEZjHeQYC/ICNR+N3M1n5Yws2FQ5+jV3Xi/b1GmhD/y0LkVxd68fEeelDGLRjddSHgHTn+NMrHFSz4Jc7Oe8vPt0zS3NKHNkAnqtM1vzjusz6mwmNnG85SAWA2QBKBiXAxZ98dsvleMouENeGsaPO4Qe0Na4xYVJRyuf63TDVSlyvStboTNrkLgRQgZ6DGOCMgAeVLS8jJJHHfQceTSyMgrMPMoI8CoyPM3uWUH2YgWahQL/ft4etbx4vDFKYub0cVqisgyRScrcpdSxZZMuys1AsDHuOtpMr8WggiSuLfaonuKi/+h9nYTPxqKn1oEdFlmZMO7lt9RV/MMt9Tqwst0RNmf3U2rsfvqlq4YaP0dJCI+/4gjMCHJZ3fkUAptM5NgXtGiQyReuiw1lctyEHYAWGftQ5kW64ww3gR3z44VUSckoioFt9Mg5fOcd4T6s5tAkw7v+AUHTo4Yf5alexvh0NBIoO1Jl4WuzC9tzDUyB53pIVZxW0buXrkGf6i6fqWnNX7uqXC9WqG5+UJ/THweKPvZ1/+Dy5C/7UDW+omh8Z2DB9u5aDlbuNHQNaPMT8KX/RDnY8VrPKMZ98vrArkGIodbpb7MaLfCz/umNmnAaA6l/dzKvYqF0Hs7QZHDjRoqRu7MhsVnl+ikw1zsSTDNS0hYDhl0HV8iGsvhAOAfTUTf1X1F0M+uSX7CNteJ7s5xVKfKCRZgi3vod8Ljw/moITGb2a+5CC1rDw1hFPYsWsZai2sGuMiCcW577tW2dps2Al9fwzUDJrjioTAPA1u+cfMc2FjvhNsoJDlwP+P4EYUc3OOAReNV5JBBlDRSI06y2wFBlt+Ri+iiBLsQzwAFI6LqMPUecNP33sVg5u1V74iFyCbfz0iz5F96pB69KYP7m0edhCeZaG8xXBSOpHJTLAHabR/YuyzPJx94sWV2O46QHHOLrXgm0bhr9BolrjD3NvOZs6wy5VskAcC8VdgeCR+0MCScZB1cIlo6CiUddFsK/X3bBY4CtROtCsQFVqoZpgdiJnoTlmdMB6AVOAO9Ts6t6a31S6haOrOAGMzQCUPvxCE85FGOHZapbYa9+LKKC+/A+g2q5uYJIlHpVwuBRAUhTHPCvu1M0Bce1c4QFsmUUfY5gnG/yh4Ok0FShtrcMkQ4Fums5GHIZiHeFWcujL+sLVzV9kWSqLzmv2tKXMaFPfgqm</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:03:50,278 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:03:50,278 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190350Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bd47wlfczxkqk1zhldgalzfqcbj85tqp5k5ha1n|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_89850293df2ba2cbac1bf38771ebdef5|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxVBIOYmkDLiBbxNFLoioSYZnVQVKDyzOz2CPZBt+H+2w7GmYAgH4mxeIlgadrwF0OMtnamivIcocNPJiiJhFPad66qMR4bcCJomjr7S84UwqJ/okkBB+8rvEBF8sZHeyF7WKAHCpdBVzCCHdRE0RpTpV1DU6HoBc=|_0ee62495aa6e84f7b64bcf9501adde2e|
2020-04-02 19:03:58,666 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-04-02 19:03:58,666 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:03:58,667 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:03:58,667 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_5f1ac3f8c15c478f85b3b38c23de67cf"
    IssueInstant="2020-04-02T19:03:56.924Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">wfsyntheticscl01.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_5f1ac3f8c15c478f85b3b38c23de67cf">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>tBVtLzYGW7FKO6FhMcsSLWutnXE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>o4RJ/+GyCY3DUHjVmoVHAH6+KCWv05unb5MmkTVdBJa9ld7IXc5R6On5RfKU8lDNCJb8ioEsSD8mfS/TvdtZDDMwUdU2pQssrZ8K1KwiBv40w1KW3VLR45iz3svJGPJ82ia42EPosDVLPWrHMqZiEkwFeefOaSEr5mssrVpx6DVZv0cnHv1Tb9uHjBvJR6tZfGAS3IYusFHHJKlIo0WS06+pSHKMA/sX8KxMM39TboRHIP2in6MzNnbCJWXTf+20z2F32q+Alb+5aNqp2uffgwFyNd4ZjXdLFBVGk8lGCCLZ/bOG1qRbN0vAm8Ct3wth45uPlqBWtmwMt3t9f7J0Qg==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-04-02 19:03:58,671 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'wfsyntheticscl01.my.workfront.com/SAML2' from origin source
2020-04-02 19:03:58,671 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:03:58,671 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:03:58,671 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:03:58,671 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:03:58,671 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:03:58,671 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:03:58,671 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:03:58,671 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer wfsyntheticscl01.my.workfront.com/SAML2
2020-04-02 19:03:58,672 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:58,672 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:03:58,672 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:03:58,672 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:03:58,672 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:03:58,672 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5f1ac3f8c15c478f85b3b38c23de67cf', issue instant '2020-04-02T19:03:56.924Z', entityID 'wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: wfsyntheticscl01.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'wfsyntheticscl01.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5f1ac3f8c15c478f85b3b38c23de67cf"
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5f1ac3f8c15c478f85b3b38c23de67cf and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5f1ac3f8c15c478f85b3b38c23de67cf"
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5f1ac3f8c15c478f85b3b38c23de67cf and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_5f1ac3f8c15c478f85b3b38c23de67cf"
2020-04-02 19:03:58,673 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID wfsyntheticscl01.my.workfront.com/SAML2
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:03:58,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:03:58,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:03:58,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:03:58,674 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:03:58,674 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://wfsyntheticscl01.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd' 
2020-04-02 19:03:58,674 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:03:58,674 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:03:58,674 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:03:58,675 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:03:58,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:03:58,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:03:58,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:03:58,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:03:58,675 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: wfsyntheticscl01.my.workfront.com/SAML2
2020-04-02 19:03:58,675 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:03:58,675 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:03:58,675 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:03:58,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:03:58,678 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:03:58,678 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:03:58.678Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:03:58,678 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:03:58,679 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:03:58,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:03:58,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:03:58,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:04:03,617 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:04:03,617 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:04:03,617 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1304209662::identifier=rick, context=org.apache.velocity.VelocityContext@76b9df14]
2020-04-02 19:04:03,624 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1304209662::identifier=rick, context=org.apache.velocity.VelocityContext@76b9df14]
2020-04-02 19:04:03,626 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:04:03,626 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:04:03,626 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:04:03,626 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:04:03,626 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:04:03,626 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:04:03,627 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:04:03,627 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 1eb41857e1fc4b12acd807dfe2436960a58dda90d769a0f34b548145ceceefa8 for principal rick
2020-04-02 19:04:03,627 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 1eb41857e1fc4b12acd807dfe2436960a58dda90d769a0f34b548145ceceefa8
2020-04-02 19:04:03,627 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:04:03,628 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:04:03,635 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e86a81a'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:04:03,636 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:04:03,637 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:04:03,637 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:04:03,834 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:04:03,834 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:04:03,834 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:04:03,834 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:04:03,834 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:04:03,834 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:04:04,993 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190404Z|wfsyntheticscl01.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:wfsyntheticscl01.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390244993}'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:wfsyntheticscl01.my.workfront.com/SAML2'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:wfsyntheticscl01.my.workfront.com/SAML2]' as '["rick:wfsyntheticscl01.my.workfront.com/SAML2"]'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e86a81a'
2020-04-02 19:04:04,993 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:04,994 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:04:04,994 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:04:04,995 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:04:04,995 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9ee8b1890d056f4c1dfca6e67b8ea561
2020-04-02 19:04:04,995 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9ee8b1890d056f4c1dfca6e67b8ea561 to Response _ed0bd31f8f1e6223fa3938b749a800ea
2020-04-02 19:04:04,995 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9ee8b1890d056f4c1dfca6e67b8ea561
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:04:04,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:04:04,996 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:04:04,996 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-04-02 19:04:04,996 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:04:04,997 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:04:04,997 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxNURNsTuPtb4+RgrNLRjCAZbpb90JoyocST7VjFG2gg4YAkNjDrXLeZ0LMeiKCDpwm5yjGzJn1UBfMCJcPVS2VBMzLqD/sJR/5Sncw8Mi5jNLrxnOrVaTB+nDISkrgPRSUD7GKL6pyXp8+A== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _5f1ac3f8c15c478f85b3b38c23de67cf
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9ee8b1890d056f4c1dfca6e67b8ea561
2020-04-02 19:04:04,997 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9ee8b1890d056f4c1dfca6e67b8ea561 did not already contain Conditions, one was added
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:09:04.994Z, to Assertion _9ee8b1890d056f4c1dfca6e67b8ea561
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9ee8b1890d056f4c1dfca6e67b8ea561 already contained Conditions, nothing was done
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9ee8b1890d056f4c1dfca6e67b8ea561 already contained Conditions, nothing was done
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding wfsyntheticscl01.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-04-02 19:04:04,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9ee8b1890d056f4c1dfca6e67b8ea561
2020-04-02 19:04:04,998 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party wfsyntheticscl01.my.workfront.com/SAML2 to existing session 1eb41857e1fc4b12acd807dfe2436960a58dda90d769a0f34b548145ceceefa8
