2019-12-12 11:00:04,764 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2019-12-12 11:00:04,764 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-12-12 11:00:04,764 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@238359331::identifier=morty, context=org.apache.velocity.VelocityContext@4c488a60]
2019-12-12 11:00:04,767 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@238359331::identifier=morty, context=org.apache.velocity.VelocityContext@4c488a60]
2019-12-12 11:00:04,770 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-12-12 11:00:04,770 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:00:04,770 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:00:04,770 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-12-12 11:00:04,770 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-12-12 11:00:04,770 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:00:04,770 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-12-12 11:00:04,771 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f4948a4fc316fecf6caa0ea663d1b95ebcfc9e2b28a02558a826eaf3e8349bd3 for principal morty
2019-12-12 11:00:04,771 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f4948a4fc316fecf6caa0ea663d1b95ebcfc9e2b28a02558a826eaf3e8349bd3
2019-12-12 11:00:04,771 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:00:04,774 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@251d0777'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:00:04,775 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:00:04,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'acornlmsdeployment.pursuittechnology.com.au'
2019-12-12 11:00:04,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:00:04,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:00:04,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:00:04,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:00:04,978 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:00:07,398 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110007Z|https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp|AttributeReleaseConsent|morty|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684407398}'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp]' as '["morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp"]'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@251d0777'
2019-12-12 11:00:07,398 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:07,399 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:00:07,408 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:00:07,409 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:00:07,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5c128fb124ecdaec34c204301ad9d8cb
2019-12-12 11:00:07,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5c128fb124ecdaec34c204301ad9d8cb to Response _089dabdec96cdfb23e9a71a26e1fc807
2019-12-12 11:00:07,409 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5c128fb124ecdaec34c204301ad9d8cb
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-12-12 11:00:07,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-12-12 11:00:07,411 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:00:07,411 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:00:07,411 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxCZDFFxPtoIX/Lq+jt00RzntZfmp5oOnIRxB6xWna12VaS0GUXU776jUSRVR8RUfPOGXdIrtR1dKzCApE9hETmnP6yWIt9TU4ISblZInqDhu/Cb+9OdrL7dq4bQsfCSnwlL6ilQOsxq6MLOWeiWDO4qKZ5nfVNIQS9KQ+1z9DkrC7vx2PsEpwHesYhK/1294Z99cdrg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.34.32
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _fcf72ab07c0cac49bb1c0cd4d7550deaed1c7aec1f
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5c128fb124ecdaec34c204301ad9d8cb
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5c128fb124ecdaec34c204301ad9d8cb did not already contain Conditions, one was added
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:05:07.399Z, to Assertion _5c128fb124ecdaec34c204301ad9d8cb
2019-12-12 11:00:07,411 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5c128fb124ecdaec34c204301ad9d8cb already contained Conditions, nothing was done
2019-12-12 11:00:07,412 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:00:07,412 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5c128fb124ecdaec34c204301ad9d8cb already contained Conditions, nothing was done
2019-12-12 11:00:07,412 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:00:07,412 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp as an Audience of the AudienceRestriction
2019-12-12 11:00:07,412 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5c128fb124ecdaec34c204301ad9d8cb
2019-12-12 11:00:07,412 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp to existing session f4948a4fc316fecf6caa0ea663d1b95ebcfc9e2b28a02558a826eaf3e8349bd3
2019-12-12 11:00:07,412 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp in session f4948a4fc316fecf6caa0ea663d1b95ebcfc9e2b28a02558a826eaf3e8349bd3
2019-12-12 11:00:07,412 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:00:07,413 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp and key AAdzZWNyZXQxCZDFFxPtoIX/Lq+jt00RzntZfmp5oOnIRxB6xWna12VaS0GUXU776jUSRVR8RUfPOGXdIrtR1dKzCApE9hETmnP6yWIt9TU4ISblZInqDhu/Cb+9OdrL7dq4bQsfCSnwlL6ilQOsxq6MLOWeiWDO4qKZ5nfVNIQS9KQ+1z9DkrC7vx2PsEpwHesYhK/1294Z99cdrg==
2019-12-12 11:00:07,413 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:00:07,413 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:00:07,413 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-12-12 11:00:07,414 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_089dabdec96cdfb23e9a71a26e1fc807"
    InResponseTo="_fcf72ab07c0cac49bb1c0cd4d7550deaed1c7aec1f"
    IssueInstant="2019-12-12T11:00:07.399Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5c128fb124ecdaec34c204301ad9d8cb"
        IssueInstant="2019-12-12T11:00:07.399Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxCZDFFxPtoIX/Lq+jt00RzntZfmp5oOnIRxB6xWna12VaS0GUXU776jUSRVR8RUfPOGXdIrtR1dKzCApE9hETmnP6yWIt9TU4ISblZInqDhu/Cb+9OdrL7dq4bQsfCSnwlL6ilQOsxq6MLOWeiWDO4qKZ5nfVNIQS9KQ+1z9DkrC7vx2PsEpwHesYhK/1294Z99cdrg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.34.32"
                    InResponseTo="_fcf72ab07c0cac49bb1c0cd4d7550deaed1c7aec1f"
                    NotOnOrAfter="2019-12-12T11:05:07.411Z" Recipient="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:00:07.399Z" NotOnOrAfter="2019-12-12T11:05:07.399Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:00:04.770Z" SessionIndex="_9749856822287f43b57dab8dea3339c9">
            <saml2:SubjectLocality Address="172.31.34.32"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:00:07,415 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:00:07,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:00:07,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_089dabdec96cdfb23e9a71a26e1fc807"
2019-12-12 11:00:07,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _089dabdec96cdfb23e9a71a26e1fc807 and Element was [saml2p:Response: null]
2019-12-12 11:00:07,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_089dabdec96cdfb23e9a71a26e1fc807"
2019-12-12 11:00:07,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _089dabdec96cdfb23e9a71a26e1fc807 and Element was [saml2p:Response: null]
2019-12-12 11:00:07,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:00:07,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp' with encoded value 'https&#x3a;&#x2f;&#x2f;acornlmsdeployment.pursuittechnology.com.au&#x2f;simplesaml&#x2f;module.php&#x2f;saml&#x2f;sp&#x2f;saml2-acs.php&#x2f;test-sp'
2019-12-12 11:00:07,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:00:07,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://acornlmsdeployment.pursuittechnology.com.au/login/index.php?saml=on', encoded as 'https&#x3a;&#x2f;&#x2f;acornlmsdeployment.pursuittechnology.com.au&#x2f;login&#x2f;index.php&#x3f;saml&#x3d;on'
2019-12-12 11:00:07,419 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"
    ID="_089dabdec96cdfb23e9a71a26e1fc807"
    InResponseTo="_fcf72ab07c0cac49bb1c0cd4d7550deaed1c7aec1f"
    IssueInstant="2019-12-12T11:00:07.399Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_089dabdec96cdfb23e9a71a26e1fc807">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>FrUyTl8ypoxBmcE/RUbXnxTa/+sWR/4taXvPZMwMbPg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>eks6HOVAwn7sOkvqVGOGdPkUxYljB57jMxvUufOkTGdS3P8G4+l0TtAUawFeYykh6aWIykBY7UvXrRs+OHZOXNWOBkefl2Q2a8NBwdw6QveDmtzYyGGD9LfWceMQPb6UCj4pnMpp7OZzJ6rkAM48UP3rLvielZeaYj2QoFvnyeaKXaqI2nm8pKiQRMFN8ca7BaBhZpVI98DC+YxEe93r6oDKJ1tB8lKJ2b1VF5qBhmBTr7JueBQCG4vQgwPtm+Z5yeKLZw/1WeYu9qQz/C9A/sLmrcLqzpvHW/QS+JvFBkwK2OYfyszHf1fh6tnv+UZa58m2r+WZVOoAaRDc5sEXOQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_fc325e9363d78fd36dae7ccd0015c634"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2a3be35317d7c970d10c70cb8625feaa"
                    Recipient="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID1zCCAr+gAwIBAgIJAIRfX1nHIdIzMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYDVQQGEwJBVTEM
MAoGA1UECAwDQUNUMREwDwYDVQQHDAhDYW5iZXJyYTEbMBkGA1UECgwSUHVyc3VpdCBUZWNobm9s
b2d5MTQwMgYDVQQDDCthY29ybmxtc2RlcGxveW1lbnQucHVyc3VpdHRlY2hub2xvZ3kuY29tLmF1
MB4XDTE5MDkxODA0MjAxM1oXDTIxMDkxNzA0MjAxM1owgYExCzAJBgNVBAYTAkFVMQwwCgYDVQQI
DANBQ1QxETAPBgNVBAcMCENhbmJlcnJhMRswGQYDVQQKDBJQdXJzdWl0IFRlY2hub2xvZ3kxNDAy
BgNVBAMMK2Fjb3JubG1zZGVwbG95bWVudC5wdXJzdWl0dGVjaG5vbG9neS5jb20uYXUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuU99qkB8VJ88no0zRynilvavTfkcB6g7gKggrUeXq
CzUNniwuflJGVcj9Yrw5br5ZsTBeFpBb+U5qLODHVaMfpDekkjiyNiR2LTtiv6SGN7PFWO8GXpGw
bLMkPAiB4YtM1B/sIT/k5OE5NBnvUEV5Oxwy78EJ5jhKjAGosqCTTSOsdZsbMD+AZgDaWq4uX4VX
KVAaaO9tXa+M28Xt5m1HZ4Td2XWlN2ESt9Bq/KwZpVDTIjvBv5FSUQeaAfbcbgbLKM+RL5aBwZWy
qI7tRadJT0YS8nCqXa5J/kW0JDP1eiKkt30IIz2go4VSZjBBOZw8rQyDGZwg19Wuo2rgadopAgMB
AAGjUDBOMB0GA1UdDgQWBBTZDsu5JDIptE7YzY31ZVFWL+ov2jAfBgNVHSMEGDAWgBTZDsu5JDIp
tE7YzY31ZVFWL+ov2jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAwYyDDZchZX3/B
h4hQ46enTXvxAcGln+ScDLwao8bB6L1Qaj0egbKa3KXtD3m3NpigZ7TPqrvcbe33fbGkQ+K763lg
JXNnwxqyBWCpe7qhQvj4IClD4OIV+ALyHx5WNTiMXESa2tHCq5+N+6tk/laCwnXPzFEobKXxCib2
sBeWMg9UMQJwwqHhNL//N2J7cPl9C8vXIdNtILAp+g0iaEE6rMkLPUuQbWwqbENhjfcQnVb78vGz
tlti933DifYDBC9W5HB9XSESHxiiFCcfff3RfYmul5GWud/9ASgfJPwj49u3mg6I2thevX8ushuT