2020-04-02 19:04:04,998 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service wfsyntheticscl01.my.workfront.com/SAML2 in session 1eb41857e1fc4b12acd807dfe2436960a58dda90d769a0f34b548145ceceefa8
2020-04-02 19:04:04,998 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:04:04,999 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID wfsyntheticscl01.my.workfront.com/SAML2 and key AAdzZWNyZXQxNURNsTuPtb4+RgrNLRjCAZbpb90JoyocST7VjFG2gg4YAkNjDrXLeZ0LMeiKCDpwm5yjGzJn1UBfMCJcPVS2VBMzLqD/sJR/5Sncw8Mi5jNLrxnOrVaTB+nDISkrgPRSUD7GKL6pyXp8+A==
2020-04-02 19:04:04,999 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:04:04,999 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:04:04,999 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9ee8b1890d056f4c1dfca6e67b8ea561"
2020-04-02 19:04:04,999 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9ee8b1890d056f4c1dfca6e67b8ea561 and Element was [saml2:Assertion: null]
2020-04-02 19:04:04,999 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9ee8b1890d056f4c1dfca6e67b8ea561"
2020-04-02 19:04:04,999 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9ee8b1890d056f4c1dfca6e67b8ea561 and Element was [saml2:Assertion: null]
2020-04-02 19:04:05,001 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_ed0bd31f8f1e6223fa3938b749a800ea"
    InResponseTo="_5f1ac3f8c15c478f85b3b38c23de67cf"
    IssueInstant="2020-04-02T19:04:04.994Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9ee8b1890d056f4c1dfca6e67b8ea561"
        IssueInstant="2020-04-02T19:04:04.994Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_9ee8b1890d056f4c1dfca6e67b8ea561">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>XWK4PfqMetmdGCcsI2p7hIK75JCRecPwhZQzZaVNXAQ=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>gbVFd8suGANUDV7nW2djXbWuIqGHaJLPlc4EfUXPEPoENzEcZAUyVC3ckJde5IbcqMCpnfoQVygE3mSAtkMwAi4tmbQU+wFMsF7iGfpYw/VVgtnmvqtcVZxTO1aMQ5OcWLATRt9rzhqdRQdv5ESLsac+ahmhSBmqPKLargigAJj8h4WDeK7vW/zX9E9NIgn4sH22Al0StEKJ869RVScS0NIQVO9W1sOJ7yb7ysp/BxQgeDCdX9U94xXnX/QD4poj6rHbXtI1S2qO4Lipk98dxuPWyYeiQZ63+hPUHPG2OoT3mDV0nytf1RaUHWLLsvFnMvqLpndWVib1RnnVfW3dpg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="wfsyntheticscl01.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxNURNsTuPtb4+RgrNLRjCAZbpb90JoyocST7VjFG2gg4YAkNjDrXLeZ0LMeiKCDpwm5yjGzJn1UBfMCJcPVS2VBMzLqD/sJR/5Sncw8Mi5jNLrxnOrVaTB+nDISkrgPRSUD7GKL6pyXp8+A==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_5f1ac3f8c15c478f85b3b38c23de67cf"
                    NotOnOrAfter="2020-04-02T19:09:04.997Z" Recipient="https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:04:04.994Z" NotOnOrAfter="2020-04-02T19:09:04.994Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>wfsyntheticscl01.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:04:03.626Z" SessionIndex="_c6e810dd34f4d3136ec5cf5cfc05d01d">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:04:05,003 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:04:05,003 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:04:05,005 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ed0bd31f8f1e6223fa3938b749a800ea"
2020-04-02 19:04:05,005 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ed0bd31f8f1e6223fa3938b749a800ea and Element was [saml2p:Response: null]
2020-04-02 19:04:05,005 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ed0bd31f8f1e6223fa3938b749a800ea"
2020-04-02 19:04:05,005 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ed0bd31f8f1e6223fa3938b749a800ea and Element was [saml2p:Response: null]
2020-04-02 19:04:05,007 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:04:05,007 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;wfsyntheticscl01.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-04-02 19:04:05,007 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:04:05,007 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-04-02 19:04:05,013 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://wfsyntheticscl01.my.workfront.com/attask/saml2consumer.cmd"
    ID="_ed0bd31f8f1e6223fa3938b749a800ea"
    InResponseTo="_5f1ac3f8c15c478f85b3b38c23de67cf"
    IssueInstant="2020-04-02T19:04:04.994Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_ed0bd31f8f1e6223fa3938b749a800ea">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>qXXbITp4cCO5D8P1e6aNLWvYhD8d4bBGj46kubgLhEM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>SpSr3xwDobhbeY9TZHlH0YJRsb9USVl77q5O63QtA+bRK+zpDnrl6sjQ3erDgdUfbH3vkZk5/PMowrqp6eP4cWY7JF9AJSZOF/AHdRRki7HYSnTKprH5yBXFupcG9+MhXEUpJOjwr9qM2/yFQ/Y3kyNT75f8wh63P6COxfVz9JsVBA43jGrhxEG5Dno5M6a74z4COWRbU8lcrc5SDM0pD2WUDpabQsRD0/HhXiAjZ818qFvf8zd/mjWTT+R4HAEydXZy/zOjFpyBd+j3AIGvuhLSaZxcVNx+raJ8XcVrfB0rpuBD3G+aLPMYoLOZBERYwTXflVuQZX89MUd1nApyyw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_6e64ee00a50c7fe93df1e0b9feb1768d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_101e133b277bdfbb09df19bcee34ea13"
                    Recipient="wfsyntheticscl01.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>k8WzwI6mylmIQHwPLfRAW2vByB1fPByTdGfRmY5gxy5Cw1eLY6C1DwY1mIkcyNNR0R+spMzVnNHBufpZPGoj2QnGSOC0+TTWGVoXyYiq8dj8tQ/B2GjUY5pMgj8ntCTkIm4U/98ftbeVukmc4zBaXvuw/5x9ABn9WkbzdiNh0Ao2KpClzPYs083JxoWZvwuWljtQ4SltDdEfAFXteWICewwHLW/AQq28yTSxijkaS7ryGfjFsPOIOfSkPauS79Ca5rnDKHsBDC/yahR98k3dsNDId1kjEAzcADCDZE2DWG+mdp9NHs8IdknUReeEPWt8pn4t3sQK6ZwWGFsy7x4MQQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>wMVN81S1liv9G0r0ihgB2rePptIbRt0I48Q1Px8RF9zUfBW0MZlr+aGz2lBzHpM5AMMuqBlukBRpI85kJ6U/SWYBatMCda/DAl00GPxEOR+mcHJCTKR2p0Vo6M4oL1NkSIZNJj6bMMN92vXbsyVu8QPY5cRp2d8n3cZlcenMwWn+i6zLNvhVZaqjb604iDLxanzmxJVcct11FjUtikMaQC+RhkeuCIJ3b9dg8X6RAY1Gmk4MRAtvoEoxaKma2xFX+j1RnRTQ25RhUQWpCf6gYDwsPGyFmXfFlulW4h70EUarB8+0tjgcZF9V7drJVWCwd+eAaytaImQAjFLlx1zJo3Y2wAherC7HBSg1GTGadkzFjihGA8bUd4Fl0BqGTBrQAhrO40nCFKjLqKd9sFfZN+KF4/oX+j/GKh3wW3bodG2pHAViUf3yeMfKRRI2oJHXLdnn3GTeJ8aWJv0UuMUMxerVJqHuOVlipSBjqVeYvN143u200aUI0l/8HzL0HJZujnnddsRvjnLOKWv8fp9c1pg2qkG1SVFkC6VUPvvwvNopHt0FrQ4wKIvFBOM+PeOHhuI/UUBP+t/tSVPmHkxJogF2gUdqZZe6CpcJhe0JjwAD3lfNgniPFOstf5It9SCY/1iNBIQJl5p5Z20Z7/qAASNJpa3KbRf/gPiSlNZVff4uPunAKaZfVhWDZcZF5P/pmwL9AFltAxNA4CO6bFGasMPI0+7hX6XgKD76h5fNVIROJfa9l3kbpRhP+zbrn9JjJJAAOVAFdJIqGN8a6IWaXz5hmUeZNbZ0s2M02GSpXX11+E94F85UqfJ1/S35aLJF2letsnWh1de7OXy6vKrOou7ZBfCiUWTvmwIto5/J3h4URRmaIETQNUj95mpfrMDWz5UaWtXrGzB0chxReS6ax4AK0Qdnb4Vre1xQhLgdlAE7LyxA0VAa0lQ6OQPo3HV/rachLK+KnD+/hYDr1+SBc5cVVAcLTRF2y8QU8o+M6lUSvDSxnfu7MBdX83U9hl6mMiZX3AxU/QMUHxr4Ug+O1qmnHokZPD1ABkvN/uNtcTli5WlAZyhO9glusAVnabyr5szn/dYmQ1/KhIqio5vujNkgZvJ9j789POczAjJOAR+opu0u6rkeSifdu5tzqT2QHTTCZtjTpjGbG1lzXJ7A1ea1uF5MqKzv/MetlvAab45m33v2Q98Z2MA1pSgyQTr+WF1Edgmuww5upIPgF2g+qJ52xp42RtLkbMPMAhHFa6u3+zaIM8HuAcL5cuMqgcP7jnCZqGt6ckA/5IXdTq9WtHag/Sesj2qYyZGSXtQqNOaMxmXyovH0Ms9qGbwPIGYJxAdZVyr0cEjq8kEUuk9A+ksOqowCkjdpN83rLwYDdyC9aUysziwNWiztgeL2b+3ViNGoG1ZLi/5arfzGwv0QmrIP/jY3kFYwWvp12VCWlTG2YKOVnXYW8mQvnynqWYQ1wD0vfKJ0tainDfIHWfrYptQUlhXagVpoyfHodJFcRR4lVq++NHjuDGWMKXFOGhKX4rjfVECHsIGsk9fFqzL62bFyE+qEd0oZyuDpJ6CD1zCUCUPd+CWkdTQbCO2aBbhYDVtrG3nFUCEGxkr07LrPDiIjhwJrc7DwJrObEbVVV6hzfQ9iEL0tkv7C3F919HvqtQo4xj73iyMQuqaftCeBGAtgddpRhawU9QIr2TccrroTp9LV0eezgnUNxSuCcmVktD31kGjgr/D/DrPEpvt8LPCwebHebthNZQB0c/DZ45IW0WBxeE3q7BPLaM+4rRZsq+JMLIUozxuYWypeVq8m7h0PP42YRoKL2bCwsoZNxqk7h//XjFByMbgXrmq4bgHBQtTTvEaw1fk0sQGp6JGDRNQmnvh+AFll+biZe5Z9oM9AGkmST1Huul3E/jNiykJHrDrr0SQUJrbgzSplL+p4ANCh6KUarLT2tOFTsC+0G0p7+DtF/g+qeXi/evfqUl8+ViyFzCICy265B60IvRe2sJzMovd4adkLsjQGabMjJcBTAopYYua413OYc6usbrjfmd/4n05r85QroYwsJwksMkrMYUUFWVITX7UHGp/jRwLNMtLY9MOBfLlXudvWmFthvKoZf3KHd1r+eAbIFswEVcPsNDoiIfprxsNOGE1bbboGiubtk1fAe/woCazZ8ICMdFaIpp/VUpHKoeu6ZeVXXK2gPyprn62m9vjxgUmdIxgsclLEuZkAWwYbewYx5AIZGxx6mUhTnvwc21+Y91tSShYahm0OfneQHWkchjzC3E23OqDcFKPET1RpuEtGmfSAb1Mx59SBk4zYd4krZHOfJnJaQxRTPeLmBYw6rsY4Aa8agSKfyN6cCK/Ksy8W4k88ZA2C0rEyD7N2e5e5TXjhQabAaKa85wStHNqOXtoNZdqssMRY3CvZYBaqo/V22d0XD702UFdGezmESR3tC3+NjeIgaJ52ovrZrolIxo7NS++AxZYLihlEtvr+10AkhjUw5KRY4fFzDVW9C3tGdNXjNxqTMUQwODfR8ebkyZaU1KcrZ8JMU5qqU0PL+bZuuo0OVaOUaKH1suYPXk6r+yaSJsY9vTMYm+90DKW3Wq79jWqzGisKRzoONKIO5i0r6DraSOhYzJOgWV14ZfSlTE0EEbqSI8oqB4o0Q76ahkWZ9S9TSaqMs//mLgBu/IhzZ4uqbPkGob4jsQPgFG1zrFNy/aN7c1sXvJN5YUccOG2SWgYIqO8qRjRKYIdkBTctqENQMpjl18p3tl0EU7bUdKJHbATPuRjI8uleKeY2rWIn8bVS8A9YxpbDSAwac+CY+mEoYydpuJoB/wG3X8r4L5EjNF3VSdTvVdTdrC2jM6zwWxZni3VEz4R99prHJfOlUQyyLzJYWSqQglR/iAWX8VWa/s08zkRbqRumMsRuMibM9Hw3oWG/DVZvsiwyCrR/ELjI0X/Z0e1XQg2BPiE/vbhtl7fhybxnUTxLXp+Y5h808ZNOLHzXZ8horwpaee3eb9+u8gzywUgIoDoNOrSZJI/tDM267unC2pPDFti8tnjkEiFJKfKq0wGrE+y5a7sUW/Q41anqwlidbHW1stG9vWIeNZIzUMXNLYv8OLTo20bmoT7/7FnUSPuo+VAJ7UrG7cnEOv8zvd0l22YW8gfmbiplmrNIgeWfg8ivJdM31OhCwFp3gMtXpQECeyeeQL/p4E8W6lW+mkV9aOPa0+xgUhHdneZ8bXkSz+Y2hpRwE/fgobQkp0ElC6TfcLj9EsGa5nX7y6G8V4YDRy54S6+A39wMGzhw5mMJQKFvueDva5qZ34OVyDZr3VIn8982hmmisNs172kX3VGNeHbHBK6lxxkfk3bqKBqISovfYaWvfHwWyIYJ8vS6IRog0twTtOrj4CoZmi+g7SHx0E5e90u1xmWqo74TpbWqBWIS3J2wg03MxlQpvnXXYDm6H/IqzGRUoGPQO3iKfazrWamThpIbjs+9w6mCvAROO5dAxglLSZVxRmyfelJ9Sx8SpQ9s15vu/STZ5RwMTkSGEeDmSFVfd+FuPQ3bGEJDApmizkHAsLWFnxMJVtktnXV9jyuwiPEkE+l0338Or0z12rsxas5LGYXqJbxtpgWrfMXN8NS+tlN5HQcaMA9y1Y/RF87KH1JFaMTRj272i8CSymr9inPvDRWBjY+RGuIGHTAIeG6Mo9u9oFYECSIB5IIm6xtfkuH3w6J2RLTIPZCfb7KirobgW1fHBTlCPA6yUxElK9oNLQFNKc6hgVmp4q2TFUJMDVTvgpc4HD7j4ehKN3moOu+HfsZJ5QLBL/W0ak2Q4XOb0KZIZlu+OriWv5lRNfQs68UbDoVxDQQ1ialuL5nSjTPVW2CHHTKPoSiVTM/loUaB2HQE49IiXPOsVFb7tFmkKAJejheFqyPN4xfNAy/IXA/5FlhQQNAPkmZTI0tBMwQjFqN+Kj1eMr24p0U/7hVsCajVFQ8hz4ZdLP2NkXp6aAPauh6M1NQK7kA1A6sIVd/KWtAalD1k39YWZQK/eijm0YsBg20zVq/kXrPuDB3fClVWJzU0E98jnNqJt87L6LnGHFa1tAB7TpfF0FZUlHCEjPb21TWHISvAO4xnXG6DOrta7X2NzvN190alRMpFN4nrlwkVOWFoO55HUVFfmtBMuksnfq1bIC9XhEqB1dcovHWrRJaEj02iGjuk8+LakXRz5K8ojWOaJI3iCJjwsYk10xoR7rlqGq2vNICvCyZ0sCkipDD6Jnubcl9g3B+qlj+0Oocb04QSfb58wJVLVkFz4EqdI6Gk384WJzV91m/BQ8XgAG9PM13EsF7Z87fmB4tIqJMA7UYFFhDZhJb86qX5ad0i5HUNfbghejfpyVe7jB18s+5kVoIxqj35iDb1jgdmROEQ++oTV/czEt5zX7ULfYLY4+z8tgzdboSTUqofC8aNGon1JUMhIVMaCVfvbj7rjbZwsWV73+NPjSqUSe9QMatKsZ4Kyj8lr0iaZnTVrisKyhrn+qgbQUHj3YkdimhT5GA8AvwuCVvNEPfbhjsJEiHsfD6BDen5MueUPRpBRTRs4zoLDtoCKzalxadroxIM5F40IO6RaZ0q4vBGABtKzx3kO/UTTS2vb77aFWzEvkGDPSbxnSNlZRnfadGe07WX9+R7PY4D65HXjbxD/ckxYSEuv2ZsGppe2zT8s/fARb8UZG83TowuHgvaYkBfyTzuWMQL6pNr3pmhpB5TfiufNzmAaU5VXVNXhSbzqjlera/fRDe/jy2D5y7evJ4oxxXXUl+a3tOsmxfD8mIM+nFNHab9RD6JEQddqBESrROlyzFafIdQiyKzuGu8OWBfzWIGPjTxen4N3ifVmQwd4JiKarvCPRh4N6zJ2hJIkINpOawaZ8w7muBeJxBCkFyeqymmIRKAPlIVZCQ5IP34a0N1vomaGGqAyiSgA/ciQKvtc96eu8hyx2ObcMPVtl9q8Cc1iJU/8cRZaKBbn9dEgBEW8EC7X9uunBh16vQp8rJsaVcpSaWDVgAIGAGZCFi9ZDOxEoB3edRUgmbnQkMteF+sGU8bkXDpKYOmV7uzDVWuF5J3JQ70jMMxOGIaZ7gl0i62SOb7xS/+icPntRXW3PxGt10jGJEs9YxPxlHECY+Bqnounu44IEZQmAl/bJe5K8teckO/cnlOWdjow0091zC0WjsWoQZ8vz7UuwXFvcWpk5fFA/ICpkuo8QT68PtZA4IiulIxVdDDfDNgOErb2ghGN6FItGgVcb0yr05XxQd+Euw7BUJBx+ybWsDnlwxDsmFzZMvwOH4BVapQ7piccj0PRfuwrUk4fYhLNGjvZuZt2FKTBpUZvxIlsa6s8Sgpmq3+Wv2JToZl9Ryc9MQXxmZ1yXmO2XsUSJXkyOUeYl4MZYE6wJocrEH9IIixrmB1YznQ1urj+EqfRMWZuRSNoJOUMuVm+rzLkVDGguPOxQHAgrAyh7ESmegf1zo5wTBrdGCpLsQDJknyE8rgBC+MW1wfQtTclO4XuTITa36uFtl1qgTtwwdrLcdMkI+vY0N3tlyUYT4AUgG31kVwoG7mUvsdd99ELOflv0xcA+V3xMq0nhzSxPpfux4pecKKm1+2/NbZlw5V5B8R6aNpyUUzxszPJ3szRnRfNWLGiKcq6uSLB0siSJP2vIISRd0LFa4ln6ouh1Tq+5CEGUP64N3GTLqk3xl2kOII3gTtdjOWv9MKMHy1XxBr04MpFVnVJBMA6fzi5cEf0HtxF0SAgRS/hN7n74Xn45hgwWWp7/10RUB7GFdN+1T0ODqAXS0W6JLZyUMfHtPz3fZ/+puV7hlpZw4kfx5d4t4dxS0nTxPM0WQA08g9TTdnrorDMVLvRGWtBs9t/kz33fzpHCGGXqLFPVhFW/K6BC6CheKr9sWsFvI/la2ojzCjcMq0yu3lX9zIE1GXtFRVqemxw+YEi9upiIm26L5MqCHcJUyMCRi/Pnb2w2t04A1VBAby3WRjY2Wz6sAtVTq1gT22Fs6SloQxQ2PVWPud9CkTKLnmMd/GRwc9JwCZ6QnGoRK5Nqe9KEq/SyMSHaS/kRFN5PMjL0nsI6uzvtlyde4mXrTxq9/LLUcdNyko7AfhRH5ITFJo0LDSGnebbskvC2WTdGhtuK/u8aqnh8XKV6X3ruWRVXgEiSE/YYSQ9W4PQpPrrq9GBu2qGtPtM0LWBw0Uda6bDfJBRzq8nNg2mTX2jhFBXr2tzCsjUMZxfMRV7wYn9nRsnWLcbdiG/uEBLVisq2hh59nFjeK1bK8BzEfsEW58K9iuKvkuebFr31WhyGaN73XUp5RG0uTt1AN6Orik6zXoxZk9I6234McBnYxx7HA0gXI6O3UlFrkAuSFC691GudTBKKDKSBWSLh5SKMkjDdFrsJ8POejXnDKz6s4W3bLIq00jlZJd1EJVK+H6Pb0v0YZ7dkZ+bypXioMwMf7DrWnbIW7RWK/q51kvLLSvJ6OxRzDUlS8XT5X6O6OhrB1dLCwRVXdtXuVLCkXrcvGhCEV61IK9qGTvat925DtkcR2yxpPIyXnoixUQJO9fPf1byfdRqYlByubXy/M+hikLrHQityfavYlRFOM2/l4J6XsQl84F24QN74L8rZrkM+JE6s872Desn0SulDICH0fUu/Cb1TI9C0ZeqcdcKOh84QFGlooIDauylDOKHb/FaEGcL1UIE9HtO1p0/1YXVyTCK4pZXelwxtOwL+WbA14zLeG/HggFr8wfhT1SgNr07OnJb06n2j4drIYvMcAmCAR29HbvTZKaOgMHJ6m9eCdIeM7rAmWGAQKKLPk5OI1i8OQsDMx1Th/ResnRAqBKMKirsOBmLCRXjJwokhjLilJCkqA+5H8Iqbka52BqPKJ9p15k9cvLpn79B2rA8oVlRAKU6JovIg32dJenHWiFvSBzQWYrK3RWpFmUL10o56X3uUZxpWJ/TA8il2g6JYmlYnch8oX4bl3iqNYp07+AsLEaqibOSmWSa1oZsQb4fK3i6eKXhtKy7gtqjzcq10GRPxjPKImd3vFdRNH8NzL3imTfnd2lAm4a5Cfk+bc6i/LAV6tYRg6ASFU1SW2hS+IYjjlEs/vUILkgvObuJaPokDM68cAff5AJBR8We0vnw0GWQOZc6hDxPVwV8JeTJEuym2pkFmDfU5xMcN6hbWqsP0yugah0FS8aAEcjl6X2AWvdFWAx2/cj1TnW2vRPt95AoShEBS+EszDmoL0mgGY2yUjX0Lxp7Zv3sFwrCkAmzSxdGfN35PtcPtrKoOzyrK07OVkN9KyVz/Ny5pvI1bww6T8BFZUH8mSX7KVuOT42hEPAMGEBi/+VRivG94H2kUscTH11rXcKn5RyiXr3tt9/Thru6EW63yYnsY3of5S4ui8pnkJ4HmSUf3lZHpx8AN9mzOGV+8D5EJ0TQkLkwI6+1dW1HpTomV2hR3q7gEMZpIERvnDpRErRwBV/5XNebFywfwAORmtUzacF77dBG9xaoMHm9kG5QhA5nlN+hyyaaDlkCxmdQI5gSbG8wj07qzdk7rCuEy2mCJsYcn0PzBoqjL6ouAWIdIB4ND3t0Zl4oeSQgKHbzzKFZBe+JBsgicrf/UCzdmY6QPs6Tqi9lNKROiPCyJvTt4znrsnn2N0LGS33Q0uQR+LLDTaf4DGQJf2PumIX9QZA/nS23Kc+NUtJTP8CpKK8eK+zqbg185byyA46sxnvxuk61uPW20zaJcqSD3mFV/MyUzXeycsNo07d7GLKSSbeG/+ZUeaIQ4XQK8QRQpzmR46iJH6wdFy17RZd4uMjtVMm55CLzSUyvnPxYXyeAhjqiIvT3yA95v9n7u6LYoCt5+Yr/AwKk/9nJBwz7xSN2sVDubW/nEEd97sFbsWSgVaT1EEMiMrG+r2lIRhDz4SEFONelTOvVsibyKsXMLQAXdLPWQv97N2NwZIuHTxPcaLwny653IXS7t2SKQ45Yb4VTny1fO48H4M3RJGcITZq3GFDvsFRPSmgIkdNHJqb</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:04:05,013 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:04:05,013 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190405Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5f1ac3f8c15c478f85b3b38c23de67cf|wfsyntheticscl01.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_ed0bd31f8f1e6223fa3938b749a800ea|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxNURNsTuPtb4+RgrNLRjCAZbpb90JoyocST7VjFG2gg4YAkNjDrXLeZ0LMeiKCDpwm5yjGzJn1UBfMCJcPVS2VBMzLqD/sJR/5Sncw8Mi5jNLrxnOrVaTB+nDISkrgPRSUD7GKL6pyXp8+A==|_9ee8b1890d056f4c1dfca6e67b8ea561|
2020-04-02 19:04:18,723 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-4028-u-XMQoyebI8w64dyK9z9f5Qoac-T9QIW
2020-04-02 19:04:18,723 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:04:18,723 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:04:18,723 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x"
    IsPassive="false" IssueInstant="2020-04-02T19:04:17.710Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>W8CA1vaMwQ/55Vsq3YKtqymARiBdmNvWIw9UF5tSxIE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Vru94Dp5MVGe1Yt/DeEuXvPDADCCC4ZMntQYhIbwOmwQCw2NMThh28whV451A/8IRHCMTPGcCF8h
BtwTLdp4xwz5LeajXXGLQcb34Eb3+qncrSYVD2EPj0TL6/Iu1wLxUKQommCXdXBtxKd5eRsiIS/7
sD26aHXu4pojsMjQTNtMMqLRQo39+eG5eNjyUUhuYiW5cnH96pCrXrC+E4WSfRlOJz69aFTL6G+3
pWx//ZmGaa8XTPHDCO+zoW8G6CthM6/lT8SkdkmKsYfplSUdwU9RaqoySMtYSnoq/1x9jRoq6Lgt
vkGKsMABwWmxCJmgQFvjiIY3wp+sFW+cv/6/Lw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-04-02 19:04:18,728 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-04-02 19:04:18,728 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:04:18,728 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:04:18,728 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:04:18,728 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:04:18,728 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:04:18,729 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:04:18,729 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:04:18,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:04:18,729 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:18,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:04:18,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:04:18,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:04:18,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:04:18,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x', issue instant '2020-04-02T19:04:17.710Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x"
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x"
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x"
2020-04-02 19:04:18,730 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:04:18,730 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:04:18,731 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:04:18,731 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:04:18,731 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:04:18,731 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:04:18,731 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:04:18,731 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-04-02 19:04:18,732 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:04:18,732 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:04:18,732 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:04:18,732 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:04:18,732 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:04:18,732 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-04-02 19:04:18,732 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:04:18,732 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:04:18,732 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:04:18,732 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:04:18,735 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:04:18,735 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:04:18.735Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:04:18,736 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:04:18,920 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:04:18,920 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:04:18,920 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:04:21,319 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:04:21,320 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:04:21,320 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1468969337::identifier=rick, context=org.apache.velocity.VelocityContext@1c024831]
2020-04-02 19:04:21,321 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1468969337::identifier=rick, context=org.apache.velocity.VelocityContext@1c024831]
2020-04-02 19:04:21,322 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8079c2677d865f031a6aa0ddff2d74485e4ffdfe311df921c0c7aaf2f7d21e90 for principal rick
2020-04-02 19:04:21,322 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8079c2677d865f031a6aa0ddff2d74485e4ffdfe311df921c0c7aaf2f7d21e90
2020-04-02 19:04:21,323 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:04:21,324 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4abbec4f'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:04:21,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:04:21,505 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-04-02 19:04:21,505 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:04:21,505 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:04:21,505 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:04:21,505 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:04:21,505 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:04:22,005 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190422Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390262005}'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4abbec4f'
2020-04-02 19:04:22,005 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:22,006 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:04:22,006 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:04:22,007 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:04:22,007 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _432bc036dda052bdf26ecc4759939182
2020-04-02 19:04:22,007 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _432bc036dda052bdf26ecc4759939182 to Response _446e668f63f52fb1fed1bf2a58403897
2020-04-02 19:04:22,007 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _432bc036dda052bdf26ecc4759939182
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:04:22,008 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:04:22,009 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:04:22,009 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:04:22,009 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxijHUUwy6ISlvjJ4FcUYN5JhdLEen1fMdkB4CR55p1zBngkRSNm2XNXlIwxX5e/nDmGQvj+BgFMI/bq5evL4OjLj5XEf+twgpSXyGRD7OKPgFrkn9YN3JzcS1NQUoMtYL9q+lEDn+g9NnCJT7DIF3wdb742hxwlY= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _432bc036dda052bdf26ecc4759939182
2020-04-02 19:04:22,009 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _432bc036dda052bdf26ecc4759939182 did not already contain Conditions, one was added
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:09:22.006Z, to Assertion _432bc036dda052bdf26ecc4759939182
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _432bc036dda052bdf26ecc4759939182 already contained Conditions, nothing was done
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _432bc036dda052bdf26ecc4759939182 already contained Conditions, nothing was done
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-04-02 19:04:22,010 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _432bc036dda052bdf26ecc4759939182
2020-04-02 19:04:22,010 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 8079c2677d865f031a6aa0ddff2d74485e4ffdfe311df921c0c7aaf2f7d21e90
2020-04-02 19:04:22,010 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 8079c2677d865f031a6aa0ddff2d74485e4ffdfe311df921c0c7aaf2f7d21e90
2020-04-02 19:04:22,011 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:04:22,011 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxijHUUwy6ISlvjJ4FcUYN5JhdLEen1fMdkB4CR55p1zBngkRSNm2XNXlIwxX5e/nDmGQvj+BgFMI/bq5evL4OjLj5XEf+twgpSXyGRD7OKPgFrkn9YN3JzcS1NQUoMtYL9q+lEDn+g9NnCJT7DIF3wdb742hxwlY=
2020-04-02 19:04:22,011 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:04:22,011 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:04:22,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_432bc036dda052bdf26ecc4759939182"
2020-04-02 19:04:22,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _432bc036dda052bdf26ecc4759939182 and Element was [saml2:Assertion: null]
2020-04-02 19:04:22,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_432bc036dda052bdf26ecc4759939182"
2020-04-02 19:04:22,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _432bc036dda052bdf26ecc4759939182 and Element was [saml2:Assertion: null]
2020-04-02 19:04:22,014 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_446e668f63f52fb1fed1bf2a58403897"
    InResponseTo="_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x"
    IssueInstant="2020-04-02T19:04:22.006Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_432bc036dda052bdf26ecc4759939182"
        IssueInstant="2020-04-02T19:04:22.006Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_432bc036dda052bdf26ecc4759939182">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>jwvmxXG9LNWT3jnclTrgH1feXqRSOPbrDyP8n3xsM2JmbX0EsxUOY/4Km/0nSP6iwY3E2+HCLIP1zYjauATcFQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Gk98cYo1j/0tJ0R2G3XaKEvf9IZNUFVv7dd1OrUHMtBxETceZ8bh7B6Yv8Y3Sr3X1x/vbGcpGW929uo31gBziXvnXUnmQQYSsiIxESXZvtHq0X8yQ8IVcCy5PU5IJNzmtgK5vU0+eZePcXW+rtiB+yC3JSAJG0GpMgJ/9jIaZ4E0FsLza/8qN35Hd+OpHEkIGBACDE8tY99TOySVIaz/Al79RxPXEQ8kM7SaVcRfws6s6kuKwoa9S6Jjgv0c8R7PUwbEDurMhJolvVkA7c4qUAfQcKzRF+4nad01zFNwBdtAm+O4tzBNn7zjdeZlixEcyyAc86J5Gxd/3B3lJbKE6w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxijHUUwy6ISlvjJ4FcUYN5JhdLEen1fMdkB4CR55p1zBngkRSNm2XNXlIwxX5e/nDmGQvj+BgFMI/bq5evL4OjLj5XEf+twgpSXyGRD7OKPgFrkn9YN3JzcS1NQUoMtYL9q+lEDn+g9NnCJT7DIF3wdb742hxwlY=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x"
                    NotOnOrAfter="2020-04-02T19:09:22.009Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:04:22.006Z" NotOnOrAfter="2020-04-02T19:09:22.006Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:04:21.322Z" SessionIndex="_217e5bb33b693aacc9c5d453727461c7">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:04:22,015 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:04:22,015 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-04-02 19:04:22,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_446e668f63f52fb1fed1bf2a58403897"
2020-04-02 19:04:22,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _446e668f63f52fb1fed1bf2a58403897 and Element was [saml2p:Response: null]
2020-04-02 19:04:22,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_446e668f63f52fb1fed1bf2a58403897"
2020-04-02 19:04:22,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _446e668f63f52fb1fed1bf2a58403897 and Element was [saml2p:Response: null]
2020-04-02 19:04:22,017 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:04:22,017 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-04-02 19:04:22,017 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:04:22,018 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-4028-u-XMQoyebI8w64dyK9z9f5Qoac-T9QIW', encoded as 'TST-4028-u-XMQoyebI8w64dyK9z9f5Qoac-T9QIW'
2020-04-02 19:04:22,019 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_446e668f63f52fb1fed1bf2a58403897"
    InResponseTo="_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x"
    IssueInstant="2020-04-02T19:04:22.006Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_446e668f63f52fb1fed1bf2a58403897">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>2qFwe+mvjTvI1MIpONLmzjHf8UigjfaEZwybwcIdV6LYH4P4INEJUE5G/BlJ15RHI9azJTrPPSOvCQaLuOmi0Q==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>qK2vfxtQGJCSDwauHXWF3Qa3Ig1Bq8ROVitICRfzbvb+LaE6Hl6Iwwe9jzqKy8Z0u0GJKOdxE62WF+kwDHmgypjdqlB1lrfq9f9v/1WHdWIDZjGqA56Xmww2vY1bXYS4Pn4x5tbZ+C9Dc3KfRSZZiZLipNRK6g//pkb+LiJAXV02nINQGd2axFelqEySppBLNvFwHsgBvL43IlfHp4RzHNh0YidZPok5GSCZdBl4utxZTH4UXCmmVH+OK0wauz8cYM47PEavK3/WfIn14tVnGgDSwBTrxPQ43ivreq7/UXIseZ+6saqVKYBfyjpCcBmoaJl2ILmzAAMsBVgRKyEe+w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_3e82d3c04c9d0e95ceb0395acd9c8267"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_9593c2fcedc2dadeb330a83928bb430b"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>PzAcE6WOnFl8n62p/S3z3GuXpph7RfBvFjTIYkxZnGakyeOAgXChso6OxhHUvkpDTSd9mXKg5odydU9VpeEQf9K/j30e8L+W1bBNPlfjhFTXzojL6kNERz1pjarAMjv32cqGFMj6zhRKn2apXwLfWFRCIHlN+BwDr3o2QF6Obp5vx0LygNFnlEaH4w+w1ckxupa8Oc3zuyFsEISI5I0FhiA833d5xRx1L4DjwwDkM+8WMlXOJTwwWxd+a2UEmg00B54xgUyIZHAScC+l2O6vePG4uJ4mbIKLrwC07rd7bT9Sq0Kg5nhX0Tr7p6dV02AbC6xyMfg/rtAy4uYcrtWPmQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>gCaHhnwJU3mUrOxuPFsSLqmO5t/+pHAXXIAXYACse8iUlAB5MI6as6H4vlZCzTTE686RS7EG2OYZbwQUCbqukbIuXZbc6B3Sy54KC8/jvKTdM62Wxx/MOx+8nKJh9xPu7hf/7fatNTMO/bxhZ7d1QevZP2RV9lfXrtnxsmV8J9x/+5Bo9z05IRz4Lhsj0FK2j3NdBZAqw9MbGznZ9MAJ586jBT47vb/Lie0YyMdRJbU7UIsjjMV6zCTbV2PJvPIpD1PM3aslS1sAXPOxkBLDOtUj0Dy2nel+sH7CnCa6rmyLDIvdB9wf3yrPvDvkpPGcgv+MgBvgAewXdexM+13g9He5oqrZ13XGVH+eWBZhryru0FLcmVmHSFm5xNizE3SNyvJkf2L2wZWvkMHFeUvPjFa866jqGrUWco50GflyHqewAvutsR5YWep/Eb6vLmBSw79/k4LakalSLa7MxVIQMXiOP1qg68o2kyIoxNLuZYwDm1CW3cwBVRmcX3NQ1JrHFppDIPhLcbHcggAOFO7zQ//m4sFhJ+kUNy/qDFDM6uFywkdpFNnK4VhUUksn+o4zY4fi679Xak/SdmnaF51P1N1pIDlpBEvPZIdutJ2yOLfoMghYE0hx0h+PguHddS4njRI5+C30waJNrES+ZlZgQ/DNVRq1/sapRE2cJMOMX9mkkMK8mxee5/QXXvU5wqE21oK4sOLKYG8+P6RkCHD8lucuuMxvAk5d3g/Wk2+AiIpUblbUWUmEy2wXoME1mUrsJCtvMow908tRZ7kHTp2uXr4qfvYeKfyxfb2mfaP9z2QN16duoyrDHpu4vWRjZjjNOWNkh2Vn4iLb08pUZVwcYrbZ+3tJ2ebcb2HJn5LQYk1MMsg8A6s97KvQAsV1cLLpttpqKn5qZ00t8vmcEGBmqEh3FkWRdCRfDwfyvbVLSHGMIk1JV00pzTNNF7zZy9kbdgmTy4z4j0NVqV9BNcrELTYkoQRI7eJB7HV5o7hhgY/mK4hEoTNeXjVykEVflve0hoz8cApWoc2vNW7BOF7nMWk149T9BYQNfG6fgRb5o9uAYqYeYNGrSMU0OMQ2+j5OEanwYuQrJTefWDCsN3VfPLqVeZQb5tkDxrBNaP1Tn2ccJnokNi/XeEh32PYHzkKyc+BM2Ev1PGJ6GEwBK2yMXQtlX+ZQqz5ebsf/IzhcfWKMq8A+R9zTLMELTXe+GzR+Zj1fl6YQ5DndDW9ejfTPSSzedtTxcvAVbJzTDglmHlXpXgXnz5EWF4u9qw1Kzk5EIRBR8BCPDZaG0+sz+ETlQ04ykvgfXc/GVBBByCSSbSjZSWN3kh0M1FOdHUfeFfixzWb7c6tyC9JuY31q+zs7ZCj7l+eFfaWdpmXQMuyOs2JBICgiY9TphNN/GbR+aOI/nCmg9iz+hLgVNNoLWaTMrnOhOPlrLLRihdXWmfm4Eq3syS+yY+lBc9RlE9vuhcCuvFUt7Oeyl73s7Bgp5MK5naW7HykvyVvhlhNPvhlCkDHPDrnPZhpzD2JzwohEtNxFh52UMcYXNjNT9wiSV6hcvP9BdCMOnnwK0BdBsM9qhbRXFnqwER8CJ363ANfqgayjJVFQI8e73RSFmE/9Jxo6EWkZPxkXRvbfxHU9zyEmlljNKrBp/2awev4wABuh5cu9sNLoFK612Fc7rPdDB2enRNbsn6lULPhJvMadX0bTNuKyMZz2nZKiDBuTeoxuUWKwU+3uwxCd5OQQIImPwmM38BRt7BncMF/CF96Xi7Wo5wqRbyKHXWuxSO2rnKbNuGsJ00DKUqyEjESUhp9zGakVQjrBWKafjOzQNRgrRDSlzsTCvhNbxEwpqMi5pm8Z82/9JgBGB4pp9gbtBf7A2xkatUSUvCTa573fru9uzVcRCOQ0H9LDTKKlFxegS5NioiJI/LlzKucMt2VTrT45+Hnh08gxVNynVtZAspoq9mX0gtyP0IdQWMmd10FfMD6HjDRheg+oE9S16tGC/Jhm+XVIGZpfpHqvoQfzR/nH+Ycn85Cf7D/3hAEABkRPlNmEGeg/sukwhmrpSTKUhLZaleXFmSApZvjX8jfvArgRsQ4Y/NqzGaQLvFHiikeK0s1R6EbYj1eMIk1lG+Mu1Q+MVXmPR+1vuxxrjSlUVAm6h8QrmvwiOWiowKOuOV4PS92n8vLDomq3eSiZYVGtWpDqgZPcjFOHAK+RpY78davFkXXXHDwJMKH0JorAdtZlT9RpQjQWcr4LlEbUo9neP7B6qZA6bX3mcs9YuPEXGggq9vSWWcFgbK2hTsLO7Qk4HLx0xidP3XJjBmUDf7EbrU1754xEHhWSbN+eSLvv10ZVqZFeV5CzZ31jywuvunvnLnm+ZbSJMS/o0yf6mqSKJsgpCV6NmVWLDr3qvri5srF0H780mNjsh/98/Skyx9SeDQzqIzMP9A7w3VN3qrxI6fMYgI8QCDgpHXIxxfe0+blf2Yx1fLImYgLjLq40JQF95BTiZbABLOUpXbTDlhVhuqbJvVTxNw9aa4p99W+jdExdxPoLcDoqdku48Db+0mXC/TyO/c98DaNeyaoeMeYFSK70PFpLM/FVMoF2a22CUSJeueCNsRJD7Fw+rIFnL8/T2jexVtJzyRzzBfBsf8+pVCDNGgIGJSAPDxEpVETDxgxxDNTxd2MNr+Py0Fo2H7MnHkIcLMkBCKhS+7Chu87SKS7PJ+nj8ms77bGiTpGrSl1J9I96kK11ViCxhyNzokchhL6eI9XS9JOGj6KcIe0vlyBICZCewZxYxOprmlXGR6cK1xzyHFA3sG0e6zvQcnmRu93nLgtKk3mjIzsixZSp3PL8R47p4OKUF5jYLz0lDRdIbOYkmyBF4/Z1QIeP5mGb4a3t1FJ5iV9If2PSA4yX2YOC2LNcJxz5ebPiFk05ugYKnAIaUFDhBD7PyCMRSMsvmMgXHDRUjWtq2jFfuGnGWwnXbbAKLCbvN6X4GEuci9nPg3ZuBBCdFaPRyhp9zQ6Dxt7IS+gzUnsbOFUtIQLH9egOe1n/gIBh6TRDkEO2ynTT3qZ6+mXZHdY83AckiCKA80T9Ou/ZRTdf9H9Nv9yZyHNL/HBkSD4khVAga8j+kyV8RhTsEHJaj/7DUXZRqAKMkqDxWcaCEQhuzfX5KI+401Xn7ozYRy/fOcGYBIzAJ7f0fCfdtRMjXeS/AIM1rBbrMDx2RiF26EjrXvfgC/e4KzrGvW59ntk8G0B2Atnz6Dk3hh3qaqJVX1vOWLmw9wwe3gV6voVKysF9TycJIulWGbDrzZKvRUNL5RcBPDkzDJxFhYxHOSE9mFUrsX95PKa4JoBrF5FFq3muwCbxCDBaeh0DVv4BgqsT9/Nld/1Iue4d45V9wHDWfzGesIDQ7+wuorGC9glb43TsikKNrRh7tNHWVyt40jKi4j110GKJ6RdFeWA9uxTspPir6ZEK2y9vo04LtB1XOmVO8Cj9nRJ11G8xCTzhiPYAf+4/nSmwNl0dEgfgM0MwZKjKwBYV9mdEZzau1QUa6sNGFR49ITFTorJtukbvThHJ8HIIi3Lwu2DSNgWAcIfsBoz07o+7H9pc4ei6tcAsSVh+e4vGVnNv2rY/GXr/Mcuu1VT83I91K1GF2zoUFhJUkbCC3KmNGeAr/TiylCninMYkFP2tyE26qisY5HGNPNSGfq6pE3z/pio+kC+gDIXOyzbKxD8mS+6Ea6rFa0/zb+gF+b5MByxf0LBHS3t4qOnZwdA71AV0gZWMOW4CEE6rJ9Hcz3FBn/LtGnbGcn+KaAD5ZjdL22nKrFDrt7Xk2MAJWZa0pxmeJY7ASNvYYvxv1HOC1GzFd/GuV3rFjvTTE9a/8E/MwUJg8KNxviuoY5sGK3+9gVYxpJ7AL6VU/AwhG7Cxy8X/KbncSmgA1FRIE1v0iz1HrgbV57wsd8rUpEHezYpoA2mVhlTR11UZ4QPUkLZuQFsL/lv6OdrQvZXDT2zE2faoeYlK0uaZyguYmLn7ARm4E2wNnG6OE3l/okNri4F1M15fw4buz2kwvP2RDEeY7BD7AMFCxkl2S00SiwCSXZt5vn4JujDb+0ohgySLuvilkp4VMPXgMro1x1on8oGL7xcHwPtZUEt7tHwlV5XL6ZTlPyANmqODG8XV3iRHATQNMMEvIQ56KvpXFlFg7rNtDmY122zNwU14ppM/PznrkAuV8AUsqbuhHUqkXT3VyCr/ApJGNXu7TU7MfOWzhaPNx+i8OIYwJATTUuQsx+9V+seupAIJaQUw3Qt7aE1gf3i8u/uZrAQK4HYpc/lli/3GzHHRtJGgXaBw49vR6RJy5cf42DohIa1TbBjclyFpL5/2qBYDpHfIPQtRXh1XTCILYC+p507wnCBL5MVUCPZBltw+si6WqW0S6hlEF5lHx/MNbjakyNTQ28DeqIbMqG3uAUWOixfGjagVdxEct9h86P6o4+SSCOvjmNk8XYoTK6sL1UJ2+EmQE3uoClmbFe9wey9L8WQaS3YzHt3D7uNy2FFj/u738RsslVBMYbigTpG7QEgsUyTNnwNIWzs3tv6sB+ndl8+E6raxWxunyy8TYxoR2I3xi7czwv3W4YEzCB/Y6yasNy4uPVp66ba2xWO9Ad+JRtqMsdyojZ+tw2cJp48Hte2PRheCAZxq9S4/nQeVi8jabbrZIRUrjGCXCAxXObDpf9PtwR7dujAGdu/Z6xunCEL79aFi61AOm+b+YI87UUx670HMG7H/4adQ2o0L2wByAzZZ+HNKsJJp12JGkeQ9GHsXGt8Z5uQBRDhmen4iS6PNxIhwM89nSBzQvI2Zo5kxfRJfIhfjpJL4n93uE9+H/XaiHSbEDxlMH3S+J3OxJpxqUfSNwTQ6PZCRoZ9QrTw9LoCq+2w1a2uuvJDwUM1tRRvIWprAkst5w7c/s1mUK3BCK1k88tj7UW+fQGlOk0n189amelBzNEy0hPvRVLrLpfMQRpjAEU6UVrzQdf6fGICoerhRV4Mss4kGyFfO6YniCj+hmzJtAUeFN5ucIgMmYk+LAlNFFkZjTvNSSuNXltBsJxu50CM42bxGux04BLCT3aOa8jVH6BPBsS/w/DB8CZNuTD+pe6pl8RA1xtikE6ZBDVocou5uiwmdjctpfkd8w8N3nr3gQbMNKjhthXruR2IvDPDEKYMqOklERs74a7m+7cuT2Hm7LlIQUCrQ8e3p2JvrOn4RsWubule7rDO/DM/anQRug5pfJmVFTxwBCJa5vo5ZRR/KB6HMjHsuHo3vw+D0aW0KKJ5f4VDJZqt9J9NTkeA+hSDx30WfA7FKL2+KX2Bs3/oVOr1xYMEOUpeDEAMDknyhfY+LJzLo4Xv/xMb1t6X2bCvL0fj8dFpaDhscy3DVC5YLfpDSAMOoUGNrGbWsSvVX9+mG0IxPrAa9ijOBTNKxWCPgCAgaWJSTG1f4PZ0vCSwmlG148r4zSZR9egjyhDXJVY/WLOdWptI4LR4KlfjjWeVPCZxi6X0dOlnKgO9FPmPOi89+70wIi/iuqC0dZ0R+bbP0UzPKcxlX6wfUmC5miEf9V5an8iZ3LGyrs3VGtXtWtKzBhBycZOZGPPdbJXY0ddioIaGjaOT4p0Qe7XLHgWHAour5w2Ec7z0UdWRFT06A2B3Mv2JCFeg7FJvTQp3/Mm+l+pq1xtyvMIy+72M5d+ZexXuOiEcgov4tmhBHlXkCK4DfzgZzpMXCGr4NpgRRLOvpWM3MA60Fc9W3OzRtyJIboCf3PbUygW8wWXxHHzniSpLd/xpLOkwS7dsWiyc/vJnzvKRhHdx6jn89zYk+jC44+lVCLLBx7kwXzpQnwpkoGSg/ao0YaIhTZw04w3AJQe3g4ccMmYE0ZhWOpF+4auktJWHmpzLI8ZslKmVCEXzyppbxSryMNseTvSaLrpZ2xVx+khMHtUoGADh4Zs0+Cx0IOjFdF9Js7oAxas1lNIgKEgd/bTrU5+23O31LGrJ2pSXflMpeqvHy6USMGpFbFMOLkEH4V0ct164znDln9/SS+HI3xFApFJ0Le/HZSJOqShefY3qVEI1HWTi3RzmVda1V8cz7IaqeoH7TB0b86S8eDDOuEtno+DPNqqqjpIbhQ9ij8IiFkoP3T7IXqH4hCkIXUhDin+l4pIezoVJllvat8tQ7GoTlsaxrJmplVZXaMAirq1q/pmXBpTqzQFAoo11XMpCgdsAfkx340rAgdcm6LX33sKyhQxuwg87q60O1UUgFcDynut40ap49qWt28cVxTME0o7WyLnDwMqK6DeIfe7djaVp+u92Iu04mc4Cb8UmYEJYOYaUoXLhoHnfHS/QxMAPj06X+MBc0+12UxrSevC9gU5S9BgLxq3Kh7HolFT1VyVlYbt/PY7d6VScl7sqH+Zux6xdZwB/AEkkRev2nzvS/dMrI8Ppi8mcON3S7XX/HU4hXJb4wb5QRSKfAoKuIepMfzjeue9pVwW8JmDSgxbGemDInVNfzKQp2F9r84e+VlCPtz+IHcuCfY67c5UU13Iwk1eh8QVtBITJUaypj7E4ZRlzIARFzsARqNxiK7aFPj13WXt2TCOld60GxBG+gmxEZ6GCF/gO6lReUI1IOGgIi0HjDnIUcQNCwFziLnC0UJ+s4ZHMGv9FQLNjStcKiaDn5+1LXjQWAXuOJuyhGZpDCkEMiKjxpBy5iAFtN1XMI3nhpalOuIDK70U972JbplKiErL3JuzqnCO1K8YbcLBpF07xK7GGFYy4dSggc5ZBT7gzQGOV0gCcjgBU98179hRERm7A2ELe/2qvM9z4NyLEEfyptzyQ/9LLkOwRyu4pGLor/xSnoB9OZ4ef+3SUXeUu7tLrCrKtFLFDeRUt9LfVj/5CIEc5aJwoUeYd5/M0jSuJisgEt2HgAF+fYbqJIa9e0DGBtCKb4e1eS6jggbPsUh8T8SeLn/+EVMStd8drrlhYO848nwtZo9ixbB/eEbRzC6jY3Pdcb9PDxjK0hOtvYMYE6Hl9CrcQ6ko9qv98A0Pl/uGpw9aRYaav5Mv3/K/ZBPDZqSWA2kozlig8TucMysAkjh2Zeb5d0gxXSFGoi/8qaL82XYPhtmtYt7kTprHpAslp5zNJ0m/49muVOZLc9lXal6Cj6l0hhHoZZ0ZAFZj1jp+Ofx5fiSinz+ja7xl5I6PDAmaGUySVuC5z0DPX5V1uVsWxTkQ2iegCGOVOqheB5xDO52IcVzt1LdratcNDPy4rfSKh4zCElLmoYW7xU0bbfuCxetLkCY4n+YzMZ0kmBEqlJUAQuS+6yhE5LJ3svxc57uF6r5id2TlTDRwEItAeMZU7KCUZKcW5lsMyVpSYiCzy4N/5TgcdK/RHy7Z9nJnCo5TEAZrO5b6pn8O/4UyjyKvit+MhGorJtzHcuEVdZvORsMxJsIi1/NRIyoscunwKHagPepbELeCDAvXDOHjWsAoJnHkILHGATbjy11ChY6OqRiTR8Y+VCiGsoUwtfAhmJ5mQdqv8ZVPeLAL75r1NDSe/HTeGoYEmXlAiGzizTpPzv6BRT8e7aeXLSVcUpV7N9YFP27VjS2AnIj0yBCxbIhJfY4ofk4h1Wspvk9hX/HPgx3oNrgEA3fVFWCRm2fh2vQl6bpSeuufYsTjNPJThdlcJZjywfdMrnD0U1IMDVpH1Y3X9c9yAw6rAt4hf5z/Yb1GZR+5AzmG3FoBNkmWpHLmj2ba7COIVmgse2I2f7k6mBtoNevKq3xBp5UkWZH2YrtCsl9CD25TL0cWLBqP+Kr6T80OCf1FCL/LWYs0aNaIkA5gJes76hiKsWQQL4uo9uUtGEb1REyat4w7jFW9ncbxcHCDAihgR283aAaRQUZzwnp3F+SFh7HXihHeXjecNwxuEqBe4Oar5GWx86AFygMyrYLbbYF2jlLh9uO/Q6NAYrJ6cSUur3NGOH4sIkbOlN3wm5z28QHjvpFcrfi0mTyHGc9RiKPDsNBl2Ts6x8/LZ4ZAuaW/lomO11PJUNnNV1+2h0fE80vg36FQ/wbQ7yRkmMk08j6BipBjK4iuk7jAygGRBBiY4D2DZQHllR8GUT9PYgcmjYiDizEz2mEw4ugLXqX7djcfKi38FL7bb5eYNjjCWuoxmaj+wmjV+iy6Y/XKHeQ9EsUE80v1Bh</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:04:22,019 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:04:22,019 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190422Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_lud6lxzeodle5v92btaz8k2joqmmn2lrfvyjs9x|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_446e668f63f52fb1fed1bf2a58403897|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxijHUUwy6ISlvjJ4FcUYN5JhdLEen1fMdkB4CR55p1zBngkRSNm2XNXlIwxX5e/nDmGQvj+BgFMI/bq5evL4OjLj5XEf+twgpSXyGRD7OKPgFrkn9YN3JzcS1NQUoMtYL9q+lEDn+g9NnCJT7DIF3wdb742hxwlY=|_432bc036dda052bdf26ecc4759939182|