OqCGQXzTHDhVZd6KNW6L0/li</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>dDm73SC3JrcPwXE3LO7JFk9LzTBZJqe167Uv1c6Bdxjua9x3xVf5rm4z6s+bU+5mhcDE+3AHhjHPctSjbzbQ0o5RdZGaJXufWTs4HC2XkrDSYEBHE9cmZgrOh+C+gRIsmr3tSB+Gfdk6imG9iv/VYAshNTjddBZcmIKC+bJYDhqB3Db7kLtPOsyMSjzdC2kdfwUYWmn6JvBSXaN3j52rr51N/z8UWUwcoQUkFSfQCn4n/NVsC3FOprYnhFffSogJypHauzfeaS0CEHzHLV3HEXr6BNwbZgo8f6UpuNadIzEa0tzq9KlY0BWlADh79bnzvw8mD/niMbmR2Cvdr5fReQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>7bJMBc+7sXsT+JpGfjZXRcBSnREEuSKBCOd1LDA/bpTaKF9W70sH73cQdr/jF1EHP8dtTg+PCjd1p8Y8RwTMGEOrkiVUG8pJkWLC0zrfhp1PfVKQ9kjsIodMVwqsllSqo9m5lndHj4xqFn2CB2TIgbuXe7EgvQBfuMBzrxWm0QTXbZGP95JaWmZf5B7IeCR/fWJLtQM6Z6SYxyQ4N5DWVb2OaZ4ylcPlFMaEF1eY+SVsMpPrZ8Pa6dWfx9V4zfDVVYFwcACXBYO4RdjooXyl51ZNn4UR0xHbuKnq0gKeyVbHpXolpbeuYYqa7xfBh0KqAFbxZkGexSILhOHg3THp2L0O7JuUvD5hc1sI5D9U/sqtEXWIOMmUszuZivzJgbtznsaz8mDqZQC2EkDDItYrviXvlYxTkPdHReTzZGTe0YYnJhRf90zSqyoAVqN/ah02frIknv7O2l+28E7bgX7xLI6KB/lIqONNTnoINdQCSPFozdhjwF94clxFnBJVLa2pIVHdSYVWzihi/I+0A9J4ah2LJWFCARMTnglU3g0eScnOeKT8BfSqXkBbgBgmbNMIlp8qFOeFX/4PxzeXunSdo98d4qxAg4HH65xUg6E4AQfikKnNDbt1kPHZ6ONvG1fF28rapih6VzNM+iW1uGFrtDboKID8OnyhToSrmvKio22YoScfY2uk3BUapzB5L1O5EefGkZInVFhtyBSrg31Whf7yU02NFpbbNlunRFHp4ceT9ZFNSmFQp0I2NxCf5GCmyetT4uNPZdsbrvXobN+1Ngdrju1mASjtE3zundWcOjhK1GWZb0al7puLE6ZgH3l5GiFDb/Kq2EPMk1YRXjjSCbdjiSfYNDKTOrMwM6l0eiJ9iqThzWl4eZvOs//gS+VgOxLpUTFcNXO8JzgwuzyltsH1BRYZlzZiZT+qMOAt8ZKti9ZPUeOIHJ5WJLyRe1Iici5bINiPgCTPMYm9SYibWodgix0kyC1PHrOgtRwNzzKtJJWJT+2VXw7L4P5UJAsWM7Wbldaa5366qHLNjrTexqTf0iIJByLfCfaslkr8Jba8QZFlXBZZCJtZeMEdTfAO88xlvDqYXB3M1WxzNrJ+e9MiPcXBNTYRrLYOu1EThmwh+5UropSK1tp9R9KrAaxtra92jzFuGlmNCrqIDYNXaXvMZW4JXFS4SvARWai9kWCBz5XBPXEEWhHPo2FEu9l/PBtTJhimTLfFk0pBvnYINxgsIz/QwqdbWUS5g9aR7IkMtuacP9Wwdw6lXU4k1FQBapi240nJWIUJN78sDsVPLIt8E6KlblixEb5FfyzVHXQhr4zY6IXyCMD6kD48M6S1rDfefy5ad9R8SIIlJMauBSnLtV1P3ERirtCnfs2ULhssQCNfSW2f9WKz9jbFH0QvBJdX+2uSACjWHgWBJcZtt4N5fqgR+4uLmZTz6qBHFcO/Dqm/OUKgGZk3rXATR9brRAV8K7f94vly8KEzllaB7i7nDoXxiJy0AuwJqjJy5iXhsvrT2cLvm0hZF73KWScS962MTePux2RvLriR50axWG3oAh+Dl+OS29JYCwWBKLy60TpGJ0X0xmwZv99u9ciiWf7Ouw2llR5RFK6EX/bxm+9pynS+4ZmRvutuhW7f6krxWki4PR5qRJ2n37+DdTviH/uGUunwZShviAhs6PweaXSIKlt4CqSPjIn/pufgANcdZFdeZDOsc1h9TYLUAbIUa7XJLxJE52GJVqIaoSGWYaBbfhr/rAttAifRT40HDw4C8yJzD9JkyfdFrV2FPRwIsO3jH+O6vwSNpxUDkb7TKohDRrZQ3MvVQX77x5Jt4PdhmoQReQflXyJaJeCmhyGb9/JmxrWLD+6keuZLRzDSDp7pHfafxFbyOu9DNaoWxPWneoQfCqUZJkiGC2S/lr54ePCe9UnaRmP8WW6FMkX7cWPhSO/cjOaVRd/vjDq6BQ2HtAWJPKlgsE5P08rUJvKSSgyoZ78hNcQYsaBab3Ih131zZiZlsiDQc1o/4ozPbDw+pFnHgoXYqMv0Ui+DMDh70GkfvFy9LGbns05kR0yh+szILxVl9X/yOswNHVOVlHG8p8NYg9eAQwgYVPxkV1lBg4Ki+BHGtkJi1xGQqPAV08Mi55Z1ctOaFj5SMPook41rld/iDzsLnr5d7np8UQPUqXmJ62s2P+kAiZ9byU4lmsYwbGvb8xrNlpbiB7WCa8wnKNPdxb4yFZ2hagHWAJMOd2z2UWf1VmlFT5yYMt/scO/kYYeSCj2siYOLMlLRPcukr6bVFqHSWB2bmyObVrd5/TwHGPJtTsWxPJmh09DSAsJqF+rTMemIJNtSPum8kyVvptOtlRLQiNzzWvu6UzQ4TLM1TewG2Jggx9IRAJRCwUon9zIiG00oBTM9+RYxNSsbF7wkpmORTEJm2eDvTWse/+igbxVDxV512KkrtYPypMRbJz/0cbEolSOCFRXapGydhdtOXOBSnaTo6XgZe16fmB0VzIIGzG5NnahiSCRd5WyuyuWDBfxvmh5N3sEgBflNY3nXRQafe5Ashu/fl0RXGPZvTKXSOxBgCIDSsQFTYXUASJoWwqHEJ+9x++erF2u+Hufdp8cdLUacMsKmT7Odcq8s73svcQUqPKIRzlFkBWgsIp2SsAjc5uHhI8CAqFul3/NWYpxbWvFVUquTl96K7VmF21B02VA2FF8FPXGfCBH6tJ6HRJuyah9N4kJPGWDZ2mOzoUTg7uJWI46hGbBrizOrnOHL2bdMAKRWhfYOTbvmdhdXJENgQ+p9fto9oMQNZlahz6QMr7W9O1BuOS4SVVwvALCLF3oigf12py41gYGR821Z70z1vPMJl8HMBL5a93p26sYD8NsEp5/I7G3Gi50eVsC8Ib/7O5XUnkcWvElHX401KFPxk3E8Z/21X2D/sLrtCJwmJ3nqGXAC6dwjyHDexVN89UGUiZyzf480DSD7Q3CcqhX+hdX63oPHlJ7c3JlQmGvk1tWp5EwNhqrxV/WuTrh4PwyjptzATnk81j7dqSK8a9WuN4eCKsSoT8PHH3RBpS8y64H/ulB+vuy0IQ/DDQwzOW4QAlRiA+VTD8imK9BA2Exki5JasLjA71/15BvgsE9rNfAaBFkDPh7d8uBh88ncZtO3QR1QfZ/yAw3XjKcdFWKxhk/9UcR7S8WYSGhIeCjJ+mc0WODMGsQdHt+JS2IyFcb7PPWf9DGPrROuDOaYIcirAQbco3j/aTUmMQ0Hl0zQ8QOJqlMc4MfkVMSiUwEwM60fOasl/o3+Yw6wOyAw53pYZMYiG1eJtm52ChxhDEH/E2urkjNXEtBB/kba6dqhUN0fKk20YDRU4QRFdubGkSdIpotdlilspzS5guLLf6bfj09DmjILZF+21sabD2bdaHfuc5o0IJntBmfBCIkbHSxWb13aCf4CoL+NoV9rbf6SCYdafonwkZFUo1eym9AXzkXdY63DvSc4YBHhD1OnFfPgp7mH6riUhIT6ZhGw+sw3og1x+MSlM+kEmywk5q0U7ok1ByyOXuxRcoRKKLTN6ThlHm3Bow8xRYQ1BcjnjhA3t2UgfOnu/tDRQJ5r+JNEHamH2I1hEsdMXR7AJmqybgSVjijnR8VZUsI5q01JYdGBEhISZtzWFsvWGDsd36FWR4Jt3p7RmNu+vK4h4TSd/NAsHAgYhwSqn7VEhGqfSu135onn4hI/993/3A3LF2BNXbryAQ6SkDVIQknLy5fAF8CjIY7YxPB4nfr/xgjLqwNalVvyUPDhdGYmv1rLfbGaaL8NyGmlcky1BQtwWeTc4xvLG14a0zuiTTq+AELY8WJJCTZ2oys4+R3GVgbPR9KtnNb1PQ4wJ243hHMAhAuwIMWIGa8T1pPisYj1tVD/dRDQP+MhUnIN0dqipMq2Htu3yro9054AgNa7JrVN+/FauuwB6BGTR3dqDDch3Ocldoju2ALctLrfHtTmzSN45fkS1dFR/ELf3El/owE9Z8apgofveHBdxmProXRr3+nNsAMGZR/ov15ePrcJws5oxxPp5P0ZHNWvOgccjk4ZAtrEU+CsUdv82ZHubxQpErE5pTtmTZ5wYziFDHU9pfHcQzgWczWV/qvyKIsh2HSxSWdN1c5uGtF7bWyAZfLc+lnDXBHz7AfqJf6FHNmsnv1JYHgGeawt4aaxV9USIYr4gAgX+ZBankU4wcPVU63IBh4vj/2eQrXN0zCD+dMWLuvTvQyO6l34eV3jyDgHG4DGQqvqcVZ4Mk7ZXpVcxJMRs67A6fozVBy4eD3FIFDjU+Tb+lqF0WLBJQqpR/LkJwS5iUY6fUQ1o+BUmMlEdet+F1OD1JaQ59s8E9+D5wIcPcLSt1oxBkMhHj+PsRXyjDdEWNF4VV7dtsgOeeMY8yIyJHTvREiEKuN87Il+PKJ35uRWY6+Bo8N23VGBXDu9h+xt1+OcE1EbZ9jPhEa4usnU/O2OM554QdPYu9T/AUDBr4qn1Hn8CcT72BRawqBB5Nl50f7ZVC/gFSQBSscgPdRt9bEaIl9cos+wjdno8o6jbePiFjLXFEVGSVSrtDYVtuIUWvaurnZRVGVFoX5iUmYPfJEEka7rc5HCkKof9HCvADwcKXIE1o9QC3+G1qKYF9fzVT9GSUOui8lFjjL9WnrDLVx4tDT2NjSJqJMkJisc/sndd807Z5yP6g2c8ulGuHqx/n1/Zk0XNjN1kcNIu4iF9YzJ0TP2mkBh5mUyLNUmJ8Iw46EWWFsDPjafX3mEe34X0D4RoOFTR5aKl/+zgQOO8t/YXxJoQDrGFcaQHu0qsPyeUoFKwvo2c/IeKvzBTFnU4njXhJ+0Ix7SR8CoVXXYZl+SDGhcl8uosK5qCQiRQRJHi8qxfuMoOmJmtD/FbpWB8asFPRVosvHMrmho1FnKP30DFOcVs/mzxMMfO8IwNyuSqhwfr5Oc+yEvwuYTpcZwa+ili68bAiBWczlqv3MG8RZWxJueNXfq9KWbFel/+3kx4E/Jpmkm3tpEzUZEK9ozYVffRDNqKcQjq/n4/EoxX8w04S9Bid4aT40VQOFdg0ITRs2PpRXnFk6gRtCVHBWkmSUNLPMs4XibnFNmnexvlsm3clIy0bDjhZvcvXtVf1xZducnB8d/IpHvbbciXQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:00:07,419 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:00:07,419 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110007Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_fcf72ab07c0cac49bb1c0cd4d7550deaed1c7aec1f|https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_089dabdec96cdfb23e9a71a26e1fc807|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxCZDFFxPtoIX/Lq+jt00RzntZfmp5oOnIRxB6xWna12VaS0GUXU776jUSRVR8RUfPOGXdIrtR1dKzCApE9hETmnP6yWIt9TU4ISblZInqDhu/Cb+9OdrL7dq4bQsfCSnwlL6ilQOsxq6MLOWeiWDO4qKZ5nfVNIQS9KQ+1z9DkrC7vx2PsEpwHesYhK/1294Z99cdrg==|_5c128fb124ecdaec34c204301ad9d8cb|
2019-12-12 11:00:48,500 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10259-ximOUQgkQ2hTDIJc3T3XkHNtTPUS-PB5
2019-12-12 11:00:48,500 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:00:48,500 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:00:48,501 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea"
    IsPassive="false" IssueInstant="2019-12-12T11:00:47.166Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>x9+qHEHGtg9SFMLYSjHKXYvThV5/sunFcnEgNSlurQA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
crItwr1JAuZiMWPW4X60VQcYHihPuojvK0FMfFqnODYu+fTSm5TIX4/PfofmxVgUm4+JV+SHYpIa
M1f1E4ig/IHSah4Eg5MJUYljHuuxjHR4arRhklOEGV8XW42kxMpcCFihl9fR7FoHULL81Q80sdTG
NpGM5aqdPuPpJDRvGILXH3hZCMrqYTKUua+rcMvVu9zQ7MgpOVsrpzisMzwd8a3OwOGiBrdGl/h7
LtwCJZ/k0D8yErcYxQBoqr34tK8neeDLWbVAstxLYdtYteurqJ/xe4sJ/YsNje3X+SwTkKublfz8
n7W8KljNg4L7KrBi0pfq3XFab4h493pE16fGtw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:00:48,506 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-12-12 11:00:48,506 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:00:48,506 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:00:48,506 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:00:48,506 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:00:48,506 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:00:48,506 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:00:48,506 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:00:48,506 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:00:48,507 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea', issue instant '2019-12-12T11:00:47.166Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:00:48,507 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea"
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea"
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea"
2019-12-12 11:00:48,508 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:00:48,508 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:00:48,508 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:00:48,508 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:00:48,508 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:00:48,508 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:00:48,508 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:00:48,509 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:00:48,509 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:00:48,509 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:00:48,509 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:00:48,510 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:00:48,510 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:00:48,510 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:00:48,510 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:00:48,510 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:00:48,510 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:00:48,510 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:00:48,510 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:00:48,510 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:00:48,510 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:00:48,513 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:00:48,514 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:00:48.514Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:00:48,514 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:00:48,514 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:00:48,514 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:00:48,515 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:00:48,515 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:00:48,515 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:48,515 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:00:48,515 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:00:48,515 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:00:48,515 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:00:48,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:00:48,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:00:48,692 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:00:48,932 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: _c4f9a14ccb285b6f757163c9eefbc3f1b4acbb08db
2019-12-12 11:00:48,932 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-12-12 11:00:48,932 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-12-12 11:00:48,932 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:LogoutRequest
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SLO"
    ID="_f4dc05c560e313096fed90067e31088d445eb94368"
    IssueInstant="2019-12-12T11:00:48Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp</saml:Issuer>
    <saml:NameID
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
        NameQualifier="https://samltest.id/saml/idp" SPNameQualifier="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp">AAdzZWNyZXQxKQhiqnyEGFpIy66mRZQljD+1mtCvxREDZRa9g+aasDIDEPkDF9fRO+iWFW9x87EeR/YdLiFL4FSRn525NMk0CxbH/2W9oepFl2nhQxSpcCnapcNXC/xkJM9dTL6yA//Yp/4/nTo+cCZJd3uL5JWkBwT6nO82x3zItXe22NBZmSL/93yFvPDIqEkLkaU0T2eDnia/</saml:NameID>
    <samlp:SessionIndex>_880b07336de25b1b8e4d7e38df4478ea</samlp:SessionIndex>
</samlp:LogoutRequest>

2019-12-12 11:00:48,933 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp' from origin source
2019-12-12 11:00:48,933 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:00:48,933 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:00:48,933 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:00:48,933 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:00:48,933 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:00:48,933 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:00:48,933 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:00:48,933 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:00:48,934 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:48,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:00:48,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SLO
2019-12-12 11:00:48,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SLO
2019-12-12 11:00:48,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:00:48,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_f4dc05c560e313096fed90067e31088d445eb94368', issue instant '2019-12-12T11:00:48.000Z', entityID 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:48,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=tVNdb5swFP0riNeoMd8B1EZKQ9joaNpAtrS8VA42jRewHWw66K8fkFXqpq1vkyxZPr7n3HN9ry8FrErux%2ByZNTLBpwYLqbRVSYU%2F3lypTU19BgURPoUVFr7M%2FXRxG%2FvGVPN5zSTLWam%2Bo3zMgELgWhJGVSUKrtSnwkK5Zue2o2FTNzXPKTDyNM2Z9UfNdZFl2XjvWabjqso3XIueeaX2Qj1diAZHVEhIZQ9punehG%2F3a6rqvab7lZqoS9NUQCuXIOkjJhQ%2FAYFL2F1OCAEEc9EUUpMRg8GiABCNS41yCNL5T55dDsD%2BmqudvAjBnNS0rgTAvWVdhKqe8qUVDpMT5gbKSPXfTnFVT2ABBKl7iQQVUDDUlnvIDHy0AwUGFJURQwhEcPF0Ifgne5zwbWPfvGAXKsG0aWJKC4PrvBY3KfVWqkt7%2FI%2Fz%2F2leVkNUVlB%2BPwYAQdFGMob6sIRWkN6LOFwv0mu3WXfawab9sDuREu9WnkEed41RJtim%2FBxO9ksuXNlkFWQK95wmEIoiC1f0xCL0iuZuQXbjzWne2wgl4RDEJYytME2ob9vr2qC3b%2FWdg7DyGeVga9LBpU54vKeT5%2BmEJ2uPNrYe2sdMtAHjkwAJ0yyb5MrtBZhPbN7vj9Y%2BtQ%2B9cozVfI%2FmADWN9nVVpDDyzC1%2Fug%2Bi0OsZH%2BFXbGjigBIJf3Tw38NxN7qdYDIMcUYTb%2BZPranttZpoOwoa91%2FcutlA%2F%2Fi4qLGvmYniW%2BIP1Bv72cec%2FAQ%3D%3D&RelayState=_c4f9a14ccb285b6f757163c9eefbc3f1b4acbb08db&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=bCcC8CQb2LhN6qiRtYQhov9qZzh8X6GDn2iIlroIU3Eb4iR%2BmLmt6gFr8zjFwDqKVTztoz6v1qP42rTfy8BColM3Ll82pl5aun4GCSpflVBhPzLbPIC9wbixSHpC9WdmfD2PM6gVI2Dz%2F7fU1jGPn9onytB5IbKmrejF6%2FcEACtgj8VnyN8I88GT9d8OywzW%2Bu7k80fjGGA4tZXn7NmoCAJpdWZ0QjHSuFRxJt%2FZBcYGXF9Su69KxbC6Mau4YzbQ7kLZ%2BOePMYSATlU4Oey1tPnPGKLn%2F8HsfFonidpPDtV58V5DzmaHsGDWZb8%2Fyxw%2FqZo%2B%2Fvdb3OFN5aiGr6uzBg%3D%3D
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=tVNdb5swFP0riNeoMd8B1EZKQ9joaNpAtrS8VA42jRewHWw66K8fkFXqpq1vkyxZPr7n3HN9ry8FrErux%2ByZNTLBpwYLqbRVSYU%2F3lypTU19BgURPoUVFr7M%2FXRxG%2FvGVPN5zSTLWam%2Bo3zMgELgWhJGVSUKrtSnwkK5Zue2o2FTNzXPKTDyNM2Z9UfNdZFl2XjvWabjqso3XIueeaX2Qj1diAZHVEhIZQ9punehG%2F3a6rqvab7lZqoS9NUQCuXIOkjJhQ%2FAYFL2F1OCAEEc9EUUpMRg8GiABCNS41yCNL5T55dDsD%2BmqudvAjBnNS0rgTAvWVdhKqe8qUVDpMT5gbKSPXfTnFVT2ABBKl7iQQVUDDUlnvIDHy0AwUGFJURQwhEcPF0Ifgne5zwbWPfvGAXKsG0aWJKC4PrvBY3KfVWqkt7%2FI%2Fz%2F2leVkNUVlB%2BPwYAQdFGMob6sIRWkN6LOFwv0mu3WXfawab9sDuREu9WnkEed41RJtim%2FBxO9ksuXNlkFWQK95wmEIoiC1f0xCL0iuZuQXbjzWne2wgl4RDEJYytME2ob9vr2qC3b%2FWdg7DyGeVga9LBpU54vKeT5%2BmEJ2uPNrYe2sdMtAHjkwAJ0yyb5MrtBZhPbN7vj9Y%2BtQ%2B9cozVfI%2FmADWN9nVVpDDyzC1%2Fug%2Bi0OsZH%2BFXbGjigBIJf3Tw38NxN7qdYDIMcUYTb%2BZPranttZpoOwoa91%2FcutlA%2F%2Fi4qLGvmYniW%2BIP1Bv72cec%2FAQ%3D%3D&RelayState=_c4f9a14ccb285b6f757163c9eefbc3f1b4acbb08db&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:00:48,935 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2019-12-12 11:00:48,936 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:48,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:00:48,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}SingleLogoutService for outbound message
2019-12-12 11:00:48,936 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}SingleLogoutService
2019-12-12 11:00:48,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-logout.php/test-sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
2019-12-12 11:00:48,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Request is not a SAML 2 AuthnRequest
2019-12-12 11:00:48,936 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:00:48,936 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-12-12 11:00:48,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Inbound logout message, nothing to do
2019-12-12 11:00:48,937 - DEBUG [org.opensaml.saml.common.messaging.context.SAMLSubjectNameIdentifierContext:?] - Ignoring LogoutRequest, Subject does not require processing
2019-12-12 11:00:48,937 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:00:48,937 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing secondary lookup on service ID https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp and key AAdzZWNyZXQxKQhiqnyEGFpIy66mRZQljD+1mtCvxREDZRa9g+aasDIDEPkDF9fRO+iWFW9x87EeR/YdLiFL4FSRn525NMk0CxbH/2W9oepFl2nhQxSpcCnapcNXC/xkJM9dTL6yA//Yp/4/nTo+cCZJd3uL5JWkBwT6nO82x3zItXe22NBZmSL/93yFvPDIqEkLkaU0T2eDnia/
2019-12-12 11:00:48,937 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 7b58231f280d0e8f18c0ca96f9efd099c1d84afab06713cdee12d7428034fd90
2019-12-12 11:00:48,937 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp in session 7b58231f280d0e8f18c0ca96f9efd099c1d84afab06713cdee12d7428034fd90
2019-12-12 11:00:48,937 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:00:48,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:?] - Profile Action ProcessLogoutRequest: LogoutRequest matches IdP session 7b58231f280d0e8f18c0ca96f9efd099c1d84afab06713cdee12d7428034fd90
2019-12-12 11:00:48,938 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Destroyed session 7b58231f280d0e8f18c0ca96f9efd099c1d84afab06713cdee12d7428034fd90
2019-12-12 11:00:50,940 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acornlmsdeployment.pursuittechnology.com.au/login/index.php?saml=on
2019-12-12 11:00:50,940 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-12-12 11:00:50,940 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-12-12 11:00:50,940 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_139b9ea1700c42f6b814c22b3ca46cff7bcfaf11db"
    IssueInstant="2019-12-12T11:00:50Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</samlp:AuthnRequest>

2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:00:50,941 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:00:50,941 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:00:50,941 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_139b9ea1700c42f6b814c22b3ca46cff7bcfaf11db', issue instant '2019-12-12T11:00:50.000Z', entityID 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=rZJNjxMxDIb%2Fyij3TiazZZdGbaWyFaLSwladsgcuKJN4tpHyRZwA%2FfdkpiDKgT2tFMmS7dd%2B7HiJwprANzmd3AG%2BZcBU%2FbTGIZ8CK5Kj416gRu6EBeRJ8m7z8YG3dcND9MlLb8iV5GWFQISYtHek2m1X5Cu7WfQLEOyuaeS8HW77t2wu27a%2FkWJ%2BK4fhrpeDGBhTPameIGJRrkgpVOSIGXYOk3CpuBq2mLG2vCNjvGn4m%2BYLqbZlGu1EmlSnlAJySkfIVAK1VlSrQMsQgzZAR8aWHkDpCDLRrnsk1eYP7r13mC3EDuJ3LeHz4eFvQSF9dMaigmD82YJLdcgRs04J5Ml545%2FPtfS2FpmitsHAiECtV9lAHU5hQqJ4se1MSJy8I%2BQMA6n2v9f8Tjul3fPLG%2B4vScg%2FHI%2F72f6xO5L1cizMp43F9etjW0hCiSSuqZf0uufycmWfCu1uu%2FdGy3P13kcr0v%2BHYTWbPFrNhimVZ4cBpB40qPI1xvgf9xFEghVJMQOh60vTf695%2FQs%3D&RelayState=https%3A%2F%2Facornlmsdeployment.pursuittechnology.com.au%2Flogin%2Findex.php%3Fsaml%3Don&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Uf77NDlmvOi137qgdaVxrnAprzB6xa5yUThpEXfQiS%2BxWhdu0fYcytoZAeP304UwoCbPtBrvYYM%2F9K7S0RxTipQE%2FYnbEbOpA1mK%2FDq7nP0z05itNKj1cJjKFzAfsVlk%2BUtgZCpqDjK%2F1RjPO5YU8DtIM%2BzEa8m1TvJycxWBPo6gQ5KXlec5%2BlxIbWhmF3t9ZxrGdk1Ly1eEsGgrHNO1riaHur58gAJ%2FhUlqU76EnI7aqLF7RDNR450FMbMr2PCa7%2Fb8eUES0GO%2FHbGAmoHru%2F8QXfLmYmQ5qV8f1eyIEAwoD8JscgYLiYbyiQnbOAGatn5bq5CBKPZDg2m7J2%2F55g%3D%3D
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=rZJNjxMxDIb%2Fyij3TiazZZdGbaWyFaLSwladsgcuKJN4tpHyRZwA%2FfdkpiDKgT2tFMmS7dd%2B7HiJwprANzmd3AG%2BZcBU%2FbTGIZ8CK5Kj416gRu6EBeRJ8m7z8YG3dcND9MlLb8iV5GWFQISYtHek2m1X5Cu7WfQLEOyuaeS8HW77t2wu27a%2FkWJ%2BK4fhrpeDGBhTPameIGJRrkgpVOSIGXYOk3CpuBq2mLG2vCNjvGn4m%2BYLqbZlGu1EmlSnlAJySkfIVAK1VlSrQMsQgzZAR8aWHkDpCDLRrnsk1eYP7r13mC3EDuJ3LeHz4eFvQSF9dMaigmD82YJLdcgRs04J5Ml545%2FPtfS2FpmitsHAiECtV9lAHU5hQqJ4se1MSJy8I%2BQMA6n2v9f8Tjul3fPLG%2B4vScg%2FHI%2F72f6xO5L1cizMp43F9etjW0hCiSSuqZf0uufycmWfCu1uu%2FdGy3P13kcr0v%2BHYTWbPFrNhimVZ4cBpB40qPI1xvgf9xFEghVJMQOh60vTf695%2FQs%3D&RelayState=https%3A%2F%2Facornlmsdeployment.pursuittechnology.com.au%2Flogin%2Findex.php%3Fsaml%3Don&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:00:50,942 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:00:50,943 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:00:50,943 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:00:50,943 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:00:50,943 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:00:50,943 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:00:50,943 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:00:50,943 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:00:50,943 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:00:50,944 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:00:50.945Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 7b58231f280d0e8f18c0ca96f9efd099c1d84afab06713cdee12d7428034fd90
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 7b58231f280d0e8f18c0ca96f9efd099c1d84afab06713cdee12d7428034fd90
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:00:50,945 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:50,946 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:00:50,946 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:00:50,946 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:00:50,946 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:00:51,137 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'acornlmsdeployment.pursuittechnology.com.au'