2020-04-02 19:04:37,722 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2020-04-02 19:04:37,722 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2020-04-02 19:04:37,722 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@297170164::identifier=morty, context=org.apache.velocity.VelocityContext@5974d5f6]
2020-04-02 19:04:37,728 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@297170164::identifier=morty, context=org.apache.velocity.VelocityContext@5974d5f6]
2020-04-02 19:04:37,730 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2020-04-02 19:04:37,730 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:04:37,730 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:04:37,737 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2020-04-02 19:04:37,737 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2020-04-02 19:04:37,737 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:04:37,737 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2020-04-02 19:04:37,737 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d9765aa6278481665b9a31c482567e8977f95540cbd3782b92a9096e94ec28b2 for principal morty
2020-04-02 19:04:37,737 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d9765aa6278481665b9a31c482567e8977f95540cbd3782b92a9096e94ec28b2
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:04:37,738 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:04:37,739 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:37,739 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:04:37,739 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@e33bb0b'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:OAuth2Server-local-embedded'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:OAuth2Server-local-embedded'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:OAuth2Server-local-embedded'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:04:37,740 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:04:37,824 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'OAuth2Server-local-embedded'
2020-04-02 19:04:37,824 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:04:37,824 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:04:37,824 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:04:37,824 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:04:37,824 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:04:41,338 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:04:41,338 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:04:41,338 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190441Z|OAuth2Server-local-embedded|AttributeReleaseConsent|morty|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:04:41,338 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@e33bb0b'
2020-04-02 19:04:41,338 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:41,339 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:04:41,339 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:04:41,340 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:04:41,340 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c7bee65450d34cdd590cccf997b6481d
2020-04-02 19:04:41,340 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c7bee65450d34cdd590cccf997b6481d to Response _d38a2f439985e19514380a3eab5c0e60
2020-04-02 19:04:41,340 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c7bee65450d34cdd590cccf997b6481d
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-04-02 19:04:41,341 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-04-02 19:04:41,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-04-02 19:04:41,342 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:04:41,342 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:04:41,342 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxaowPYzFRpM+xpqAfqJ45hFiI2yMo0Y8MUAmbdeyguGIlxJeFjObA+FjIdNhs/rozZJ/MKCM1Rz87D2nj3ZPDbyouEheCIfyL92DV7iMG0S17YLoZl+DiC7jq/19s1FA= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to a3aa588i77j42dj7ced42cggd3e33b
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost:8088/authorization-server/saml/SSO
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c7bee65450d34cdd590cccf997b6481d
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c7bee65450d34cdd590cccf997b6481d did not already contain Conditions, one was added
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:09:41.339Z, to Assertion _c7bee65450d34cdd590cccf997b6481d
2020-04-02 19:04:41,342 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c7bee65450d34cdd590cccf997b6481d already contained Conditions, nothing was done
2020-04-02 19:04:41,343 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:04:41,343 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c7bee65450d34cdd590cccf997b6481d already contained Conditions, nothing was done
2020-04-02 19:04:41,343 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:04:41,343 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding OAuth2Server-local-embedded as an Audience of the AudienceRestriction
2020-04-02 19:04:41,343 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c7bee65450d34cdd590cccf997b6481d
2020-04-02 19:04:41,343 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party OAuth2Server-local-embedded to existing session d9765aa6278481665b9a31c482567e8977f95540cbd3782b92a9096e94ec28b2
2020-04-02 19:04:41,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service OAuth2Server-local-embedded in session d9765aa6278481665b9a31c482567e8977f95540cbd3782b92a9096e94ec28b2
2020-04-02 19:04:41,343 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:04:41,344 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID OAuth2Server-local-embedded and key AAdzZWNyZXQxaowPYzFRpM+xpqAfqJ45hFiI2yMo0Y8MUAmbdeyguGIlxJeFjObA+FjIdNhs/rozZJ/MKCM1Rz87D2nj3ZPDbyouEheCIfyL92DV7iMG0S17YLoZl+DiC7jq/19s1FA=
2020-04-02 19:04:41,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:04:41,344 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:04:41,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c7bee65450d34cdd590cccf997b6481d"
2020-04-02 19:04:41,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c7bee65450d34cdd590cccf997b6481d and Element was [saml2:Assertion: null]
2020-04-02 19:04:41,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c7bee65450d34cdd590cccf997b6481d"
2020-04-02 19:04:41,345 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c7bee65450d34cdd590cccf997b6481d and Element was [saml2:Assertion: null]
2020-04-02 19:04:41,347 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_d38a2f439985e19514380a3eab5c0e60"
    InResponseTo="a3aa588i77j42dj7ced42cggd3e33b"
    IssueInstant="2020-04-02T19:04:41.339Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c7bee65450d34cdd590cccf997b6481d"
        IssueInstant="2020-04-02T19:04:41.339Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_c7bee65450d34cdd590cccf997b6481d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>yI6K3X1FtzPXw07/p0BycYHSs8xyhzFZO4RoFobTeu8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>W6RfyGtYSgMALWJXHv375ZYv8zFbUIO+gw4+w7TLuwBEDTBypKnM4sYu74WxbwmYdaBw5kv8erOGyYq2bBybD2UgIZAmUwyOaEiELQauUSkk1K3VGJRCByxntRbtVSH9E8PWEqgRxd/ljopSerTiGMCN4ECIFkHzba2+SwnCoV7fRJvYP9QgN7fCYC6F6CxJKUlYrGQ97ax5TY+TmBUDL6AIxDX5D1HywaFpexH4hgttbKFR3NWeYSsiydtmi8qU4EUSM1Oafz/ZGs5nq7eW57Pq0tcsE9+r18fVrrRJzNN5rC9gymriveQmKCZl7CytD5Alw8b03zGV3LvreOAj/g==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="OAuth2Server-local-embedded" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxaowPYzFRpM+xpqAfqJ45hFiI2yMo0Y8MUAmbdeyguGIlxJeFjObA+FjIdNhs/rozZJ/MKCM1Rz87D2nj3ZPDbyouEheCIfyL92DV7iMG0S17YLoZl+DiC7jq/19s1FA=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="a3aa588i77j42dj7ced42cggd3e33b"
                    NotOnOrAfter="2020-04-02T19:09:41.342Z" Recipient="http://localhost:8088/authorization-server/saml/SSO"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:04:41.339Z" NotOnOrAfter="2020-04-02T19:09:41.339Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>OAuth2Server-local-embedded</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:04:37.730Z" SessionIndex="_08f721c662d5fc89c02e31a26ea792e7">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:04:41,348 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost:8088/authorization-server/saml/SSO
2020-04-02 19:04:41,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost:8088/authorization-server/saml/SSO
2020-04-02 19:04:41,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d38a2f439985e19514380a3eab5c0e60"
2020-04-02 19:04:41,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d38a2f439985e19514380a3eab5c0e60 and Element was [saml2p:Response: null]
2020-04-02 19:04:41,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d38a2f439985e19514380a3eab5c0e60"
2020-04-02 19:04:41,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d38a2f439985e19514380a3eab5c0e60 and Element was [saml2p:Response: null]
2020-04-02 19:04:41,351 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:04:41,352 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost:8088/authorization-server/saml/SSO' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x3a;8088&#x2f;authorization-server&#x2f;saml&#x2f;SSO'
2020-04-02 19:04:41,352 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:04:41,356 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://localhost:8088/authorization-server/saml/SSO"
    ID="_d38a2f439985e19514380a3eab5c0e60"
    InResponseTo="a3aa588i77j42dj7ced42cggd3e33b"
    IssueInstant="2020-04-02T19:04:41.339Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d38a2f439985e19514380a3eab5c0e60">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>9JzHG2/JLNRkyu6Ft0/r3s5XsoO3LZMW8V/h+kYYBEg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>QZJClV4fqL4vRe9QPssZCSr31GAViRRe9rPLKHuvKVeFU5wb4iEdU4kxGcT54t194KPqdRXwWGan/ESFk+aCRfatxUNy0cnWPUsy9DtA1V924TggyoqQjW1MXI7oTTNl8gbTsxkZHwdzhwOqLqvCHPyDg3HmhYVO5ZK7pslac9tnK85CTZY5nNOtb+4hduUNZn94KML3kbTbxnud5sNZLYhS3+333UujlsAkniwzEJ2yo4ifbR2fgslsCEURjtVqKTWNd67zLMOVxjcyTHmWDMTZXmCJzLEDAxLXH16abxxQA0gzbJ584LeYXVf6exD6zV9Dzfrdg1ae1GkCzsIoRw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8907892e121684eb95cd392c639a30ad"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_b73f7af930d38142541801ab0e432a58"