2019-12-12 11:00:51,137 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:00:51,137 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:00:51,979 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:00:51,979 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:00:51,979 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1925750657::identifier=rick, context=org.apache.velocity.VelocityContext@7d7c8a3f]
2019-12-12 11:00:51,980 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1925750657::identifier=rick, context=org.apache.velocity.VelocityContext@7d7c8a3f]
2019-12-12 11:00:51,981 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7a7acf466d4dae933dc4ac8a608effae2bdac093c66dbe4b22acc1f27e058f40 for principal rick
2019-12-12 11:00:51,981 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7a7acf466d4dae933dc4ac8a608effae2bdac093c66dbe4b22acc1f27e058f40
2019-12-12 11:00:51,982 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:00:51,983 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7b4f5981'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:00:51,984 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:00:52,342 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:00:52,342 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:00:52,342 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:00:52,342 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:00:52,342 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:00:52,342 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:00:52,925 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110052Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684452925}'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7b4f5981'
2019-12-12 11:00:52,925 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:52,926 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:00:52,926 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:00:52,927 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:00:52,927 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0f53c362b8867abcbd0c67cdc6cf07a7
2019-12-12 11:00:52,927 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0f53c362b8867abcbd0c67cdc6cf07a7 to Response _f5e5b13403257cb057ab9693f09675d6
2019-12-12 11:00:52,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0f53c362b8867abcbd0c67cdc6cf07a7
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:00:52,928 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:00:52,928 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:00:52,928 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:00:52,928 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:00:52,929 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:00:52,929 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxUALq8Y3fvRu8okTFUBscLuuRAnFLhb0pqHIpyZqduLWApyuIchAt7g3yX/D/IuJucKQjRzMhnHxpFYoFHhfYOdJRwvoIPVQ5o7G+2pDYcvptmQz8nawHgHkP6vpEcuhNhmVsnmYJX6RYEWbiYbiU7NMw5I119NE= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0f53c362b8867abcbd0c67cdc6cf07a7
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0f53c362b8867abcbd0c67cdc6cf07a7 did not already contain Conditions, one was added
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:05:52.926Z, to Assertion _0f53c362b8867abcbd0c67cdc6cf07a7
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0f53c362b8867abcbd0c67cdc6cf07a7 already contained Conditions, nothing was done
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0f53c362b8867abcbd0c67cdc6cf07a7 already contained Conditions, nothing was done
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:00:52,929 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0f53c362b8867abcbd0c67cdc6cf07a7
2019-12-12 11:00:52,930 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 7a7acf466d4dae933dc4ac8a608effae2bdac093c66dbe4b22acc1f27e058f40
2019-12-12 11:00:52,930 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 7a7acf466d4dae933dc4ac8a608effae2bdac093c66dbe4b22acc1f27e058f40
2019-12-12 11:00:52,930 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:00:52,930 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxUALq8Y3fvRu8okTFUBscLuuRAnFLhb0pqHIpyZqduLWApyuIchAt7g3yX/D/IuJucKQjRzMhnHxpFYoFHhfYOdJRwvoIPVQ5o7G+2pDYcvptmQz8nawHgHkP6vpEcuhNhmVsnmYJX6RYEWbiYbiU7NMw5I119NE=
2019-12-12 11:00:52,930 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:00:52,930 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:00:52,931 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0f53c362b8867abcbd0c67cdc6cf07a7"
2019-12-12 11:00:52,931 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0f53c362b8867abcbd0c67cdc6cf07a7 and Element was [saml2:Assertion: null]
2019-12-12 11:00:52,931 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0f53c362b8867abcbd0c67cdc6cf07a7"
2019-12-12 11:00:52,931 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0f53c362b8867abcbd0c67cdc6cf07a7 and Element was [saml2:Assertion: null]
2019-12-12 11:00:52,933 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f5e5b13403257cb057ab9693f09675d6"
    InResponseTo="_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea"
    IssueInstant="2019-12-12T11:00:52.926Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0f53c362b8867abcbd0c67cdc6cf07a7"
        IssueInstant="2019-12-12T11:00:52.926Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_0f53c362b8867abcbd0c67cdc6cf07a7">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>mvzrnXXMJVsiNiGItcRjD536ygvZYgEq1jBY3HovwZw4cH03B9N1eEBX7uRSm61HSpsMezmk2bvA9O8qHmEmEw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>EXHq5OKcApCCKI+zH4uDFwcgEN9Y4dn4jhyHmjUsv1ZctcJEh5M+RZvsxzjPyJIzaLXKGmMZNCqHhjJtrYurCgM6AF7y7+YnOeGqmsNTrvbossQfpG4ASY0NtgqSa2ZrVpsDw4fBZMh/6itYH/nb/6Umgsqf9poKxL4fRb/qxt9ocbPB6M7RHpAjytcOz9gWpNLXDWgZWmDG9myZd0qDZ3HSpRL6UJZzJ6xyaIwuZloGscsIqWzf3gcr7RM3Uk73H/uzbWrvxzIf3DfWR74IW4SUdigq5RKHEM2Yz4iuHRivqmSajF9GulQuDJDJ/ZeKn0KLfDJMxj80DafevGK/Yw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxUALq8Y3fvRu8okTFUBscLuuRAnFLhb0pqHIpyZqduLWApyuIchAt7g3yX/D/IuJucKQjRzMhnHxpFYoFHhfYOdJRwvoIPVQ5o7G+2pDYcvptmQz8nawHgHkP6vpEcuhNhmVsnmYJX6RYEWbiYbiU7NMw5I119NE=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea"
                    NotOnOrAfter="2019-12-12T11:05:52.929Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:00:52.926Z" NotOnOrAfter="2019-12-12T11:05:52.926Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:00:51.981Z" SessionIndex="_37fb3727ac8de5c01a9392e8d957f897">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:00:52,934 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:00:52,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:00:52,934 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f5e5b13403257cb057ab9693f09675d6"
2019-12-12 11:00:52,934 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f5e5b13403257cb057ab9693f09675d6 and Element was [saml2p:Response: null]
2019-12-12 11:00:52,934 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f5e5b13403257cb057ab9693f09675d6"
2019-12-12 11:00:52,934 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f5e5b13403257cb057ab9693f09675d6 and Element was [saml2p:Response: null]
2019-12-12 11:00:52,936 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:00:52,936 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:00:52,936 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:00:52,937 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10259-ximOUQgkQ2hTDIJc3T3XkHNtTPUS-PB5', encoded as 'TST-10259-ximOUQgkQ2hTDIJc3T3XkHNtTPUS-PB5'
2019-12-12 11:00:52,938 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_f5e5b13403257cb057ab9693f09675d6"
    InResponseTo="_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea"
    IssueInstant="2019-12-12T11:00:52.926Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f5e5b13403257cb057ab9693f09675d6">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>zlWRjsL8Sxx91zO7drJ/Gciwbo6qgDQibtNm4h09zktGp6mJ0d34pDQhez43b8tBHk5Afs37cSsYVgeIZq9fnA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Etj3Ira6mSfs8gRir8uHJqVwhvPd//rdROkYDTcid2pHHlEEgWK7wCnoH04KUTuDqgR+7axjw7bgtcEXTLE4PomunZW2548yDbGNFfl25h5J/HoiW1HIN8RLLiIojuNX6A7Fw9BILZN0fcppdTIjlLUZ92plV04Zvt8v1OQbJnTTPKtdoW/3r7txIuzZg2skI0/v97uwqjXae4U8n4RTqPyi2jCqsY02+1u1XkJ88HfX4c4CCDITgmf0GFXYqPd+M9SS2EmqMyuhXoRNUJofXV7mDTAHQDXqmLWC+483SPaC4XgyUpAEX6yAwPZVYixfxV1ccRZDVUnfP6IpKRAgMw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7d592ef7d7cecfb8c86aa7a2df1d004e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ff982aa3b88ffb22b099570d521d737d"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>lLDatVWQjZ6h84H/HPGC6+q21yOb4om3axa5jUTmFt8fGQYKM9xLlCRdi93OBKapIH00nHxvTdKWnsT5mA0WeDUVHF8KY11hoqmcVwqZcgrRnutg7GVdWNulMBCc52o5QrQX4oTc7qCRBjgVVgZx5oMdvHbXmn1yYqijNlNH8efQZQDctjsqlq5TiPoGQdajmnEGBEjE/ybCmQ8SS+v+/pZk/P/7CBae9lApokAsQHFTte4LLrnIA19sUcpgsLv8DGnvJV3YEBwquDI6Z7ih36CmVnVQGinHVtN3n2VgYDvQZXwT2g/8wrJDeN06rjF6iRbaVPL2AHivMdZkMVd6SA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>IZVdSKPc7GC+JXSafcYw5AcD/SAbEv22tjFdYjdpFshvtPDFsI7qXCB4bgHSzEeQ9VSptOtdvPZFEK3Fv+b0WBuEX7xHLars6vXnQU4PkKAZjYk5eF0ytGycJqxKrcg0glScLHtulQOvKjDSvPrea/wP57Bw+b9+VxH1dGJzFt/ZmSje+2o6x9yBylVVrTM66lS4+RgYrWgVgFkZCM3Pib5uxfjGOyuXuoYeYscY7+1PTcs+5HWn82yZRptrcI5jKRRLkiWz/Cn0CTdV3hfQoTQJdF9/QEBacSfcym35RkG117eK63Em177TU+O7ja6sK7p1wCxjAsl9uz5tocEybSOSgUb0wGWj7acqXTfC3eaP//qQ5FhOVLUY4qDJLp73tNYTM1iRrChMknNJEPobBAnRDy4RfQlfOV7bmrVkUBfBoigojZRfrs7i5E8e91+HXN0tHUn0cjWQd3YfRjXJmODmsrb1GJf/9RGqlvlbsmTK9AmKDdriPldKqhBkVHtUcID653+DztdAR0nvExNnnJ1rURVa9odBRMi5X76WVLlG9PbyOt2j9l+d/xT2osRA7+F0BPHl5FyDNGbQBSgInN/OW9LySuaIkLWo2cK3Kk5uLtPmUhond5FfgWlO8hq3VCi7ks6INBCDGg66CQUd9FXMid35JeR/HzEYua8R9azc9leYz502HXBpnOh5bPER4O+gMy/wHeegm/R5WCBD31j819myItw0G6O8rWJ/LMeE2nqtWa9nvj+DhN7wluBC2xWnJIPfDpEkmNrnMI2s3MTGiyiAABb17PSi2zUl1qmQa8+T1UL8FmouY9oKU7Y96IOBQKQb+xKgvKNhChEoXd8dsg5EoQYq/s2KzAS55z6Sc8BAmkxz/B8mFNWEoKfkiUi1u7rt3zIDvATKtiQiccRLwJP3+A7VeO/5HqmU7NsJd8vlGUo5mcf86DgX5oC2gfSuNcbcDPjIOfzSxHMyKl9cQrCE6qDLQVz9UNSF1Mmafd7IfEDVsE8Tx4k+INtpRpVvtVB/n/BvvPrd6DyilNsTdVAND+/4HxkIqiHF8dfxm2BWqMDkM5TPfnphcSgU1vxDEsG4qlVm3m4HLD+DtWMZMRNJQHIcaALtUh059baDgFwbEKGSygjGXHgXpdgRj7TwpLDNtfg7RkHz5kBPiTHHpG5Y8h7crE8D91MVdO9XOm2VjWfJ1GIC9Mj+PIN+fgkXlstB2wcuMA11L7WjzWAoOI4fBrY7VQeTMMp56yRyPjP1YV6TzAkrZrUAaXgRPSvanyad207Nkn12PpRTTZQ9Ia4U2b7hWg6DjgcGpWVdnhaoqK29VJgYh+7wnzjSrroYB9eEf+W1wdGBqGDWsUG4VsIyUYg7HSHwbAVs9H5/hwDzkQUdT+LYAZOKWycF4/SWX4+IPYW6Bm9Yr/bK4m6OaF5K0uY5xS4KC1+EuPyhmxgC8vsfDqT8v1fMYflMCZRuCFRVt3y5jE6wnrCo2eCRoVgTWiDhmBpPjhzWuaTtPpCkPMQqTaskdEyPwS7Q2LH0z7erx34V4Fll2y/evuhwtiT3MExHIBhtqK42AKebTpja9rUC4T+dbnOEztzVXN43R1WVb4e4J/4bfRLpmGsniYTdL51vPPBueoBa3nR9oO/Gpw3/m3Tkxwm1AGaPfQmUugOJpJiEmYvywRjrCfiRCNJb0iL9lSR/3q3/5zvqeXHcK+EoTO68gzAli+DM9ilvYsxQ18r20Vu4HbJ48yrSue1wM2h5hLl/XK3s+Yav09hlziKMk0H6Kb68Ak2W4Tw8o1vLh1KiSdDhkJ1SkPS0z/QzDYLqVpWvZDu9eIYYNDTiVl23ia2dIZBQGXL/PuyXqduP6mVNGAcTq1SdOSGbjaO9dm6/v/TVzBoDPILxB3zOIgWTSHuTR41ZLK1pwUf9bf67XoYW1pBsN5D1ddXfR5ir+tGczu4KeNXaZbA9whtONzvrJgKX/GfGW6wCV0GvfEs3gSlfa8wmHmw9jj3aP31TGwoYRkN9yt7BLBMroXoou5i6Ycbu8G7p7yVBkcikm0hCXqRqV4sN/RpCEuJXg2XH9Su+4RCLKsKtUVXK1neEiJRtD0ya2lYc7MXQswX7csheHeMwub3Jj0Dkppk2IE4QSkufggx5IInwYzD4pnoRfWaXIql9wmnqgWyvBL4iwfJ6zZ/zYRB/DiE01lbILQDQKR74Mv5m31yMQ/eq53+J67tcLJxAEw7/ne184fRsay5/YWQY+nIm+MIjX98hePZ4pkLEP7UVjs4FXYiY8J43U/qCn1CMxtMLXc2l+Zx5izOp3R6oCmnFqMuS/Y1cwEyERAvGNc2AFilLCdOuICZlgDHWJF0NF6enlkD6TUdVWli/0fvPVwH3cBY9J+gFOlEYwpkvvdoFSGJaJKR6tc02bLs37KTNGB0isYsi9TT8IJIMax0mpUTIzySKi/mUT4u6LIEKpaeBYSIRRm71G/Ozvs2lJ107SWXKTEMIOZnKf5pK1qQvC1GRDtYMqkXZKoyuEl1X7XzxuJOreXBuJcBduieMM2yrPq98Plib6kdkAcbWTSVb2PLoH78Vag8ICLfH1kU9o0NfUs/HSsCdLhKDf1QtlqUB+XvNvEvnf+YhoLPoY2piNzKWZte7MgwFKZmEDFfP5K4cmiS8VnATPCMkC/VoHlDuZPevXZ6F3VeolfiKN/lLllldVYW8qM0p6gUEVKgyeQsrkcya3Jv5nwAthBhwBqGUjtIzrlrydX35VftsaD36oa/zBJ+F9/Y7qv4/XVsTAUOKxD471s6etMEXd+nyKyj4BgRgDMXZIsGtE12bz2I1IzvUCuW8pEQM92b+OY0HtpSe7TBXbM6AmWwRFthJGWtdzFwM2JWTOR3wNQnnb1DHW7Mb6en4QpER8gviaupH8117DFV+6MFq4PSm/98d6502/gTik0UD0lvfHQWooDS1Xyv+ggzVWOR4z3f0MAb8cwQFDXEWJgYVs2K0d93mgCdxUd6KyHUiawnZPQVo//NUjdbGRTQv0oZ0Zg/kOZNNCeuTttqoCofN4lshuz43m1P8GqoF1tHqP9awrzmLykHJ7HofsS80SpPHGw93bwBA12lnfUEkzfyurEgn3O3GnDrZGwIVUYDJoK45T7Vw2tNjtxbveNYW9/R6cZRtgTRQILG97O1i0G7ZRqIvh6dQCAaRiWcIb/58i5YI+CSzkDDq5wlwJ75VDYFKQicMJ0cvHLArb6r9uBCpmou8HQtFM9bVKZUqx9fCpydsJQgc9JDuS7GS7mElXhue1WGw6ojO6m8h/d3h4G+t/6JPbraQUxqxpScda3AO1FX9P8VLUqzqQF+Ge5e5WoMMGybuueRYpc9MF31+ySn1YLOWoiVqvzlNEFFvfCXpGdrARGjIs6AlBI/x93Rm+mgPiTjOucBVdgl8UMBs5eNWU5M/P0fG309eETje28A/INwMoYgmQ+q+OLUStXcSFdZ12V1Jhge0h4bMV4Ji/2TwJCtHPkcRUs/wuFsbnfyB1OQNsmboo/Mvr0fSDaB37TQLgdfRAun+o0w5kHnz+3n/R51G3FUg9Gto1FKs24Kt9Ef/Qcoib9/LE7nAjlgy+ghi9zY0u4YNedMrbou/rl9kD3VMM3yxXkOJbNcVR+lKZNdW18VfPxm0CuhwPCZfZgvHOix4ECeCJC2dBUgBJxKKcHkkWuPVr726mGGvESrbjY6JwFlPnvaiaCGFSQPYtdKsM3L/0Ot6hFQGvgipZv6BrM5MPF6RxC5noi+wInrbAHdql8NCryuLhGOkpSvqUzwVF78O8XCXtPzVrHN/uKXcKRWScupGBACteCm/aF9d6R3wT5QCQyxV2noEDo8a4TqYKZmO2d8/dOvTdzMLRe2HiouvplPy+wBUO3swu8c0g5aJFUyQVvokP8M1ODiDwRKznRvy5Gj3MJG7sK7Bw8Sslxn4JXjKxnJot1RhfLLwJFXC69ST6RjfLhXjDk4e2nuGUttbTay2vfiKSVp7n6em/ICQx7XyBovGqQkBE6qfRSCWN8KI8yCIOsbF7oxuIXhSlSIT5n5oU7laLOYo1EPdtff9t9+X53NUbJ8cpz76IA5PkjlNaIr8cGK9TQY8R/ecncyVAV3m0iBHajrWwiu/GpA4N6H84TkZdAEUYk1zKcw6I3956AZ1wN4HrWl7VkyG01eM8cf+5jl0pVDMuLbo/NdsjJjSD3Goh1ejW+13hsFeQ6/4nEa6S1NcW0MyQtyxx5OuAVFPhOlpYF5rzMm7SE4aJYoEf93kok5gsPdnBAK02ZPEr4WhXKAyN27BK2hsrV9raGj7wg0nFLhJJr4ohwyUlrNlflvMoGdZwCR7Z5UXdXIS+QtxEU8d+l1dvs70gn0mEiR90CCxUoH11J77sWN1moWQ2qFtcozhnJG0VIoo7G3Qe1pbsE99X64vMGDoDqcG8DUR9LT5UFEYe5kD/n+VksERdUyHHkXCHGTCHoAr81jkOGMapAP2ktQJYHKnOEyRA4umOrXs2Q9R1qmzm/+dY9TfC/nqB/aWxWfkqda7VGGdZeH5YLsWfBO8MaJ0b9DEBhVB6WT+YZCjmhNVEcpMF2KzXfNORKEsMJ3RonL3ra7anKgEzS88cjWabScw45CnwHGxxqCPFc1FRd6rAPjyEw58k0UXTQxRYsNbM2z3cTiCkjMoqmkvqbtXOiBTfhl6myvOZqySOMHohXW57vJrFRjFVDYZuGCWsdQVU6TPzjMdCrwCwMBwvYeRkeovr4EaJcRyXOAAx/3VGHqOKfmrhRaNDjrym4LDZcKzKIij8wm53Ed2uZw5PO7oO7TB2BUBQqsEowVX+L0LdGl3vVXvYeWMpO54Bqv7C+v1cIT174GJ8ZZdtPsnRTNEQNkgr8+G2mAmpluLA63smLLAeb9mJzPlpVrsffJ2NnR0fo0bFrCz7veyjV251avIm1P5pfov4rachFGQqeZrQfXHaVKiUuI53NAkiPv97RDSlqUqf0cYDePDmVYFDxyx+I7XJWGrMpjFvhYP7Z7UXGsJsa2RekII6pSQ1yMhJFVO803Fn7c1D+LevAS5LtFrzAJeOGXHtFld+m0nAmqzBi5CQ87NEWitA5BpU9Vehouw8BMs5Fr0Q4uwaP50hNmabyGjvKFV38hKtDaNoV0c5UU4/M6osIaif0tziQvEBrUA2Br/STMxgjN90EBjBxRSdJLyDZquh+As8PeUrQmcbyEsW/x1N5gb6msmOr8KHzDncq7H9vHolskm2y7e+aIpCM/ZXTi4KsDU0fBqlwEbKhqqEvU/kt2+HqG+yPTqw8jCTMllitSi7kGRk6nEtzhG+z51hO7f+WZy3Cz+K79gin8o0nCmdA9nQx1wm9CzFh1Xmsp2uEFK46SD1ucC2dj+GrCk9P4F9X8DoqQWbvrADdgAy9B21IUrpER2Xd5GRRMPQAaEEeSV5aSyQXF+A68XT+BjTzCu82+FQvtBCR43zwOUpwFbqHNJVbTLO0UnuA8hEpa8Aa2CqtMp9HjvrBE8uL74H0Ui0fP/hQKLoyW/5+2mpszh1XiNEtW0999kQhZ1o8fyp6SgIL7W8JJfChbYPl8xyhXdGDtQILuIIY/K/yWfgHaYBcBNP/tOrSZDSsrBY9BNMz+dtSSIgJ3yTqwuOEZMYNU1NmEmnN5sfFpcevHPr1+UlKL+ZsP1pf9uwF63cadsK9bBa530PFVifAlVG/seKsU7p7gfYXb3jzyJgJ8honBAVReC9WCaRKOL6A1A5wnvBBXE27/3ekdl00Docj9VIyZIf68Nj6nu5PqfBiiRn6hSUJGGJ5tjd9g8WhMTRNEVagQYnqVy62xcvPbMBD57H5Rke2lM8LjHF5tOUge+1/Srv7sddaTZ/7en6MfLyvAYU06yrlQqZU7Ezgig7jyAO1oTbm0l5ojkrYQW7xagchOcNb5DWe9VO/Il+04F0HkZ2Gtmgiu81yGR2RrI+Fr9gjZtKqBM5h2pgYZsGytXntYiymBnu4e4C3z504j7+ZKmcT/zk9L35lTn9Oe36jLynzu5XVap4pDcgebKccIMUj3+oQkO5VA/f520+P7txYyRcB6V93iflFAqTtle7clEv0cQKKuTX6U1lhyUY8pU9USuVDLkY3qJ6M7oS7oKuzbhH/Z6jt1ewfnVlOkBYiBGOigrq20WcZARESk/ClqPXJ3/QCVBKk55STdXkXOUxpkdPO+IiOS/UAHNl7Ag1l+oFs6vOkOAvdpPs7iNwEmczEfeB2yyYFeIIkKaefuBUjPUsEk21IjP4MkvcAsD8OVeUS6btfvO09OL+TJo5OCJk4gPyos2mYQStw2MfcYAOZaqUpQgpEs9Z9CLIkjJBkSC1rZOfZTpViB1gdXjX11Nx5ef0a1z0KBpVQ6WG1dxu6U4eecoschghavPWGCQX9ylNoRaxKuJwdIsdoiO7y2bIm/O7/gamyQAV9SaGkYbsPtdd/adGuGkGKche6oGEAfVADeGQds8xpWyX96x6pXEL1x6wxOsqlsUYQxsymrBzjrEwLl+WOimCzydEfCC5Yquyf4vyC5xqXr00PhkQ0SJh/aNV5dB+6s9LTO4dAIAwoQXBlXeAttaacZaR/OrKAm+gsrFRsuPlID977OEE8n1lV+qUjDIiLavUWVl8BRFRqHmuDUUP7KEAiujJeooSolxN0N119xQmr4Bq9uAzc7XIGCNlH3Tq6YBcqJ8Y0RBn9N43BTr/1RX8Epw84r/XlW6I/Tn5i3XJdZSkQ4j3SQj5HOrsSOoEHr9SyrcIPoYbaznhl4yFGkqu60Ht7pbM+8oCVD5jSy0W0w83Cl3A4SYgjdxXwzKLODqcXop7mpoo0XftK+CfoBQTgB7iSLogzovqQKIx+cqhMBVl2koZeTLPS6RnWpXKeR/TqZ+7TW3Jf8ldT1YVn/hyWddNf/4oPfyRTS/ZNuR6WHeRbdBF8TUpFzfpykruolulrKaqfPNyuR2UfZpe60L1kiJZFAOZFJquXTzZ2xlHKQXfHd4EQN/Y8Qsk8obZPJPzx052XVrzJiYAkZ5YH3Nz0NaW2UNvjp3TSC1taYMjbGbkoxI70I7D2VeIqsXfdKXHKLh3M0TPzaQ7acnlJ91mLS9tMy4l393EBsXq0r3+BZBolJ3866+YCTNHYxnSayKDNDT59KmvsidK7I/aJMlllJjY8CoEvYjNlpWpXQtA4YPoS+V2q7k11zaGeOlnAjMZ8Dsz2BLpBV7VD17a0EnmAhlt++xUo1juxrxk6JibP8bYd19YNXxRmgZp5Z4BrfdkUHaXTGt+7Z0HONW/a1/TM/Qqpgxz/XlUYqwGkoFBNpFbhJF3YTaNKuYFCCq18QaJEEG+f0UMF/xyEn9w27CZHKTDYCZMyl6zgsr2g2brlmnFnFE40BY4da/iKdHfhF7TVpT54P4AeoYo/RQ4YvHIV/qWqferBElQQCeuVE3hTMPdpCSdUIxHnj0y+uD/1PZglRR4OBVJmB6PomjeljeKKiizYAa9pcr2Dafbuc8LB/biHvfLL8HyYt0MpJDdk/GCJjJycPbxrzVjqRYecYA2TMAkL77SMjHlCh9jYc2xDnjfhCUn6hz3h6eXLeTq8FQZVUePubC01jnYMdNPjPVCH0GYHbPXADplizfW5GuRZEakazXikoxSh5ZivaFIAFISxcp/PXSTzomF1Qepg17WkLZMWdfyMpOWXXGikTVqc1ytu9I6yZ2LMhSqalSkungs321qi+d33toC1NHXmxDy6fQPHyJtouJ3kkgqZuDIJddWDgZ7a9LGL0m7jNvjx1Wts8Deytc/yVH+WqJWCO45TwzUVl8LVcuJc5gIKaph2x4aVwhZ0Sqg0ZsZiyyON2Ez+mzRTWuyFz0yRQltW6meJv5drrCA/s3/XpVquwkyDUniBVwBPEDmMbnX8tyOg9vZULBq+rHi2uAvIvqvdSwfN7zTHQbkqUYayvONES0Pm7FE+preJXOpNiAcwcipdINcPKEp4K1BYPjO2VSklJF48ADRgea3gmSZ+BwIl9J33OKcBetyxFFYzcu0g675wa/dHUQrC80wBi7qUR5DwJsVE5PHp0wb+cMzRNHjPA3iX3RzJIQQRrwNNnr/Bkvsv3pEJq1NC9k</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:00:52,938 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:00:52,938 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110052Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_lhqhhy2dakbtcqt03i2fujuieubgyzusmaldhea|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f5e5b13403257cb057ab9693f09675d6|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxUALq8Y3fvRu8okTFUBscLuuRAnFLhb0pqHIpyZqduLWApyuIchAt7g3yX/D/IuJucKQjRzMhnHxpFYoFHhfYOdJRwvoIPVQ5o7G+2pDYcvptmQz8nawHgHkP6vpEcuhNhmVsnmYJX6RYEWbiYbiU7NMw5I119NE=|_0f53c362b8867abcbd0c67cdc6cf07a7|
2019-12-12 11:00:55,828 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'sheldon'
2019-12-12 11:00:55,828 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user sheldon
2019-12-12 11:00:55,828 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@725502463::identifier=sheldon, context=org.apache.velocity.VelocityContext@84db2c3]
2019-12-12 11:00:55,830 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=sheldon,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@725502463::identifier=sheldon, context=org.apache.velocity.VelocityContext@84db2c3]
2019-12-12 11:00:55,832 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'sheldon' succeeded
2019-12-12 11:00:55,832 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:00:55,832 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:00:55,832 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'sheldon'
2019-12-12 11:00:55,833 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'sheldon'
2019-12-12 11:00:55,833 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:00:55,833 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal sheldon
2019-12-12 11:00:55,833 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8c8d2bffd1df48fd2f64bca1c5f36616046c1dd6293cec18701acc3a7305f296 for principal sheldon
2019-12-12 11:00:55,833 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8c8d2bffd1df48fd2f64bca1c5f36616046c1dd6293cec18701acc3a7305f296
2019-12-12 11:00:55,833 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:00:55,834 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6e98faa8'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:00:55,835 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:00:56,030 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'acornlmsdeployment.pursuittechnology.com.au'
2019-12-12 11:00:56,030 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:00:56,030 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:00:56,030 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:00:56,030 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:00:56,030 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:00:57,581 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110057Z|https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp|AttributeReleaseConsent|sheldon|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:_key_idx'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684457581}'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp]' as '["sheldon:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp"]'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6e98faa8'
2019-12-12 11:00:57,581 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:00:57,582 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:00:57,589 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:00:57,590 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _725a8a5c1208a065c3777d9ff937832a
2019-12-12 11:00:57,590 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _725a8a5c1208a065c3777d9ff937832a to Response _c0965b6a65d23fef9ef8334d04df1cd2
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _725a8a5c1208a065c3777d9ff937832a