                    Recipient="OAuth2Server-local-embedded" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDdzCCAl+gAwIBAgIECJji8TANBgkqhkiG9w0BAQsFADBsMRAwDgYDVQQGEwdVbmtub3duMRAw
DgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYDVQQKEwdVbmtub3duMRAwDgYD
VQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMB4XDTIwMDMwMjE4NDc1MVoXDTIxMDMwMjE4
NDc1MVowbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5r
bm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93
bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN78nIWRctWZD3ZdW9wd++PdlFyZTWa
MrNYfQd0ZH1I4z8y465j/Ykg7Svrg14wi+Lc3jDvCzliZPYRX3p+flRRt4leiUF7hwbxddYXFisT
hCRSiNzbyMtgU8LCDCxbR+qkO9Sqx40J59nlI3Wxjvg2G3Q6gjuBCHf4GWHdxGEVLxsJZ5TS1405
TkIXqjsYZ5oUhfHNaq4AMq+fKc6PoyDTeCmjotfG7GX0DBmDLgbNHiTWTbnNL+dWUF6aoAlYuaQs
h7J5hOPhk0aJ2xAEeXp898dhgF7PkmJgtVPD2UHttbToDQ5Sk4WnKeOvlJMY9ThFfN287Z3/PM9N
HhMMRocCAwEAAaMhMB8wHQYDVR0OBBYEFGVq+nnSRnGeakhc4BvMe4BNgECKMA0GCSqGSIb3DQEB
CwUAA4IBAQB+47zjjfjHhMB8PQMV1PztyavD8Zv31s6HSrpkR6rjeJaRoJe0eEDnax3GPL4YPOmF
/JBTTX2zueiRV847fT5iqttNAHVEovVGHN5JwjiBt5rJJ+fBIQPQAoXQzmWwpoic+gWspPlHV3Pp
pZehxmUU/dP0NZYJIjkKtIhoUAAew14axNdGXjZOYAhNrFW+zsw/M9PaDJWl9y/OLI/LCuRmCTMX
0u72CALSM5YWk8bB05KREg6nk2wOo23jUe+Bn7X6EUMsCn6f0KbQOeUcA0z66LQ60iJs2tCCHycE
BzUny8shUwxPcYn/xFVGaxB1Z02WQaCUE3z3wisatPta9jfY</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>h9+8TYhQCViC3dRsZukiCGOBvBfwwu4XMXeVWj+Y6rnDcriteX+xti0EEaygwubxEGmrZUjykwsSTSN+2SG2Q6zTnFPe5DK6EBAWhwEdpZyckywHlM/bxtV2mb7j+vHmvhhtH3fXzAiwhhmMyInxPubPYd9MWN4xV8cn+P2XMzd7wUSgzKlRDKYa643HAawIfyvqO8I4qvULXCN+PqGmDy7CNCtWM55eAewKDs522YMGdSqwx1TIJK2YK6lUTtjjvqlomZjp71Ubd82DisPLF/aTmyc6MtNP8WLdD00GdFoR1Corm1lwkz60kfolUP0+lGFcngz9Z6Rz2jcjjdluHQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>+iRwlsZihgaoI7l/Mx+gqpS2VmMNmFxQttG17dA2M98mOMpPUocjDGdSIEqZTpVhvjrGwAkcx5arPPhYcOt5X2fBv+AHqAILyuDV9PaLZdewHzAw+4G0eEXrUnbMHVtnMXGvzsJXCEMJxd+pW9bUoZpppUUh3wj7vHF6wGTooijGvlGZCgZqAE2+iTIMVKJPnYC63U34ed6Ssvr/ubKA+LiQFTFxGl3kLy27E5VSKexiNzcqIsXWGtkFjlfCsQZ056zQkXed9SyqeSG9WhvIIloTchiEFV5la323yghbqb6ImZNpABhNNVBpzPgcf+PL7nToCZ9y51qcAF3gi2vyuxMWaX4k1RivJFbxCSLWwJCRkf3dONOgnQrsOnzV2ZtVuxYKmtfvx545DqseG8KcVmEogUGfqmc7MGvWDI3024dKlhLN15YfAy0bF/8njtap4hTpzUHvU+O6BQB4S0g2gDSvDd+txHND/OSpehcqAAkS/gnJnHMBoUgGObBIiC8NEAMjtn3KKNE3deWYP09AMkUsdzprSi/A7TpCS30CaN67l1DsZoRPcEWoVd0NERm//QCC/dsMVcxVMQRE+oajIneFX4y4VYuWT85bZJhcGxDOJMbIKS2LKXJWy3ujKaCoF2gJfLEfblzmsPn9toMDxx7fQyco1G3TGn/btgZC7yVjddTlttWYteigJtTGbe3W7ggs6v/vlD+fQrjCKVVYugjYmfKZfnfp729+QF+S3FLuAyjj0CbRCB8BcUxD8hYQVEVmYqT0re4BpG8ZxmKt8W5H0NxEDTN+bm3e2l3taujUt3uJiVDEHG54DCN3yGesUF9DboGL2AxxtkeiPaQZ1Y6H+5kI86zyGV/b/0uM2OnvYsT5jEWYYFSdhPU1U2WP/rWRyAhxpUMw3kXW6O77/Nc1y7OuwRgb+zxogxVllIuQ/HtnP1fpI0zyW+46I9jdzODLQxZBqqFw+1tdbmlClO4ylhmXhSPccGWwCA8gONW8pt2I2eb1FwsvXy9Upea7Puu7hTa4HQ4FfORnBmgjzJstWcIx3qo+Hggpkb1KBAkVoYspNrHYqfQSuaPeosXgbOc8SVhEWW3B4Fy42Y1e3HKJ4F1yr4LuIiTzdZuwoSS1BrWuFy+wiYS0VuLT2LXM0DuyQL8nvtf22SPnBPEiTz3E/he6k0ATCLXQYRUCQ9kcqnP2rUif6DUrXRdIv83C0jA2vRxHtjJrc4kJXkV2FL0XjB7WuL6NC3ulwdkb4i8jgRAsOcbJ8COGFmeYrxLs0+Z69ZbyHVvd/LJXrHQA1jHrW8U3aSFh9KPdfV7F1uM7rvxP2dKbgjZBBmcKwtpFT5POpdvcHj73XuQSg69bRPmRDXHgSONhFHxcpX53CiXRGHWUTsjadIhVBAbcfHhLnduf3l7DLzBqAapY2tA30L0+oIxeF+dAuvW5+b82QxRzVcSTjXAp3XfDYrqYM2HPSsokWwXoijAOAWV18L+IGrP2bcgMeGHBxx6ACZb/PJRlIuwjfkm9XPBnVTAeh/g3avkIklJqVoo+493keH/HN/8JKrkKyQBfXmdjvhHjTyXuPAPLzdAbhsRlZirxBwLibJbPdAmXWt2fGdiwAWZesTwRy67ackxP44nbwzbAssk/ZvZ3FqVdG54FIxwoHKwzU5oWMEPZHwGwV9Cvj5ogiu/05pJXTL3x4QVkbPHHyCbu/ca6N/E7ZLfeqiDMzLuQdKjZGKEU+/sbMnoHhY+f4NcWa9fdjqRFp6Ufg1vBzSfUsqRWIuRAGLHZnj9V3bOEo70YtQlkUFb+jed42TPYrWfPFgI6yrjDOgIn3RO8oFF7O5TDc/Xxu5T1iOCWmhBxggKgK60n78v0/Q5zEPHxU335LiE5wn7ICvjV2F0akpeUUW7Dov7cKpoQ+I7Asxfc6kJ0QJz6C1jFMJioys/i33fzmut9J7QUWD/djGWOYkTxsFbPiilYpDORcW9fECRz4T7GrCvfrNM3sQPdnOlEYYVgdEmXwq1M0MqZUfsfY0Ihzle4yWCKdHZTjSPXEdKllFZKTjE+jlQpOPxS2Zoacfjl4hyYfPCAyckVBl+vk37lusUa7HTmSOg6Ao6SIErLvAuIwF6aylpeJ6CQxwXlyWLJQk2KPaoy21XOMVloHepUdO9APSYuiJZEBzd23cWkz/c6/yQltS/nQPspvBiighSOjkdwgFFWBZzkyRoIGWIaDL5aEqc485jDBRo6xGylK0gi0G/3vEObvkscbEwrEtt/ZunXC2cKKG+RyjRD8ct75pv1eZoGyC4ZdYuFe7wUnxb55Wo2/kpoBtxydt47zER6+tTbg8vRqsXWGyHz2fdiqIeo8Ibs9sCdbZPGG1AboRGhQjDY9vAqT5Mc0512xeg3+hnC7VM5MPRzKAYernlgxz4t0cjxNdGEltHFhYO8WstifHouFQ0wxjoq7cykIwhoE3UlyWrcz3B8/Op1XPhOgoaB7PP2wc8jLDl07GVtj0yQnkuVFrk4DzWmT94fnYMxJ2VJqi7i6rAF+ddaoYLvNfzRZDCLnf7TLeEjyZQQNkmaT8Eb/fmIflunOTiRmq1jVLvoI040FtWBK9JqZxM0mfPRGc7jzIp8W9ASmlfCjAt+Yw++O48rdqhdxGzgcI/gkscDLv+uwgS3nfSTvap29dIrjEMo3hmIvoenoNDAzTaIdxJpP0gehpbNz0zxyJrI558qXjMpvvjPVDIYq5loqoW/BCUEFJ9Leff8VHz4fmFv6D+lXQnpMpFdfMDj403gIVpCRy6xm1Wd++IgHCspmfKBctibgGlt2I7UlRzant1RmKgf25dnp0t10sqiOTqNXUd1tZNroMdnECX2BhLMgPtPxXHE4vjeSM0JmyDWHSdJj/HzdfNN5VlgDF08yBlI1P1jLRsxjfn9l/Olh/o8MAnFRhvMBl0+cl2VT8GiFNxcBAxagYlyNfeJtD8JDOeYEDgyvmLgKYzmeLx0KdwPlOicGHG+6o78XiJ8N5Dzr+YA2Veos6OFQaT1IwE2dBujizgBvatFiLavrrgDyLZpSXIq9H6glu4kAQRfrft+grH+uT0TlLK6ZUIYyFXzpOY9y5thc+BHQoca6EtseFD1id3QMr5xb4xHIBkAmxf5aaqpwgbrvVn+njCYf5C+rwARloHk+dPiQgl1S+Us2n2wInFYrQV+J5mzuTY/DsHS5yV7kHe7leJdf/dmcf5VzHJwKWYDClIvEpy8YfbZEcStnFYItDheG8qX0A/JguIOdvx6J06uT1U3cYyMNK+qMekcpgQ1CpIivQlnrLzEDdhhVpz2IV2m4F8H3s49ytzdkGtcuB7xJVGwW5uXSGHctvgp4QNo1AgSRzqNfTJ8p2la9sgSHDWiJGbQ1tSR8cPA3kUN/0DYYf6TsW7DjJLHoYFYJtw7oIEv5WYWEtqqdRKUfZZCp2oo1e4HAZ9o6tc4MdC2z0jlcHVrJiBc3UndmriqJZrQ3MB4h9AIzxVSqBlPPIYZrCKO/l2hjgRK6dXTdjf+r9rXmowQoBuDS43EVBfnvwdLTER7XI75Hu7qcU8JBSkqDoHoHgYZT/Ky/5JJEqzvhitBj0e4mes8ymcoSebCayVZc64AFR2gWZFT9d2c1CQMDXtbBUAASOA0EuLREiodzqnTFs/P+XKsi90fksDyAtht/B8j8igHbo0ND31qMraJPBU8ZBO56Q7xCbxBN/vzjPDkf08hJl+zTDA8iAqnb/GEJk9steJvNp3rem7GwsYy+raeYCpDidakuxk4GrL4f/Dvrp8kIOB6Ojv3efvpFDlCufv21++lVUHxo+SunQJToYqHkCC7Q8QBvwgXVndOzJsHScRMrPSCQ1K+tEZG96nYB3lMZ2TTwd3Tuo0quh0VWsYufdThawuLKXHeTxMVAhuF1W8O9myU6et7WAGx4pNMYOiEsu0oprsqpUcv1frjAYzzULC8EVRKn1ZMKQ+Z1tHi39uRFQ8v3OBBTqqVw0M4rWFNL81Kr94jaV7G1YIq8cKmVO6wj549uJc914qS7/Xxn+x3eZCfP65froFJuoxgxssLeoav7h4Y5uqCqJnA9/oLMuXpkIow4gNlC/NjG2/r3PPwmbLPOsHlHa615BPLaVIpCVfySVc51RJmQM8v8YaFUK5MYRKZ4pIURxaI08uTkwy4sqoSdrpx4yZ2sqjrz/vkkQgjMVsSUJnZryIjl76HkbKXLyDUQv0zIeLU/7SD8OMo6cMhPxVyE+TBeTK1YPCQmtCFymJb0qQ1y0C/vFwv9iLUCfQ4T6PiFsNMlYmhMvR6AgNL67TsSseH3d+zR3oAMdMOc35LChq5muqK9oV+9zOp3mu0sSQmbfnd84io9AUGngi26r9iplzIPIfSMtpa1qfvOTF1u2IfpRoBRnQ96KeIXtCjQJqsz8wRFXNzvtxxr2droEwQF21w8mHtctZzJ6O3X/tk0JevrEeaPwoLFz259mUFc+Fh71wp5cy+LCJKNcnScAHwOm5hEU+yJlhTT6QdTnHvgWQnImftIh7Qt9nAiU9aWiwocFIHOFau54HcqwmTWbsul69eTw4Ii+IEEYVlbxkmizCD4qteevhcXEZlYVwxyx9wnCXQv9Blt2UZ+/x0ESHGFsHLqjTiq5hZ9N7HxSMQZDJjrWxSo5GivnhDq55vtJ6tfCLB75yQwEXtDGzzaG/JGtgPoaIhQhUPwKOUrje65iLjyWekVB5RNJ+qH83xvGf7sQxSbi9fGhD8M4Wv4grTyabPr+zV3WW/5IK/OS2PuBmApounks6E614OYu0CTmuqNNf5gtgPIJMdxpwZDRTiIN8rum1+DX5AyI/Dzd1/lI7sU65OMBQ1+8tzDzK0wF8YmN9jn+P8xLDyM9jBw5LQOzgDtxA2isrvGhaeZ8uBlcZ9AhgDnVpka+QxF5OEoosqpH3TE5X/AL74cgoKnp8kOayjWXzCjPsY9zce6Vp00vWrNQi7Mx9/GHyKwm642+L66/8FAl8WhfEEVEqF+xqGab4qxizQNxO6ZE95J++5qpdqA4Q0k0P2qUMYTCAtH8MljCJstszTR3Ai7cUfGFw2UaSgjyL57bwSovOuP+lyYAxHfi42omuWBN4qT72xEOy9nTsn7xmK11mn3u3bm/z2AXbUEGcbHXjpmQ7ST18fasdd036PyCQ3xBQG6l6xwsEF552TS+Tl+5gaTXELoiOjE0VOow3TS0stda8wOxBxHuJfZW9E4FHHJhE2AgmGA5tPpu1k4txvTjpcNRv9YddN6MFaVJDCfq60ht1+rQZyGOUNiPC0TYoqaqvIMjF5gT6JdCD/NqihiGMOJYC1hJTQb5DyWdz1frB8SBo83oGWo/NMFWgf7xr5lk+BM/PkUDluaDJw772JToSbqce3t7y4a3ErQH9q4irNV2jLGjEWYr5WO5no56JY6cwHcH3ruotySxOi2PqP9Kb6+019Aj/kyviX0KOkTAq9DeXitZ9xxsq5JF2qcogww3+IDqir/G+jU+gRhw0oyimTUAq89S7gUSWu76VUr0Z3fFJBKi3+ONlaIDcRu4cmftAcbR8cpvUXgARAO7YfB1PsFtL+Xv8QmlWud5W9GHcvp194Y1tho4DYUoZbtNwg9FEc9+4CNl5H0tHMSmqopJDFVQs1Hvxj/thquTWtI+/ZA0CuDVVaQM4Rx9cXQNYb7poGBC0t3oer1Ai2xLXK1feDRTbraFTidUhTAtlPBcY8h8HBNonnDDXmSAVKs3tQ8wjf5uETIN1zj60m5u4JMWwEjdtv0u0K7+6iU3yFaasmw+apDEnqQfY5/uY8lj9a+4tr0FU4SLSGjwhzJl4N7w5zOX0pIjd13RNiaEpMR5fqt8gKpiMWddvJ1s1BBEQmy1cMX09Z19zT0UdVxD3UFTwzsyJ1usB01IXspmknOk+PK/BYqOh7OKHPNQkm1HIwagikASDeIcRa1g5lGNB1zpS7/Y/RXM3YQ6yq309ylw9XJXwubuIirIW3pYSteC+dGg0jWFPk1NMgFtYx+gO1mxyIMaqh42hv+8EqLGbm1rPrfOvqpMcWf37NiDgrvxn1H2qKXIkNoVh9duOFPNGWJmwIquk8QdGEAhk9ojXdrVhojDi1NprwQ9+PXz4ezd9Z3hN4apMfo3lqZpD1d7w3FnGkdR/O/e37EN7MDL0N2GJ5zkAo+cf4M0undSb3vP2QhjaM0Pqawt6ePcTCB5Ve5Q/MHPQjPFhfNiv9jxlhE/L7IEb42wJGW2BeWvx/mlthIwCAMeHOjRn7A7m8jVavxLVIA7yDVIMll15oPFynTnrlQc0ffTN2XqlQAMevBDeLMKBRYLZAxZ8NY7JBMwdCNuNM+YsFEFDgxV80SDEY+luOMVDiUaWBl4jQBTOeZMjPNKTvYvoAreyRnV93glkauNPw2O3jtKsb2MAxTHWugNu72fayW776XWuFSwFMFPHE2l9x7437bG6lEdl7LmEoHvOeWmrvujjdbdc1kjeu7vRr8Cosnt8GrHghm57AfTi9ZsZdgbWZ8hZUjNP8dbLsv6WpOY5U2I/3bmbGtt5egrwZBbbbr4yaVcgJmbIch6typr26kBX9+BFwGbu2IZ1L5yeRDtDB4CSXhn84Dxs0bBDqDuiOx0kzpcqj8cwqjVks4fs6TB3dT9lKmubgrau8bB+rve0T+v+a0tsR8DVJDrQSWP5totl7Rpsr/IkQmEOPr/6h4mAgyrHAlvU6BpOSKiJ6Qz9sWwvLJQkNSY5Jem01DG5QZMuGHUN2xl/M22Sm11EirsW5K/GiJaMdwUTm92ZsS0fA0H24wWEFS0APjjENAEHQw7mtbm1Y9MmU9MbFjuoyGMppuc3SG7YGDQ8ql7u/vPvXhHV+6hjeEg9y5lry19ZlQc4FspaKzEV2/lB0CQTBySauBlmhi3faUCfGpnP6FwhSayPj+OFgCILiQEYO/TjBAZY2bJTlk46/wN+6tYD5WSDM2Zwr+yAaK2R7s7ix+X4sRwJYQFn3bFFv45ERRwvfbTLq0wRXjFYxR8f8XdcUX1TmF8Q/dLauVZjZwSSuZkrn2vBSGvmJ/NOZyizFSf+Tn6zwdw+CZD+ukmXBSXnMowDhvoyOOXihvXIWpVyh9hEMW7qKomOl2BSAgRvTyIRFIqkRpwPDjNdja90Ku8J5QnOH4JvRWb5+JChKVjCk8N2QTEJ3c7MViTuXhfaWQAEPS00TiyNQ5LMqa5Qs/VO3mvm5J0xaO1dlCwIpzYjwZJ8DrGhEk9moSNBQ4sOdAsbZYwBZvTP76Y7Ju3hQ7deLdRfRWXeFMY5NT+BmGD8sS3X7WLUx4E97keTpUhUDLO7MNpYB1UYZfD2sxsTTPG2lIqPot85TYDC9rA4BEhy2Edta3lR5rR+n2hetBTKkjJUjJBQNLNjt3oJ7tKcK2Lfcl7HvfJng4KFbRm17qpmkwXz0dMeFeCBmDepItU6+giJS2abfM0FRiyOj/T/+irydT1wsyoW0T9Zd73nZrCcEpKfjqbpnyp421dkIqiot3P63bYFUArZYZNpO95eoJdO1/sho+QC82WyvvtbWD/Iz+oilGhJfqC/mTEH8y30cQFJYqbu/miDibSaTnlUlJMMnHSKZStH3nMOtqxcvDx3XCv2Eob4ibpKI0uTQQ8yagrsbPqPssquUSsCE3zK08LUz8hS5ofptfXYEdjpT0f0rr/PpCWsoIG/VOeZkFZmJTOuZbcUzxbdoKTIIUOggtpiPMgmi7zjAsLnoeH+udUdfCAYriL5Awi415d3mMbQZ6oFWKH4pNMoNUnH5DCY5QS4VR1M1WCgqPLcMnMY4g2l8Pel/i6tFdM4f7Vf2C5kBMjyq7HINpmtBAmnEefgklOIEv6ubjD0AgHo97SF5/5S+t3zxaTUdZ544Ec1F8Mf1yxXZPXNjv9g=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:04:41,356 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:04:41,356 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190441Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|a3aa588i77j42dj7ced42cggd3e33b|OAuth2Server-local-embedded|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d38a2f439985e19514380a3eab5c0e60|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxaowPYzFRpM+xpqAfqJ45hFiI2yMo0Y8MUAmbdeyguGIlxJeFjObA+FjIdNhs/rozZJ/MKCM1Rz87D2nj3ZPDbyouEheCIfyL92DV7iMG0S17YLoZl+DiC7jq/19s1FA=|_c7bee65450d34cdd590cccf997b6481d|
2020-04-02 19:04:50,591 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-04-02 19:04:50,591 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-04-02 19:04:50,591 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-04-02 19:04:50,591 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_57e1b95128424c8f9050d99cd43269f6"
    IssueInstant="2020-04-02T19:04:50.554Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_57e1b95128424c8f9050d99cd43269f6">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>ddUeAdzur+7kZBSznAETApTTGrg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>sCYOOGnRQ59wcQlsQ8nn4+9tIR95Q6cXtk0Eg+LsG3OuhebVHGV+Sp1E7hzojPINQ49uhboGBsg0LKUEhVpFhC0cgtff+4LMKjObVmq+zFcNukp25gDvEvwV9S5xAVJ3L+IJq+j1kN1HY5w37BOgGTP74cbcdxA02lizSDvhBjbhvcMwlfBmhhGCXT0lT0YAFsZ1iHp2a8yyOqnvxMsmo5B8QiFnQEvu1AA0WOzgeSucoVxJhqoLUYX78bjvUZmeWwRcOJO14qlDOJVBGhQSt/fpL/oXzflbJPpHks6JrAcFesElkd5ArFKAsm6qdxCNCeV5JhDzPUoFE4U0oaE6xQ==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-04-02 19:04:50,597 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio2.my.workfront.com/SAML2' from origin source