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2019-12-12 11:00:57,590 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2019-12-12 11:00:57,591 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:00:57,591 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-12-12 11:00:57,591 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:00:57,592 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:00:57,592 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxLGlpmZJn9P/ULgLGTcnPwvNWed/Zm+Dp/YzowXRlLOm9SAKDY7r0h48EnMMEwboVTuu5pnek/KkClZ2o7BibfuAuSzAIYQsKAQPOEmZgjH+yEULOUzHNkLpIBRsOpb4gNb3wS639KQCLzyLrf8JN/Usox3pQYyjOp44LqRvpP0efXvqwoQHy1jfKFNX595pIXB1QhdE= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.34.32
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _139b9ea1700c42f6b814c22b3ca46cff7bcfaf11db
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _725a8a5c1208a065c3777d9ff937832a
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _725a8a5c1208a065c3777d9ff937832a did not already contain Conditions, one was added
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:05:57.582Z, to Assertion _725a8a5c1208a065c3777d9ff937832a
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _725a8a5c1208a065c3777d9ff937832a already contained Conditions, nothing was done
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _725a8a5c1208a065c3777d9ff937832a already contained Conditions, nothing was done
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp as an Audience of the AudienceRestriction
2019-12-12 11:00:57,592 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _725a8a5c1208a065c3777d9ff937832a
2019-12-12 11:00:57,593 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp to existing session 8c8d2bffd1df48fd2f64bca1c5f36616046c1dd6293cec18701acc3a7305f296
2019-12-12 11:00:57,593 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp in session 8c8d2bffd1df48fd2f64bca1c5f36616046c1dd6293cec18701acc3a7305f296
2019-12-12 11:00:57,593 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:00:57,594 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp and key AAdzZWNyZXQxLGlpmZJn9P/ULgLGTcnPwvNWed/Zm+Dp/YzowXRlLOm9SAKDY7r0h48EnMMEwboVTuu5pnek/KkClZ2o7BibfuAuSzAIYQsKAQPOEmZgjH+yEULOUzHNkLpIBRsOpb4gNb3wS639KQCLzyLrf8JN/Usox3pQYyjOp44LqRvpP0efXvqwoQHy1jfKFNX595pIXB1QhdE=
2019-12-12 11:00:57,594 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:00:57,594 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:00:57,594 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-12-12 11:00:57,595 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c0965b6a65d23fef9ef8334d04df1cd2"
    InResponseTo="_139b9ea1700c42f6b814c22b3ca46cff7bcfaf11db"
    IssueInstant="2019-12-12T11:00:57.582Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_725a8a5c1208a065c3777d9ff937832a"
        IssueInstant="2019-12-12T11:00:57.582Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxLGlpmZJn9P/ULgLGTcnPwvNWed/Zm+Dp/YzowXRlLOm9SAKDY7r0h48EnMMEwboVTuu5pnek/KkClZ2o7BibfuAuSzAIYQsKAQPOEmZgjH+yEULOUzHNkLpIBRsOpb4gNb3wS639KQCLzyLrf8JN/Usox3pQYyjOp44LqRvpP0efXvqwoQHy1jfKFNX595pIXB1QhdE=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.34.32"
                    InResponseTo="_139b9ea1700c42f6b814c22b3ca46cff7bcfaf11db"
                    NotOnOrAfter="2019-12-12T11:05:57.592Z" Recipient="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:00:57.582Z" NotOnOrAfter="2019-12-12T11:05:57.582Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:00:55.832Z" SessionIndex="_a11cc9f53a02469c9f9be3b2808de1ff">
            <saml2:SubjectLocality Address="172.31.34.32"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:00:57,596 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:00:57,596 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:00:57,596 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c0965b6a65d23fef9ef8334d04df1cd2"
2019-12-12 11:00:57,596 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c0965b6a65d23fef9ef8334d04df1cd2 and Element was [saml2p:Response: null]
2019-12-12 11:00:57,596 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c0965b6a65d23fef9ef8334d04df1cd2"
2019-12-12 11:00:57,596 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c0965b6a65d23fef9ef8334d04df1cd2 and Element was [saml2p:Response: null]
2019-12-12 11:00:57,598 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:00:57,598 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp' with encoded value 'https&#x3a;&#x2f;&#x2f;acornlmsdeployment.pursuittechnology.com.au&#x2f;simplesaml&#x2f;module.php&#x2f;saml&#x2f;sp&#x2f;saml2-acs.php&#x2f;test-sp'
2019-12-12 11:00:57,598 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:00:57,599 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://acornlmsdeployment.pursuittechnology.com.au/login/index.php?saml=on', encoded as 'https&#x3a;&#x2f;&#x2f;acornlmsdeployment.pursuittechnology.com.au&#x2f;login&#x2f;index.php&#x3f;saml&#x3d;on'
2019-12-12 11:00:57,600 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"
    ID="_c0965b6a65d23fef9ef8334d04df1cd2"
    InResponseTo="_139b9ea1700c42f6b814c22b3ca46cff7bcfaf11db"
    IssueInstant="2019-12-12T11:00:57.582Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c0965b6a65d23fef9ef8334d04df1cd2">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>4GLfoVLwUOOpFLuUzZlfIJ3lvb3tMWy4YyrimuzKGV8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>fJ7zmq1bAmmxWB9loUR2GqE4enDKCn5CCqFMGC4x6s0Jsz5DAuUtpF48nWGeaMSLd3UBesng1rumo8ARP/Nvoq/u5tZZAJ2PhR1J7TOVEDUqhD7OBHX6KSka4AmlL4XhVLYLc704PXob4wMTN7+JqH8f2/v4/zNyAPnNge+nlnNnTkud5IZvmYHSX7T3xRM7SE1D69I/dHqAgK01NaqAcsC+vulWgTOxZCChBozMOuu7CzWn7xu2OmX7kngyKuW4QBL5QrXQE37+6GnoOZwaxCrznTPdz8CqnYA1jHuK95H5XDtp6TXtHXTot0/w3Sv8Y/+8fm11IvgfCuOtCkdLIw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_c8d6de0820f2f871240c352589c2b161"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_f766ea4ce9012b104c7684aab8bdaf46"
                    Recipient="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID1zCCAr+gAwIBAgIJAIRfX1nHIdIzMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYDVQQGEwJBVTEM
MAoGA1UECAwDQUNUMREwDwYDVQQHDAhDYW5iZXJyYTEbMBkGA1UECgwSUHVyc3VpdCBUZWNobm9s
b2d5MTQwMgYDVQQDDCthY29ybmxtc2RlcGxveW1lbnQucHVyc3VpdHRlY2hub2xvZ3kuY29tLmF1
MB4XDTE5MDkxODA0MjAxM1oXDTIxMDkxNzA0MjAxM1owgYExCzAJBgNVBAYTAkFVMQwwCgYDVQQI
DANBQ1QxETAPBgNVBAcMCENhbmJlcnJhMRswGQYDVQQKDBJQdXJzdWl0IFRlY2hub2xvZ3kxNDAy
BgNVBAMMK2Fjb3JubG1zZGVwbG95bWVudC5wdXJzdWl0dGVjaG5vbG9neS5jb20uYXUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuU99qkB8VJ88no0zRynilvavTfkcB6g7gKggrUeXq
CzUNniwuflJGVcj9Yrw5br5ZsTBeFpBb+U5qLODHVaMfpDekkjiyNiR2LTtiv6SGN7PFWO8GXpGw
bLMkPAiB4YtM1B/sIT/k5OE5NBnvUEV5Oxwy78EJ5jhKjAGosqCTTSOsdZsbMD+AZgDaWq4uX4VX
KVAaaO9tXa+M28Xt5m1HZ4Td2XWlN2ESt9Bq/KwZpVDTIjvBv5FSUQeaAfbcbgbLKM+RL5aBwZWy
qI7tRadJT0YS8nCqXa5J/kW0JDP1eiKkt30IIz2go4VSZjBBOZw8rQyDGZwg19Wuo2rgadopAgMB
AAGjUDBOMB0GA1UdDgQWBBTZDsu5JDIptE7YzY31ZVFWL+ov2jAfBgNVHSMEGDAWgBTZDsu5JDIp
tE7YzY31ZVFWL+ov2jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAwYyDDZchZX3/B
h4hQ46enTXvxAcGln+ScDLwao8bB6L1Qaj0egbKa3KXtD3m3NpigZ7TPqrvcbe33fbGkQ+K763lg
JXNnwxqyBWCpe7qhQvj4IClD4OIV+ALyHx5WNTiMXESa2tHCq5+N+6tk/laCwnXPzFEobKXxCib2
sBeWMg9UMQJwwqHhNL//N2J7cPl9C8vXIdNtILAp+g0iaEE6rMkLPUuQbWwqbENhjfcQnVb78vGz
tlti933DifYDBC9W5HB9XSESHxiiFCcfff3RfYmul5GWud/9ASgfJPwj49u3mg6I2thevX8ushuT
OqCGQXzTHDhVZd6KNW6L0/li</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>TzBrJtS4iMlYuSSlHI/uheOFjpeCgZBb1gEtqZs/42H6T54NlpwDKW0Yq5/G9mbqY09J6hxCFqYdT8Py6kzv6W9P4trusnaLOBjvA60rYMAVubbgTt7+vqsk+OXZvtBXT0zDNCtN3YY2zcZBH6+IMfDia1yfrNSFYOyiHH4MPtEzAlO+YfjSQv5H9AzSq6rZWvyOg4NQtWSZBDBfK0j347QFF5wvQpgJcWCzmFLkpGFtycX2TGQopiFvroY6w632lP0hDa/d35e4JAttmf6qEM2l//qdrcZq2rnaUX26a/EjwQ9z5yVORGRFxnGNFIohnrcnbI4rib7iXGalHM3x3w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>N4UYj0s53irkz2YVFSYIwWXwDz4B/LihUyBuL7cCeLbZU9banWC0jfnAREgJRBBiv08IdjUsOSdXYLMgR//o73ZrVEmvOhIy+zdRhowdExOdr/ukC5nltctnOoenc4dTOxMyGgkhPAs3AdwnAcnJwZUYdEChaHL+XVtDs2nEBT2p3M/PhkB/sbRCCi+wlSsZR/ubmrDvrNy/0R5xGZqssvwX1YdwcBashhWOWn85YtMo1UHh8rUqGSNNbKi7Y7SpXKzLdIG7XOad9XolKHDhe8Qi+tSFiueeQqXtaXU2DxCI3vXYXchgoPdp2Oq//GidboCdeFMkVTVF1Wi/9mFHZ4WvwyTosCL/sLH5iY7kT8tiex0yU7yn0grJX4iiPt6eG+KtRnLJg4vXKKBa7xIBNyFgma6fQ7PxbirVPJ3nVOwZt4mL08/8eDk36eB5H6wSFi5lwHXYXSzmEnmatWXQlolrb/KfbfUcIITyjEDKg8kdDw2B84gX9lJHrAYGg+WsbQIRLla/Wi5uQhnE8BvpverEF7GS8di4fh9lxRqomETTVGAS6Sm53LRd9/EuDwPAV4/dlTGVCUJO+CK7LSctfmwHnv1WIcVdrhr9xcorNWQ2AL6ZiOnDa6xxdLsmOHATobjUhsJe8kyPfJ4LyefNxhscURhbUfOcfwUeVHaWqH7h5LkNlP03ou3KJyd1sLfmwTyNP8i2cE4HPUXz6cFF4R+dOmFfYuGbEl3OAcLIsChe3bCR4PoC4wnnidavpPvDhHkgP1Ns2hHonQ5ErwD1wTPTva2hWDNbkOEl5HCgPMgGP6C0H3Ybo8VumTHtDlDaUzZR/Rrfwyu69jaw6YQT1Qc7OBl8o8EE7aKwEAkcXw207hpx+TPHrhIR3MSaldeTx9O+17II2IRxsc8z/9ojHKoKZhenUNGkyk6uz0nXcWKYoGQNIeMbi4tOPEHeGWhgCEZZTfL+b/8VPHbUGk1FvhY3/oInkYTi3ezdVvAy63UNAbOavt9xJ6EJfWPn0//LHTSLpAbzrLNkWQP8NdhtnmVU/jdUvBwcMYpugz8eunQ9Ds76Bc22ZTE5IoOB2odF4RbeIpgtbuEk2SRgr7xs2JEaKZyuZXMEvhEBaADRGqhFMxjX24kIZ5GauT1Z5Nv6+AoSaJZq36HqlHY3qjO26nT9CH+hsQjpOBxTaY9IKgt6T96Xx6969u1278zfS3JVXf2fkJyfTl/y4Y7YreoIULD/9NGBV0NBgr5M8C4ysf4/ISNTQAQ12TObiRzAA37tHO9KHXzp10oO6lBThPUD4flJnWpSc6x5AdVpHdq6MSpzmrKyoEkS38xcYIXA6czwLRnRXYc3q+z9XNt1X6QBHbbe0u79NV6fEPYzxh1UOD9TefcZjn25j+HeWQ+j+PNs1PAYNRIQhO2hzIa3M/yGrrggroBGP3FInqSS3nRTT5QJebChm84m1Z2FEB0kBBrQ2vAlBBgKwCNF0lwiYSx+Db03lmJ2ddBU986Jf3ntySZ50t1FbN3NVJwuloHcHPD+QbYPIx9R4q4kfU+4CzB7Ndz5VGLev7rY676woJNzmeMDW5MskJA4gKDmamKXuGXtM3WhxVZl80oDAw+03K7TAn9BlXa0SpkeoGSQUSnn/0OMPVuIOySBeAWTSrg2HA2XTnf5K+mSFfYqH82TXRtS+JTtYi/sF2BzCx1VrrRE7vNxyPzf5gnSTwYKiJMWlWXUwYXRwcANwF7ZkLglYefhyIjZeaUx/1g/bf6BFQqTFa/kL9xZqdyKnB1z5c3znNpnDNz+gqJJ60uyP804bytPqS4dpkaZQBryB9u2mxgd7NA8B2Pvc8fJR3F6kFOirZuA18V1kHT8WZW3T3rThOEubiIN4ChQXQW701wt1b2AcbhskOREL+dQYBE0lh2hRmQ2qXmHiXnFhIlLBO2T2MuJPVolAe8Eio6MigDGbQMDTPZDX2QFFVXJ8p9dujM24AhLkroEb2TZr+hR9Y9tXG5WaPt6g7kJn8XHVgCcFmX6o+eFLAGikDRdAl0dmErPzl1LX5MtbOL2/nC7euNGpQBeQZVElGDZQKjF6Md0pWIAVhAhNVUZY4UbOn4Qy4iPQUjnEZLqqOsmI6KuCwz3/173t/Oqbon0ULn9YaBiAlN8fnzuIwkQVafDJrUrLeZ3SaF2UBG5yUYpzKxxf0Rc82MHBtOBgAWX+3hv2YZ3CLzQh76FRwF5UH6XQFSj357C+526Khbn59ZGJfbeMJKYEG9EukWjDDfi7RnE5KiPeLY91nip5J7MJgwXKODWH0JBMDKcxZfr+sEL3GrwjFV6YQSYhfeVGBJM76yYDKWybJ7Ff8clg8zDlB9dp9TTs++FdLT0LaJIJvZ/+LZBgWiFK6HNVOlLs4Piojyyxy5Cu1tjrw07Z//l079aiAsqWn8dIKmTuc3maUdFIP5EH2PuxASQbqEikRBn7pbUVBIH5CZc7ITF1x4Q4OJ/b82v8oV7HmhDWICVGJ3eGsqJeH7GiSwQY4e7H2lCmLIhtjOQAsFkEo6b35pxozr/0RZxgQffg2rJXHbZb7HsUrVGKifIelNx9OxLkycbKFkxUqN/MHsakXNHMk5ansUa49wUkTqeUfAm9s4KPlLUZ0IIfTrtcGha3Gx3UxP/lPRAsoE4R05CwcsL0VKMbpixl0/it7ff3OiNPGszTTHh1TKR+TTM/XEkWV5QsgMWxlz9ZFCkcsB85PF1zqiPE2M71Ii4orp7K2DcDMcwEQVFaTocUHpeywFQ8cd/6XENw91+sIGt3Wfpt/dJRSwNSU08/btSC73nyJf8q17mW573JraoqyLEOHeACEWQpigTp2bC6uwmP8ZX7L+RmynYwNOhaM9zjv5xgXTWfMX1dElz8nPO4jFPSGv1jA8CEmFt+X4OoXTpwAtUTQnbCtarBCqZRw+zO0r6Rv1jRVNCbCqd5CWnAdTxxiiXsWye9XUo2vwHb4m5uJ6pkkOtJqlYiKIbVUS1UNm+sIWa3cGlPqtcxXpVU5NLbECKtcF5F5tfe+nzzT3eMNW9hydKc6bhESYMT8/Tm9eJUNDL3eejSUGeuURPVvevfvMNgAl+mvkDPJ6qBNA0396zfPHnUwC8ltVwQWWaeO9N6xyHWY+0kH9dcgKpDQe2/H4IlFudZ+fGuP76mN7i00EbIOxrLh/XL/XiY5DndX/Xj03RTHzeF6RnOdBDwwzFJh/YvdxrQgTEsK+KSlI//nPQ4W4LgvFMKnRCdIg2GZMDHB/mLQcgqZMX7uH9dXLnas56cirzKI3CZxzLg2LFHsW4y9Jsn4aISTmlfdnaDeuqkirn2za+ikwydHuX51L8X+EIoB6knU/N/4ZLn8hplbpG4yIYmMTSd2Z4fSd84y0ojChdfR8Xjy6jHsDg8dlWn2VV4nf0uid8714OhWxGbF+3LX9zfFievLepkk7T9PwamXnIkL2OGh9poPOzsLN03dYLnj1UAC3jGMhxed9mYdQS9sx2xlqcJ//ZInD5tRD3YiBYbMzi+14FDgtuTc1rJ+T5uOzlNor+zCYrb/edVAKcVtsVf3jBxVy7ybpJvqxfcygNJ5aczOSsrwtVUhCBWcvNBAIGu22qM3Q8MJP2esOV/m4/ToCmubHcQ0geKBje1NXJl++/Iqtq5O2Rqy3Vc73XfPSkvE8mRRELuyB3HPUEDmTNb/hc9r4nZAg9mKgfRTbg2ThgEYd+KY8Qq+sPGXC7L/iFSMJMhIN+fqWR9qZqama/LR2yh7UOXrZYAcPpBSlk9qaSb5uaw7gJ3w/M2vgi3gHkwmIxRFFwlBcGY2Xj8/VdBioRvcEoE1fur8WhGc57YTxYHTb8IPsZsOhEYHPclHq/cg5hV7RAM7jLpYVg8d4uoo4oF0QYicjjluwFNVJN0T+eKmWzT6z0JKXt/oRtbCwa45k3Y/A34jkpbmUAEdAynVWT92W/l9ppNodo8/m3erV+Ewsim03IFvifPYMiDFt9dQznjjmkqujNcKQkIPQhMjj/z9OuksyUuBACWqpYG35o+cPJsOQflb5hVvc9vQ7D6uAxf2JJqa5QC4UhttOgLheL7tVmKZg7GxAQqrt+dMvpLJEZi3CGw77GTXZVmBXl11P3/oFcurboi9kTdBYbBKB5r97ZX07K48PzlXHQzetS7T6d2jLO0ThzTnJ5HUwFvCUZi+l8rvQmQR+0GdrEKYDuRYcVw/ruZoMLGkDzVrX17+g9W9I8YSiwsCFHM/zcs2gP/w4Bh0kci7naSiVXMF/SJfVVWAm4iP7M7vcZReQ80viN6QTJ5mxT9zz/17B1IhMCjWLYcQCC7TdDqoeseLWFUxKTduXoMxHL3Ojyd1fzy1nbWeO6tGTvjjdFwxNhPe4zqHtBmz4idTZAI2hwFGNHLQsETfFJNdW6B+17AQ/TbzCfi7luCFxoXvtOkrhEVJcvMW6se1/D6CktAGlvMiYWi30XIQYCzStq20GM6Mx2fa5emKWbjxTjBhZ7s9m+9bzK0HJbLXaJY0Q93rMTYctw9ZMTPHYvRgIYtObGgByPYGmn1OAuF8mI9qliLasqaBXYYVqFnl3pc5yFobMiMJGAKddsPrZc7Blf6bZNE7XhRPnetspXgkEtYlo4tOl7M1gmkZUX2ZR20CVwZqpUFFHTyp2qz3at5kIFet13LMKLV+ugEmrr2GYdTfev8jaGkNRfR25nW/qlNqOpaB2SZzst+pVbugDWizNVOZHsTV6pJuhtii0kpgBVpcJy8zt02gTUdDWeuzghCFQ/Bwf+KeqSvO49bhS4mhMhGioBcmNUMET5u0QegdO4c+mKtIuUvYxjkozlRw/KMrZiXS8qcanzgIQrITjJMyol1Qb4G/FwjbWbZ4x3JghxiSc9j3CIlOEWmWcrlsHomaoqzcSsRcbnlQMuZXWc/tfVu00dVVTrBIWKbJb6VLboK98n5UiMZiprzHg8YB7k5XS3SUsVogvR7Gc1raKdjB29ZoIzBfDShOuvdqLXd/9FDkqEYieQtgafuYOURmvFXhirK4xpfnVmVErqJvUlViT552wpMLNweIvIxZWlzOdHGpfrzlJcI9tV0AVJBhPoo26wUlooMKgbW7iX1BqLb5wnKucFCXenJqQg17GzNDkJB4+JSA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:00:57,600 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:00:57,600 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110057Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_139b9ea1700c42f6b814c22b3ca46cff7bcfaf11db|https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c0965b6a65d23fef9ef8334d04df1cd2|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|AAdzZWNyZXQxLGlpmZJn9P/ULgLGTcnPwvNWed/Zm+Dp/YzowXRlLOm9SAKDY7r0h48EnMMEwboVTuu5pnek/KkClZ2o7BibfuAuSzAIYQsKAQPOEmZgjH+yEULOUzHNkLpIBRsOpb4gNb3wS639KQCLzyLrf8JN/Usox3pQYyjOp44LqRvpP0efXvqwoQHy1jfKFNX595pIXB1QhdE=|_725a8a5c1208a065c3777d9ff937832a|
2019-12-12 11:01:07,317 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10261---6vpANzs1GqurrBsnzBCjsNrghqahoc
2019-12-12 11:01:07,317 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:01:07,317 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:01:07,318 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l"
    IsPassive="false" IssueInstant="2019-12-12T11:01:06.333Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>Xpj1Mil5kxC0Sv2HL+jYyj+Gt1hgQLdZvsqT4CNnTO0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
R6fpB2TTKhfHrpg1J5Jqk605cH1dXm/L42IyI50ezh+85HcW0l/ZUpW6yiOgplyKSpBFUWV3htUk
tzvFfjUMZm/K4SFL44CSJQUiLKqfaosf1i+GAmUKkKV2DImc7mHsed+Jgoijdh9RCGUeMsoPuOpA
lYna7lTHPqPcvI8WbHkBvMKYd9gNM6COj7xbNg2w1t+F/4fuSuSk5yR1Y6bO64img6YoBS8ps/QL
hTx7x0rt7y2GKKTcocyTvjulB2uxP/VITL1bJ0rBS30pSkUfWpkGdV2Dj9AikU5zd6r2UaOO+A+1
3hWSE4aM1dBxKBJvieb/kBVQRoVe8WVgbCiT6Q==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:01:07,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:07,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:07,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:07,323 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:07,323 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:01:07,323 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:01:07,323 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:01:07,323 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:01:07,324 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:07,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:01:07,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:01:07,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:01:07,324 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l', issue instant '2019-12-12T11:01:06.333Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:07,325 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l"
2019-12-12 11:01:07,325 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:07,326 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l"
2019-12-12 11:01:07,326 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:07,326 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l"
2019-12-12 11:01:07,326 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:01:07,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:07,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:01:07,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:01:07,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:01:07,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:01:07,326 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:01:07,326 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:01:07,326 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:01:07,327 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:07,327 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:01:07,327 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:07,327 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:01:07,327 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:01:07,327 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:01:07,327 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:01:07,327 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:01:07,327 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-12-12 11:01:07,327 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:07,327 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:07,327 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:01:07,330 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:01:07,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:01:07.332Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:01:07,332 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:01:07,332 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:01:07,332 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:01:07,333 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:01:07,333 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:01:07,333 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:07,333 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:01:07,333 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:01:07,333 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:01:07,333 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:01:07,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:01:07,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:01:07,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:01:10,186 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:01:10,186 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:01:10,186 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@169917089::identifier=rick, context=org.apache.velocity.VelocityContext@4be1151d]
2019-12-12 11:01:10,187 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@169917089::identifier=rick, context=org.apache.velocity.VelocityContext@4be1151d]
2019-12-12 11:01:10,188 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 998622ed3d07738a61ae2c3d416fe5886586756f9974667a53f6f6a3d45181f9 for principal rick
2019-12-12 11:01:10,188 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 998622ed3d07738a61ae2c3d416fe5886586756f9974667a53f6f6a3d45181f9
2019-12-12 11:01:10,189 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:01:10,190 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1551e769'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:01:10,191 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:01:10,192 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:01:10,192 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:01:10,364 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:01:10,364 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:01:10,364 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:01:10,364 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:01:10,364 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:01:10,364 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:01:11,004 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110111Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684471004}'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1551e769'
2019-12-12 11:01:11,004 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:11,004 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:01:11,005 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:01:11,006 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a043c6a5068aa53292fe47bfe76fa227
2019-12-12 11:01:11,006 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a043c6a5068aa53292fe47bfe76fa227 to Response _5fc0c308595d1344cd104300277deb50
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a043c6a5068aa53292fe47bfe76fa227
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:01:11,006 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:01:11,007 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:01:11,007 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:01:11,007 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:01:11,007 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:01:11,007 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:01:11,007 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:01:11,007 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:11,007 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx0HzS1kfUr3TUHE8VYLLFXzduLHArJYTkyC01DJ/ykZFIHt3qkCriJd6/tQRJqFfGHsORvQQdzZWOiUe/osITmFg2G5SjPRrNAogw9zwCiYtfYEk3XnRmbmVHSvSQ18gYT7HRScHw3cCsgOQF6uBfG5pOWuCLo4o= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a043c6a5068aa53292fe47bfe76fa227