2020-04-02 19:04:50,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:04:50,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:04:50,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:04:50,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:04:50,597 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-04-02 19:04:50,597 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-04-02 19:04:50,597 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-04-02 19:04:50,597 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio2.my.workfront.com/SAML2
2020-04-02 19:04:50,598 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:50,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-04-02 19:04:50,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:04:50,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-04-02 19:04:50,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-04-02 19:04:50,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_57e1b95128424c8f9050d99cd43269f6', issue instant '2020-04-02T19:04:50.554Z', entityID 'infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_57e1b95128424c8f9050d99cd43269f6"
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _57e1b95128424c8f9050d99cd43269f6 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_57e1b95128424c8f9050d99cd43269f6"
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _57e1b95128424c8f9050d99cd43269f6 and Element was [saml2p:AuthnRequest: null]
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_57e1b95128424c8f9050d99cd43269f6"
2020-04-02 19:04:50,599 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio2.my.workfront.com/SAML2
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-04-02 19:04:50,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-04-02 19:04:50,600 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-04-02 19:04:50,600 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' 
2020-04-02 19:04:50,600 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-04-02 19:04:50,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-04-02 19:04:50,600 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:04:50,601 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-04-02 19:04:50,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-04-02 19:04:50,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-04-02 19:04:50,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-04-02 19:04:50,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-04-02 19:04:50,601 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio2.my.workfront.com/SAML2
2020-04-02 19:04:50,601 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-04-02 19:04:50,601 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:04:50,601 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-04-02 19:04:50,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-04-02 19:04:50,604 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-04-02 19:04:50,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-04-02T19:04:50.605Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-04-02 19:04:50,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-04-02 19:04:50,605 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-04-02 19:04:50,605 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-04-02 19:04:50,606 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-04-02 19:04:50,606 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-04-02 19:04:50,606 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:50,606 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-04-02 19:04:50,606 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-04-02 19:04:50,606 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-04-02 19:04:50,606 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-04-02 19:04:50,611 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:50,611 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:04:50,611 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:04:58,312 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-04-02 19:04:58,312 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-04-02 19:04:58,312 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1039332563::identifier=rick, context=org.apache.velocity.VelocityContext@748f0099]
2020-04-02 19:04:58,319 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1039332563::identifier=rick, context=org.apache.velocity.VelocityContext@748f0099]
2020-04-02 19:04:58,321 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-04-02 19:04:58,321 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-04-02 19:04:58,321 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-04-02 19:04:58,321 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-04-02 19:04:58,322 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-04-02 19:04:58,322 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-04-02 19:04:58,322 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-04-02 19:04:58,322 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session c595597e684cd49af3a753e6062c02a7b0acdd019695c148109570433f712fc5 for principal rick
2020-04-02 19:04:58,322 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session c595597e684cd49af3a753e6062c02a7b0acdd019695c148109570433f712fc5
2020-04-02 19:04:58,322 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-04-02 19:04:58,323 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7d5e722b'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:04:58,324 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-04-02 19:04:58,325 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-04-02 19:04:58,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-04-02 19:04:58,328 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:58,328 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-04-02 19:04:58,328 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-04-02 19:04:58,328 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-04-02 19:04:58,328 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-04-02 19:04:58,328 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-04-02 19:04:58,382 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-04-02 19:04:58,382 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-04-02 19:04:58,383 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200402T190458Z|infraio2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1617390298383}'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio2.my.workfront.com/SAML2'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio2.my.workfront.com/SAML2]' as '["rick:infraio2.my.workfront.com/SAML2"]'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7d5e722b'
2020-04-02 19:04:58,383 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-04-02 19:04:58,383 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-04-02 19:04:58,384 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-04-02 19:04:58,385 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-04-02 19:04:58,385 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _89643295603f770f6791f14b5b831efb
2020-04-02 19:04:58,385 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _89643295603f770f6791f14b5b831efb to Response _05b5e324d35caa7d011bc81f302fcc1e
2020-04-02 19:04:58,385 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _89643295603f770f6791f14b5b831efb
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-04-02 19:04:58,386 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-04-02 19:04:58,386 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-04-02 19:04:58,386 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-04-02 19:04:58,386 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-04-02 19:04:58,387 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-04-02 19:04:58,387 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx+RH1HcKqqsvbhN+UiGkhxP9gpdq+YMVSJYYpWYvAf48lW746CDC5wMTX6SHv/RCQNg3jEfKlcC/gzgJgwpCAYXEA/mq/rback25uikEoR49SbgiaK9guU0yPINt1XGFqhR0= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _57e1b95128424c8f9050d99cd43269f6
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _89643295603f770f6791f14b5b831efb
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _89643295603f770f6791f14b5b831efb did not already contain Conditions, one was added
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-04-02T19:09:58.383Z, to Assertion _89643295603f770f6791f14b5b831efb
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _89643295603f770f6791f14b5b831efb already contained Conditions, nothing was done
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _89643295603f770f6791f14b5b831efb already contained Conditions, nothing was done
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-04-02 19:04:58,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _89643295603f770f6791f14b5b831efb
2020-04-02 19:04:58,388 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio2.my.workfront.com/SAML2 to existing session c595597e684cd49af3a753e6062c02a7b0acdd019695c148109570433f712fc5
2020-04-02 19:04:58,388 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio2.my.workfront.com/SAML2 in session c595597e684cd49af3a753e6062c02a7b0acdd019695c148109570433f712fc5
2020-04-02 19:04:58,388 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-04-02 19:04:58,388 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio2.my.workfront.com/SAML2 and key AAdzZWNyZXQx+RH1HcKqqsvbhN+UiGkhxP9gpdq+YMVSJYYpWYvAf48lW746CDC5wMTX6SHv/RCQNg3jEfKlcC/gzgJgwpCAYXEA/mq/rback25uikEoR49SbgiaK9guU0yPINt1XGFqhR0=
2020-04-02 19:04:58,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-04-02 19:04:58,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-04-02 19:04:58,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_89643295603f770f6791f14b5b831efb"
2020-04-02 19:04:58,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _89643295603f770f6791f14b5b831efb and Element was [saml2:Assertion: null]
2020-04-02 19:04:58,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_89643295603f770f6791f14b5b831efb"
2020-04-02 19:04:58,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _89643295603f770f6791f14b5b831efb and Element was [saml2:Assertion: null]
2020-04-02 19:04:58,391 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_05b5e324d35caa7d011bc81f302fcc1e"
    InResponseTo="_57e1b95128424c8f9050d99cd43269f6"
    IssueInstant="2020-04-02T19:04:58.383Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_89643295603f770f6791f14b5b831efb"
        IssueInstant="2020-04-02T19:04:58.383Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_89643295603f770f6791f14b5b831efb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>h1rqOEiau+O1/ULCY40kPzeTZbNxNJzb5zIAS9/k5bs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Zs/KTOR9EYOrl8R4Jn4Vg1X82uCBTrUoJ2z8NnvVaGUVbojXuackCZ0SjKaPomoOxNxnfuvXZ1EBDPmSJsO0RnLU3olfjV4Z70yy4SG19Ts1oq58IJHkuNSe6wTXQ3sVMPSgI3/HXkYCHyPWJmAStV6UgK+2VrB97dNkX4lLsF9mG7ljLjG2QxF8KwgkDr78nkrGxwi8DuQg1mpszk6PyJ21n924zmgeuUdx0u0jCsyiFLWss5S6UajeFV0q8ZiWq7GBQ1WoU22jxoLTlCjFxObRVUR8MHeaDgDrrAP8S7HygV2+lqWy+fnnVfgkKsnT/7mrV372Igj/0pVmnm0kQw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx+RH1HcKqqsvbhN+UiGkhxP9gpdq+YMVSJYYpWYvAf48lW746CDC5wMTX6SHv/RCQNg3jEfKlcC/gzgJgwpCAYXEA/mq/rback25uikEoR49SbgiaK9guU0yPINt1XGFqhR0=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_57e1b95128424c8f9050d99cd43269f6"
                    NotOnOrAfter="2020-04-02T19:09:58.387Z" Recipient="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-04-02T19:04:58.383Z" NotOnOrAfter="2020-04-02T19:09:58.383Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-04-02T19:04:58.321Z" SessionIndex="_1c29e62c235fb64d96643f1f4edebe3d">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-04-02 19:04:58,393 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:04:58,393 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-04-02 19:04:58,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05b5e324d35caa7d011bc81f302fcc1e"
2020-04-02 19:04:58,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05b5e324d35caa7d011bc81f302fcc1e and Element was [saml2p:Response: null]
2020-04-02 19:04:58,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05b5e324d35caa7d011bc81f302fcc1e"
2020-04-02 19:04:58,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05b5e324d35caa7d011bc81f302fcc1e and Element was [saml2p:Response: null]
2020-04-02 19:04:58,395 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-04-02 19:04:58,395 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-04-02 19:04:58,395 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-04-02 19:04:58,396 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-04-02 19:04:58,397 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_05b5e324d35caa7d011bc81f302fcc1e"
    InResponseTo="_57e1b95128424c8f9050d99cd43269f6"
    IssueInstant="2020-04-02T19:04:58.383Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_05b5e324d35caa7d011bc81f302fcc1e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>AhOuSGBNQP92HTEw3l1egYOZUSuPNuKT9qatoRNYUmA=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>pa1vpH48Xaif3m+aWCE0zsws7EZQrxgUMpLtarFaU7izSRgg4AWkf2sJ68Zp47quZe4r8jWMEh+LSHR4hgAFn7QvR2EXc2kO1pbf0BWF3Ul43TNE6xsnyDq2n3qYBLIOSJRxnmeo2QOi0FChixrAU6XZaU5uCaYlCL5veypbIf91RiLzrcsDsyHApG1yEEgW9XZDSSxLozhficdqWagq1qovcaumlC83QwMT9KMXMBkQQ1Jx0ZmXvehMmINHcqKVnwZmOGjHBBqPmYMLjNYBBx64FsA9rMLU/8d1T/mRj/77awSEAq3J1r9hQ8kOrMNJEJH46KJ1aYGSMB+DMnpB0g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_61db40a948794719bd96d97e3c45503a"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ebc76a1f642d33242b6f2b31b3f49aa6"
                    Recipient="infraio2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Vy3Zi9ioLszvM5a9T19ZT0x8AJu9DP3H8Igo6KfeyJL7Aw1XRliFRF0pJNRTeNBY5v5TPPyjeY/c4rjuGwj78oSc98aESMCvhrJUBR33/F9TE5BVlMkyjO1lFlz9y4LlhfaRGaVXvf1VWwq9pdzamWaXO4hUES5HdTrgGsjafqfdCFyudiRnRpzDkCiNenVDexAEG7Wjxb6EOcoYAOA1G8ZlLbucb56DshoThE1vwLb1QGbHF6tBv9HF8CjTKWAPqORqDTbgVhsVEydTGc3xtYjDhX3vC6a0Bz+aly1FGvXP2UloVw9zYYmiG5beWZMHT+WuDgk+KDOQpaiJj24bwg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>Fvm64K65B6qlUgBAVfzPuLpycz8vA9nmpsMHZRYY6abL/ly7soB/rus4QWun9wCajvkykcd0jlsp6OfUlSnh5/fFR3fanEqXeg5lQ8A+37UsCmTln+JRxi9hjdqz97TMcP1P3scwCY6yX44QSGDMYhyv64TqENHg3vukUOIlC+keB4WznUovWpiEbFH6MK3Sms10+WTMWXi/Fx4autZYn5fj7IxiAPdWky/yemyk0KY0ftSy8TsDohYbWoH2+scK2XcYKwXxNvYB64Gx/UPfpC3VzMVSp+ovkFCyywpA8wlXkZURpvcSqKfxrT+YAw127ssG6H9oKqkspT+jiagjNiCfqSVyP32IChmvHw+uTCTQO0UKLkaLEJx0/IEYU8tTYTmaPyQXlnX1EHBxzf9ozL8lyzHojZAAPxHwaada3vryZig844Wtu6FpbKbS6WVazeNIHm8HWFrsa4oDaq4W8dXZCg/+0opHbkx+2fck+GoFLQ67ocMnf0EhftdxqPE5yg6mUGE8TT4nCZkMgvSW8IP5vEb8vtI8x0tSCNX7XckRwMbrRPvEZcqTlLKvWZVmruStf7RER0JufWP689WZA6gNI+e0Z0YN3oEcbBAURfOG7ikL6+4rmFr0A0869qixWiTuLKwW4FifeC6lItzdQ5u4+027Y56ccRrkvhe36yDvqjvS9eRZ3DoaomSONVdiP7VrlbtZ1/97ScX5oMRz6qrhw3nQDHg8fNoK/32eke+pd779oOhfupTmSyYpSv6b/L01K6JWd+4VvpU156XHjaSuQ+55sDWa37jiLcJ2G+BZkn2F11qTiYhCATvkmegvN/ooYCrkC3xwgfa7aCp4xnGe2AuYoCzffbaR1nKE8vw+xd3Xw0y7lTK6OlLEg9QpghYdHXQ5e+xBbJ3T3bpv+crb8rxwUEeVmu+aPkeNb4p5rWnYheYEQszoTsaY/BHUHxfTrq6Ik1gWA3z5Onr+60WcSPAAfkgbKXjuTM4jRH/RsbbWAVuT3u/SReS0fM6/tYr59xb35d/KVZMeCYxHqDct1320sahpVzgwN8r4LMdywb9aSdONoCb8owyC4vCUyYD6PVagsmH46Gty6yd6Z+XJjoKEdqkB/PhBrUUk7HTW+Ib9LM1oDC6B1blmLhZonomtwAlxpcc8Osh9RY6zbDkpIVsYndtXS3Tk+IBq2SGKMXJuKSD0eKpLU3HMfAYzwCGhWRJSxwts+pz85n4Xy77dobf0EODwDW6TSOhzNpMiKGNK3QhCk7ieoOr7SLUnyPiM4fHPrZhQEwOORwSJ1aeocdXtvC961qwM8vb1C7biZrU5BD9Z5QOou0Fea1plYHG0hjFobj+eSeqSUq4fNv857nGRAb7xTVXWmeUL2mK7t15P7QmH1vpivxYQBW+/ZnQEGul38Kb8ZrBr6KtT2sYY3cjjQ5hhGTVB5Z2tgZjzkzVn85LnL4+qfZW7u106ZDF5KfBnzmKfxNYOLhIQTz38e+snO3gPPUWjrJxtgr5jxzd/QzRcr8oRHBU3ZaYMZvnGQy+xxN8d31IFf7lWNhY1VvsWwM97+c8bujWhjtaPnbZRpZ/0SLNsyuRgriONltf0io9XGNQ6O/r1e9o7xfLOzl9C7+KrBcDKBRQ0J111xPY9kQ4cQmlBkxYHB1M7tFprqb7q/7B6Nkg7REq2WaxreffCrVRQLNadCPfttsj2pQG/fq0UQTDIaEmLMUUD6iUqgcVNS3c7WWcbjfWcPuzvUsdvtiuH3Ll0VbYawhiXy0Ve2VfrcRsp68ltRlmOv/1WDrelQba2z61D9Ny7AGImEGkcV3mO7Or8UYwJmM0ekePQ9vtjMLcihfN6hBx/oHgCRgVMrZWZwXdPRvzDqchLZEq82XoAFihNbuCbAq9XNYY8HBRo/siBRl6But/eq2jm4mf3E+mhf63pVKZbsqIhZ/MbC7KuuSsKk86fsPJ01GcdH/NxmBYe0YfHUI/N3ZvH1UJ2NAlFVPVUopnY4qqZ9nhe8eLbrDDEooYYjpx67ZE+IIhrYDzcQl4wh00Ot+2PcHV7yn6cpFt98SBBJUs+lzMMHEsqwK9A0jcWgB1sZCAgmHz2O14M1qT7fg3VIWc97ZgXQFlLCJhGPk+DcdQK00EJenYseWm0lmVMHjMyau3PXm6a/ERPyAcfqEoQArW0JTEqF+XttndlIPVju7CzV5hbMgKh4Ap5RDo97P9zTQMf+Nn/Q1UVEc2BpoF76uh9k3Q1N0OeI30kibHw1SWDRPesE0TQbda1J2YiobQF7OgT8CwIamhGEeJMCtg8ioEfuAjKmn3YpHgXdkaEOpFGiJCkNHAF0kHm/XJL999qAlAVUcylBwyTXsuAIt803vk7DkhJbuPWP+YEnDdcn236CIrvi4mJ/cJNKMSGFo07mlB4FV7q2+LXvS7oTvdqZK7XgyNmiGtAXgwJ4NbORntkPuZlyy2U1SMtiEmjs2fQ3ULlt0vdWw1MwFexJAgqff8KbaHY3qqF2f3RsDnHRGXUtAALYKOkA6VwiADNvUl5HxNE52Qw7Hz7MR945AUIh+ZNgNYcj+jk9B0QAByrK8a2NNJtLGOKJxSjL20e2C4Br8+16nO3qXMo9MMDZYvBVNsthZv4KaQq0ls9YTaIxQEjGhNbC7/Nt9kqhaawcWFM6AA7AJW7sCqQG4pCoYuOWPbpBUMy50q5nUoI6UMDSoMeDNzag/vZsZGfNSuqo0jaKHBLKvAdvymlpSDoXtT3Dhy1VV7MZAYAQ4dAEROLEl55ZL7Tym72v44bbLReVgSEBoqEHRXjCU/N66CoHjGDcahsYCUxa9nlnASMAfYNmca6IoIYPr+yMNPwINLChRzBUdHhGcAXWXsQKtpkFx7MuSu6Wdv8sKcv2R5WJKGQ//4Drvrvg9NOyQFiv6duCz+PvilZnFd+ST/B5lUDIMRHUH1qHX5eRHlWkqbpstocEzczeC4BQNftjgdOoNAc+/H289VmchfFjZibteT0YgxqS5bjHS0h6e2nJjjIDE1+9CENapRXYl9q0ULpRDt7aInkStmkNagXar9Av/RhjBeGIQjX1VDZ1Ok1v0Kh3eC3+Jk6u0SvOE2j28Ch18FF/xpehwFZO26uEASGJZIXas6Kg9NecqKbVa/OBImHZoW8ZnDG1Oirs1ilDXF6LmJRTGSxRyaFx/0mif/59wda1nwBTp1Pms259UIV+E73JaqO+rfwYSbifOjtjaONPt8v9KAX4gFrWhjdX/pHZRFR1jiAkvd7EcfICk58G1WHwc2BXnQ+FNLa52op4MuKuXZckxD0iTAZ4UUwlIdCcB1XzGfFh9EP9zWu4D9HBwzvBhwWWLaLRb0ih1PyzAFDg2AsXqgdiLwr4oH6km6hkTpXYIqzYgtlTVMnLH/uBVdfLGLw1kAgAMhK/yxxMX8M2nGEaRBj/rMa7ng7T3QGs3NzbJL7oE0fnlBNWH8g8Hl9hIto/ZaJCgaKsoo5dwSejNUO4ZuHMV3i7G6plRyzSu7hkaQ2NcOc7Lp2vMmW4ugVaJBq44RN7vy4FDnD8/0EPA4sbwa4+YGvEXq/MGScdlcnrnZwYF9HWoIkxx/MKp+AfTSYX+WbGICZku04kaVRrS1aQvXnB0HhxNlqHBkFyUZQVtonUkQQzzcOlWMuzPjtAnWZw2mkyOD6gMbZW/TLSkb93hv8psPpEsUUtLmWiE/pyDaEIKnDo06FeA7JI0106KZN5P+PGkSBxLHLnjjzBaJpdlFt/lLDufgcHugaMHxh0YKs+GTw7Ed2Pbockm/8N2MDSmH2SUBhfN/NwaO6ARuvoNvXNxZ6msGkJCnK3oHivfKWEb8xzdhe57JM12z3XjfAcA7at6spBfcjoYOCM1PIpfvs/TXIQMpvWoWV13KKJzBwFhiq7LODo7ctufHhYc2/+gbKXHDBo2gOpDTDI/UnwPL3AIwzve2NlPNH5g9tjAwCGIqNuCIJRmhLIVNCZOg4oZOaRNFm7kRgsVvAHbsdMVhm5wkIWwj6dtkxRYl7Oh4H/5FiX2cgknPxKJZxA4WI/+xr3OSy1PgviOU/XZ9Nm4m8rbRqjnOizaEAqMnIF8E045ZxeinVvPoLmidkRn6xjVUXWjABpEKaxqJ/xIN2f6mnHIQ+DSphe3iKRnuzij9FnnBX3e0Jr552WGPE5Z+E6AxxLFjUwXmc71Y6OO+PhpvIDHFGpRfgaYOcUE8JMAybd5sGXyHXq0kusPoFXrEPNiNuMjo9hSIAKMQW/NtmsF5CNpUpoIa8LSEVoWMd6na7N1YPxCEHNj5y0fbKn+BDuTijDZxmSwW7PLrIRgT6vKlnpO85kPpJ4+rDbmNQOyHycf0e5Cv5+w7Zh0fiuxVNDGM5ts2U7/Ekp3KpvfDCmT9X9aFEbXloJHNlOenxYLOBngQ/fUsMmGqCuM5QIkvGsdOO0Hd+H8A1maogkP6oAhWAKPrd4VvED7MURguObIFLfEDB91WVQ+bBiuW2hQD7Rv4N81WyQZL8ZpLwkUBrX3rHHPrU9sAYy3i37ZnZFd+gucgiXl9tg8C8wNNZzv21HNjz1sDImnt7bMlf9q3nGljhuJaLQlKt+JxsWiLuaBNp1JXN36OdtioAsFySgvgqal0o9aZ53WeCMB9BMCaoZJgdwJ+DJ/SO53ZjwWT/10vKZfQoO/ukO/HNNE960xpJPqTIPXrXMskxC31S8i9gAoQyUAjrxq33qaqs8nATlrapCJFJ1/aoazko0LdLyJND09KrFhxlQ/A/Neq9CVicc860EPDZr/vYxxx57e4J4Aa4CLMEjWHU/3h4EIX8GO/kzFDPCBZl+GRt05eSyYg5fjVp736WFMR7OViIAOOFT1R1IKOEUyHZLLW1hCc4463TlBP0A0UJ01W7FQL2mFYu5rP/7K9A1N4/zz1JTH0m4AZyZbDAFprrx6VNfdexFaOaG2raD0vhF2UHuoDrMarhDwOgjeBZntOO9y+vwSQxZxteTU4Eo9fpAPiG8SgWKQFO0YrpEFyxLbRLetaeEoC4qL1d1KuJypAkbZ5fkhsRgM0xqzj9GGscYM2Rhk81bS7OgLtr8umytGDc10b2Y3rAWTmS6XoD2RYRlUlz7iN4HLVlIPHV3eLxYkZHNHJdzh50RTZROpRDC5WUizfXMGTZwtN1fcmKQDNsvgw+daTms8qdMcRI3ZM44ySPGl99hnU2rl+xMT717pEkHD1dKbnDKxmCF1nifqcPi0iwQtgMEes0CYJD/SdNwuyj4ih/nEfuDspPeWdz9Fdl6m9Ff4TcVTHNRClknooLoMbHVa7JxJAVFJBuuoziKmhV9wNoeC5w1wmxyxBVAnC7bzIekp2tFxeFW+JERLB15yteW7Tb4UJJL+bAJLh74De5LCgtrdRfdJtreinSIqf7ypWOLPoRDeNt7uwo5h0u+Ib/qHOECD7H36b8zswHQvfJYAEUJi3U7nmxG74QnwB5kuziXooC9UR1oYmpidmpbhhml+pHl2eoOEcvGs77HqwXNQ1lKXxVG3kyAosqyNbCkubKN1U/W4QJkaOTjzYjmtVWOwwDVd+Cg60TWYYRbUAwa/EywqR4MqcKrtxKbcNbyMK1Y93E9eH5IaKzgzDLxJn5EjR26k4aM1PKwa539n6dna2vXby95YWiMA3ic0CkBTSg3gRH+A8+ss3fv+MYxyh7I6mSVyHV3IaVtcVxw/avEGit+9zgWBM5JeCNFpI5G5sfQtLcvBAcmixjvJYtCGNxwAXdWE3KI5fN/P4c6MP8VQVGQNn9P1/a0gHjgM+J0Ebb8qQLWAGFqLrEaflkV0dgRTMLKZFuh++0YaTpOCS/GIWWktjNlDMHsXqNmOjK1JwxWV+vBX9oOJE0mWfwVL4Aupf0emp+dQihRh27E/M13tXUoNtwxcK+HelCKGDpWwHxr75mwOkgUoj37unfKe7aBUo7LNvzHDxPUC94/S/k7RVzwm3zSMRRvfFFTSkEBECK7sI6prwmuzSOM4oGdXsOEEKFJop0xAeSJr/W3bZZu4rIoenVLEQ5kQKIYO9uNOix2xTBnnfbIGYtsnmVxf0/8FDTa/Ac27ortI/2gfUnYK8/kbRJ0z6XpHpNz8UbRI+7eNzFiOkJmQGFEyXQcLQUbltcyf7jeyNp7b/NsiUzLfn7X5t3PHBQhbuS6zaTN3xU7bb8XluFv2T/MhaQjtkalQluTufBK8UWfa7XL2dMoTr/ikU544gYwcNdraE5ughDTS89ZeXsf54MSsbeuyq4aE8Q/KKDXcnWLTMYLzSTcyvp0EDZfJashuDxQk734X2wk5lHitwN093U2Yyk+1PnV+niWymwWtyeGJK5HN9o6fQUAFc3y1e7lLUoGlAuq5szEMn3MhaXbk6ZHt3T6HyLiwzqKfQrsrzPer6Cv4g3PKPcBcXauF6To7IazCE/2vEHGLNQ2fvpOL3e7GjJOtNgQSFwnfSYW8d9A7cJlQ0Lzm1AFclVOZ8X3r2tIFFubCx0ifSvt1t2AqnIyb4g4cn8rv1BdQs16FKNyK8KTJttb2Q8FUNhn+VWC38h8MuF1U9ARnFjDticiUxSPdZxqyAudV4L8dzBLDZRWmrW1ztG/nHm6SMl/o6pEIAD1GawAmv529rwZGOgawVdvGir4Dfkr7AMpOE3vmYX2QwNh6hs/gL5KedVBeHM/kmx5+CKmsFJPHy1BjeHbfQur4UmAYNPyCSugM/OfriufxG2m3JehyWx95g0qmMMyO5IIshPtvX4d4M2nZMt3IDi+b6KC7JJ2pXe6ufaebYHL+8wbGoBzswHE4ZFBxNv4wd9ATyz7Xcm1ZvKD14Q7x35snaGtBCFVol0TZdqSmcPP768+H8MmuZiyxqr4Q9agfMVBe7i2vfvaY9VdJbbdMNKUIjle7a6X1HcEM0L1QO4ZGj63U6XrYrcqSPErFXW/UHZkax8reZ6N1UjOMOZ34lCl1GjZicUwKoNO8z04XOTFsg0oH6bQ9J++rmxOsWcarJYg2PoGwj1JHrnZrE6+slrpWXMmIbmJTtCxEgrOOyrihaFMfhfj0OwoMqhXFKSY8wJe6DjGrFBFhsl+bf9QpLaCicaC0VxvtbKe8x510j2iN6E/w6G3/S/tVseCtdXfUPwIp4y7xGHkj0WYJ4pD26BHf0ZF7DArXmjd+V9vwbbjk4kckE3iAKFj1NluevFedJfxL9/zUQXN8raLDA3cnmi9CU+rxjkrZAhxJ6WhAv9kd91PTPrsrBlhmXWs/5taUUpfcw0eVmvqmUhPSf7mEEe/siYjheF9vq4230twqnfh+mWZN7Z3FG8eH9BXNCZ0KZgnFvZ2sEdWVTKurQHx3lP8UjR4goWfgqmrQutHsUeegm9/ij8JQfvcxGLUDTr+3sAENGDMELbSzFZBgfazA0mV69qrAgSW7b/AZzSWK9j5HhK85BM3qeP+MjlLX6LQokMkpoJebVRMYXlnAMrP3SIGal3PxNCBRUhkw6MsihEgB/P693T7HD6aBLRtr47HepHuIZ7ji68U+5s/d4GY/ImIAGQL4SDX2Jt/N6g46+scLOuDTWJ396UyZDHJb8VCm5vtUsGNFK3WcbZTkvnXA8H9sx15G5ceOUeA9stLJ2/3jciVjfSJFdm9USHmzaV6Nyk/IzfNUUfwaFWAZ+h+92FMMEmDOBah2QQLJk00Ldt2yVV155homlm9p9McXPxaogbMlVr6YNLi6qe0N41+AtUTNupU2hLr1xIbjB5IPU7GLsGmNQ4E2sMI0s6A5ALoM927VTXcOulT6W7xL2fuPOn430cSenjpBZbhwBZpCVTSDzviQnr/pL0H/bQQ4AMLauhFtIcCObJg5NoPoeU5Adfa4GUO7kKnTlcFSyFHY0YQsDPoytBQWJOjDfpOm63p19oMkAo2vAmuENuR3bAszCZ1JJo0NopKUi0g/HPS9da2nEnuCVEHqhLC0lYbA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-04-02 19:04:58,397 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-04-02 19:04:58,398 - INFO [Shibboleth-Audit.SSO:?] - 20200402T190458Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_57e1b95128424c8f9050d99cd43269f6|infraio2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_05b5e324d35caa7d011bc81f302fcc1e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx+RH1HcKqqsvbhN+UiGkhxP9gpdq+YMVSJYYpWYvAf48lW746CDC5wMTX6SHv/RCQNg3jEfKlcC/gzgJgwpCAYXEA/mq/rback25uikEoR49SbgiaK9guU0yPINt1XGFqhR0=|_89643295603f770f6791f14b5b831efb|
2020-04-02 19:05:00,965 - DEBUG [org.opensaml.saml.saml2.binding.d