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a043c6a5068aa53292fe47bfe76fa227 did not already contain Conditions, one was added
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:06:11.004Z, to Assertion _a043c6a5068aa53292fe47bfe76fa227
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a043c6a5068aa53292fe47bfe76fa227 already contained Conditions, nothing was done
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a043c6a5068aa53292fe47bfe76fa227 already contained Conditions, nothing was done
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:01:11,008 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a043c6a5068aa53292fe47bfe76fa227
2019-12-12 11:01:11,009 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 998622ed3d07738a61ae2c3d416fe5886586756f9974667a53f6f6a3d45181f9
2019-12-12 11:01:11,009 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 998622ed3d07738a61ae2c3d416fe5886586756f9974667a53f6f6a3d45181f9
2019-12-12 11:01:11,009 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:01:11,009 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx0HzS1kfUr3TUHE8VYLLFXzduLHArJYTkyC01DJ/ykZFIHt3qkCriJd6/tQRJqFfGHsORvQQdzZWOiUe/osITmFg2G5SjPRrNAogw9zwCiYtfYEk3XnRmbmVHSvSQ18gYT7HRScHw3cCsgOQF6uBfG5pOWuCLo4o=
2019-12-12 11:01:11,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:01:11,009 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:01:11,010 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a043c6a5068aa53292fe47bfe76fa227"
2019-12-12 11:01:11,010 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a043c6a5068aa53292fe47bfe76fa227 and Element was [saml2:Assertion: null]
2019-12-12 11:01:11,010 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a043c6a5068aa53292fe47bfe76fa227"
2019-12-12 11:01:11,010 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a043c6a5068aa53292fe47bfe76fa227 and Element was [saml2:Assertion: null]
2019-12-12 11:01:11,012 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5fc0c308595d1344cd104300277deb50"
    InResponseTo="_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l"
    IssueInstant="2019-12-12T11:01:11.004Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a043c6a5068aa53292fe47bfe76fa227"
        IssueInstant="2019-12-12T11:01:11.004Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_a043c6a5068aa53292fe47bfe76fa227">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>xCuoKA3Y6EEn5GbxaY4mu0IzShIUtfPNJKQWu39FNpHdNfhLRgoVulhy2CtrdS7L/V6y5xqk4JatHxPIdGDXew==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>MbAyFgMzBWrhv48o656ZBWT6hP77BUOLc52+WFrTv18Rf0Ka4G4eTUUmaCiRZedh88PhUmI6hLL/e6VHxEn5GZ6GDp46xM0dN/i94N0wAB32FzmnKMgiCh2pM2ICiIrEkwS33w0NLPLsjIL7f+smUV6ivR0rl9SinuyM2Fzn+b/REGtLR5/J+BII+MvW7KF07KGkXXShgcTlhZAA42GsYCLNj23CTlMBi+kRsKYRL/vOMoBEyxI5e8sEdbEIOb6jMm5M+nCCSjeQFTLSb4mxY8s1phbUw1R+yEjmcsFwHKNGZUPJZK7PnPPem0Ib8A+tYiZY3Ta4ghMDE+MzS+QRWw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx0HzS1kfUr3TUHE8VYLLFXzduLHArJYTkyC01DJ/ykZFIHt3qkCriJd6/tQRJqFfGHsORvQQdzZWOiUe/osITmFg2G5SjPRrNAogw9zwCiYtfYEk3XnRmbmVHSvSQ18gYT7HRScHw3cCsgOQF6uBfG5pOWuCLo4o=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l"
                    NotOnOrAfter="2019-12-12T11:06:11.008Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:01:11.004Z" NotOnOrAfter="2019-12-12T11:06:11.004Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:01:10.188Z" SessionIndex="_a46518dfd168974dc51fd29da56579c6">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:01:11,013 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:01:11,013 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:01:11,014 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5fc0c308595d1344cd104300277deb50"
2019-12-12 11:01:11,014 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5fc0c308595d1344cd104300277deb50 and Element was [saml2p:Response: null]
2019-12-12 11:01:11,014 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5fc0c308595d1344cd104300277deb50"
2019-12-12 11:01:11,014 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5fc0c308595d1344cd104300277deb50 and Element was [saml2p:Response: null]
2019-12-12 11:01:11,015 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:01:11,015 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:01:11,015 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:01:11,016 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10261---6vpANzs1GqurrBsnzBCjsNrghqahoc', encoded as 'TST-10261---6vpANzs1GqurrBsnzBCjsNrghqahoc'
2019-12-12 11:01:11,018 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_5fc0c308595d1344cd104300277deb50"
    InResponseTo="_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l"
    IssueInstant="2019-12-12T11:01:11.004Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5fc0c308595d1344cd104300277deb50">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>+keeIfuKy7SxsLow0cHtbvoUxPxFqhj1sL2XvVpscSKzuSVdg5/BjoeBGi5Fd5+YMaygUODNxZeeayPji3ufLg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>q7B/wVmqDEiut8du4VZd3E0XSMfqkGw8nUjC9YiKdrE1h3/8DEgANjinRXptTd1ulnAyI6Hps5uBurFUJXvg1DN8jZnObJLDAZYMQ4skmq+zClWTuR3Cm7DTgpqyjY/0hNuv05VKDB4smu5H/y/et7YejC4FarW3obkkPivnMXG4KFFHNX7g4U59UYdzlRyNEzwAbg7eQkCeTo1XpIEwV+UqZphDF50AI7XDSAw2P6QpewDZzbUAIswcfLZ1DitrebjL7QCtfb4Lpozx4qSVrFykJtWfJJoFmdvwaB9HzJiRDNHW+h0eqfuPx9YlwyJbt43vXloa6NsePo5epTY+NA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_eecacf75f75aca7d216b4e451a268e97"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_c0ad9dace1d756f32482a5eeb0e5fff3"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>i1BgxST+a1baDm0Uf6N4zt6J3sDJbvqiZkk3ADPYiTXVyDfOry0CC4MgJHusD8/KZVqaAm4Atrn3N9Ugspteous9/P3by2cMPyIiVQ3v/vTa0IxmV4HeJGVqrWoscEROuJ3gGdy68cwFDu66+vsMKXhKCSR5EFt3vhrNgHS6WszsIkJu1as9BkE5eR5qHJ4RkVSd+8Uf40kR51SWL09x1ZQb1uBgDE8Hw3R6H9SPGt4vWKRLFwG+l6ZvPbwCCIe8+jjNYu9+XhPSEfmED5rIUPfk4zRm/yR6rNjTA+HwzTCJ7gKrnXthJ517/KRKcyFGkk4im7+040Lip+CCykY9wQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>day/vt5hvgaIJXU4anmL72iF97g2mRNICmipNhPfwZCfZHWRX8xP14dVmmx50snVGM8mxRCIa3A89u/L9vyUiQq0GdSx8OeQj+4gjl7mDUZPscFYiPkkoSsQYQgM+RO9U6bToKfrPWKFoi/Owc010BGAyM6Vo0+WVawbqlmggEflrF9u+4fxpyCWwcMOFtDA7bTWqq1jMOzw54EG4GCtqIn0kRfFPPnT6+oZKWCfBMDqDXaX2dHtQBqSf75mpfdAoKyR1Lfe8bw6LYbpqNTomsR5rz0WzLJnYkoBdnpK6z8NTa9AOfcC3Qe6j52/21/igSR2XF2iRFGaQNQ87OrIqRgLO5nRNSaL0xNGgUkCutx+GfKnFYeTBSvK+D2TTaGUqegDPUIdbz11dEfQMfK7oMltlZhYSbUiRH2S61x3Wf/MCm1rS6cBEkma3x8XmYa+wlz9TttSHLNqeoNOQa1ywhr9GHtLrQrV0+7ivJGknvpPXHJxixHmZVkzripz32p8QCIvVeRwpei0MPQY6kZUephZYkThZUfNP3tCJnQer6xHCLFVCufeyevPtfxvVvaYk/0XCZ5kmiHyMSSw84NeN6R7qbX8bUWuJqrzUX0/GQWLdBmGJ9HhV0uIz+ih5J6JyQlUrkjex0SsNjm/Gr8wsQ7RZJXTErl22bQGSBzNWQwPFj1z24OPksKBcY/MUIsGU/Zljr1kn7pwSKws9/LNtxgaMAO7xgZiE1MTI0n7gm9QMP8qLMTcUdM19706vwqRVrOkICtMAM2Eg7LKCT9qnEPAnC0VsfwuqO3zcDlEdtMTuFDYAVz1i3exHCTM+kCFChRvuikMy+c/CGYKHY9KBmz6AgBTth0/+SKce1Os2Q2+Xg48YKwLMx1QE4+8BM9QC61sGZ97J+x29fb2css534mMdZGHfOlVPwWa/qmrDsjuzk0yH/1S7Hu6AIeJyFQgYqgZDPfa9umuOkUshRFe6CDfAcj4w2mM09RyG8uWVC/cl/R9BIum/ScBdQxHqdXwT4NIhqKh6F73ApNRavk0lZ3trd8l4fTBCy+IDndridoi9ahtzhtSLHwLvD4UnPpCfVphhLJyViPzoN2xNW1Lhzr8q0fdmi2E279ZqMKA4Z5vy7gHjlz34NPSaoALQnGrc1fKzfoI03XXQP+Mf0P1Z9lwjPyb36fvnE/682WfAXeYk+AkHDme0kvZofJGSmvVmVlJD59VGpSJ+iH13/lTgD5wsGJAMbzjFDay91nSEEzqYAWTI68s+BLA+2NtYSXPNqvh2d4CZb7rAoqbkjXK+LyPezDd36AHL5tEf2Y5SydvKA6vtFzhF7XSRnkwV3AeRjLux55TeBMHu//MYNkhRuE2wFjTxrQJORt96efQwkTIX3ZtGkgGxbSeO/u7ZmwHU9N+IvATmMzu7ydGPNvNC2j4gEQ1c2Yj5t9WlgOamWdfHx0hwEbXYEzTFcLc+DFotKRFPJfdJkwYIiYFuQ/D0Lbz9aFqIWr6Q5RgkUd1ZXbqgL1D1oqKXD/OXA3m3/jXA5VAEba1XeRXPO1RbAk6cp7rgCph9MgkKu+kfSEi8dGC7cQ3bc1SW9b/wojPeV3XQnM1O/YKvxzVlZ9P0bg9y8Csr38C+AkjncIcbJk1f19f+pTOJ6zXal6JrV6ph9Dvvt20gLzJjPrjWoqpm7sAyqnOhNaHHyZyDA2DyMXu6gLQB7y0urZ+PAZlzxE31Tx+XQqQLPSsfxtitxI6PtfRTyvDpLVjNWT6ACPW4fHCx7BHqXikyT2cwuTzAJvNjep/YzvPCR2U4sm5f1lK9hAWQDHdlJakRD5XLILsw1Ic657CwAHKCDgrck9/LpZMRkFSN5zfhaJKu4QYIndWGSWNt2t/UVRWTiNZCpFUK4vzT5D1IVvqeoqE6VGzW7w57QBuTE2Oqn6ULkPXWfax5Xvgx21SASLhHDvZaStHfKe5Bl4VJMCNWY/gRlAqnsX4RMNKGAZ2i42a1heunWyaUroChL9lf2sy3WDLQ99p6rLdXAil3me/Vc4LTmHqlauW73FRX/Nw+LaIjoLjnsMupn+ISMQ0lwLSGbauOF/5k6o/fpwgBDqHXtPtu+NmgGg9ZRuhBT9dcMw6skiw/nwhkJtet0gKjW25tk0ijIWNybi7mg85SuKYBIFP5uKfxsxq0OzmQ7DRSxaSU+7LH2SJ6LZiDo/8xVaLtvWIvB2eFbesiOzBAjqBn4RLQc0gDh6UzWk039JdgBnB5fJ6NICY1RcEpLIThpl4k3lm2ebRFri4J6WLVIHvpOQYFgxt6WcDTBNdxycEW6jAS3476/vI8CRDiDH0vAbVuPU3bntBFoMRQbKH0KUYxHxxeoXC7pPiwsjFT2S3aKJqRH9j3L72UbhEaKhwBAI8qbTO4BL+Qw7NKk83L4OUk9NvpfXZwKh+oM7sebI8A5moGk0J4EqDUkFgdnILO4cfVBExQzaVlTMujZ6eMSIejW0pqsBCh+w2FXCQXM9HuIs2e6QY17DtvGAvFfSaMjuGxHflcDdzEWTsV2C2MQ0FcpBLveJTc+u3hocL1O/XQpBZN9d75xkKdGDDZ2QdAh6xXBaOqpm4NtNPXrHZR17zzpKqYhqeitpvkFrPpRHV0RcP7JZPKAnrOWrF8z54T6MZbH/d74Kqls6ZSLDgH0KbA/RN9nZwZOGvCVefc2B9D6P36nvqXxDSjHlTMg3kF/9lGmB+in72gb6VJrj4idyrX1/kJE/alC/9dXsNjuq7xPNq7vRjibLddMBa6VSPRU3yWJKix7EiIRBXbyRHEwyvWjt+1DgcaDkhTiVA9zxMQaCJ2/qwqLTVg8O0TDQddRQ7pMxvBU5s8amKIdcdrO+i8ypo5vFzUMAVDr1sVuo4lWJ4PtP6clVJiANO33VlaKQDZUMIvc6AF5hHXZz+DiYW39d0ABPOrWmCYWXnFL+bUG1pxypdgGA7QXsZyNiEXeOdxQXTR/b5xJEBoySM2tdxs6juSUwqTdff2aXm8Ux+2GnoN/qnytUdBiCJ4BgUaL9NpsqTmMESW6DDtnizYO9WD835nTgzJnNTI0GmQDV7IuUUdwm2kRI1POSZp4/yquB6UqM7r8k/Ce+RekeKxk9d4B51hRC+qgxYOSbDWbQL0FQVPtilyZ07FZdbXrJrrn4zwjofyQER66Tbb+4VRuLI7Xbm1GVY5UgxTb3ijZmSux8DZ28r/g1AtEygVdyg7bjLZmCLrWbN5X4m2DtxNvAFiKUo9Hm/TaIW9AV0nC27+ZZ5WjmlRPpHdyCYSNyuXkpkf3b7KI/Jji8nu8yf8kJ16gMNpOgLx2AbbDbZeofeVBhoF9f7bBpf2uVXlCMP1ApG7TuUiuUuYk14GMJ/GeUIFkVtmUyLX3e5GHJVC54ajodIkes9PL9Gi4F42aHqG98MREGaUxFSbvk73KRZzSecV59E2kuOBKYphLBwq1GHo1AGJ5D1Lp9tin1vnAQEDMd9NdNdM1/luTMy6KoQFymA0damWnvy8OQE/FIVs1vX9tnPekRBXYtQEdgQU1V9YE7ngm8LwBquxKj3EFTBfJsM48V3DP5zj8GqyyxYcYVgO6dOZDR/sp93ODNWVBq7uucEoGjzwM3Tn3Xnwye3YWgWd+gc7+lYjPbzU0VvbyvryOFWeh1VIsOuQVeDTorVzNJR4j6MbBDOAiGKpoFotnd5cbbdDc0XfjIxRvc9o1iZ7MeTjWTI7AGErjm6J9gHXZl4IQzPT8CiHjAsT1r9ITi0H7k+X2Y68D6QZ+YFxXnoC/JignfGf0sSUBVNNb/AH9g6/irPX2/KlllvXSIAEDK4p0UPaiNI1D6jhtDCT8VrsTDSKzBxCoQW8vjWTT2//p0pvKlO/bV4d30G9MVIyAthbaxkeNooGTXV+wPFJ0Eb/ATfrOLF9YDkQ+8Hb/hhPr4LrCEGIXzJbqG44PVo4q49qndp/vEbHTwjnxUwhgBV9HDpIf72Mm9DeDDO4UvkGj2xDDgFjpE9VOyr9smLnWJ5FkxX3/Dyum50VtpEtWqgRQpBok8FXZ4LDLwcEKSQLFmm8pNWdd2GwUuF/5Y8nh++JiBBsU1QY7N9paybupxeqIUce77YsIcj7gIkiQhEDhW7cYKeGi6kMU5pY9CVjsfH/P4IYv0t0CtO/hlMSiO1Z6VYjOZKABbsjuf0JoNh5qmo4fQ8S33WRVxpK7e7C49jCCUVnYXBonAy8hy+y6Zf1iiIzK+CDjC0j6jW6vG/Qi/oBWcdwpQ6o8xd2QoGUvNl/o+UipWG/p1wIb6U9viVhIW2TKKFg44h8+o13hShA8oFLxCMnfwHwlLgLEFrDk9yE5r2EfV1GP3vpaFlEcxo8uqGhvb5OXCLrGDq32NjnudVy5FUUOzmFQeK/WVEEXrwr0Q6zPVk+9QRBoeJ+gJq2v6gveo5v8EDD//tGKyHEs0z5h+OgpANP62ZGsP851S3GhxwWvcwqAT5DdWrayJMyrtUcVpLNNSkomYBlN7d60xTX/pxLNmnApx3F3m6DrU7OoUmp8glVckBdypUOr/OpTjPMKE/oLkbuLnjH3RG1B7ILBgNRZje5t8ncv0fSPEslwGfj1sd2cybzHoMJk898BKNUQ22ekW06Qv3OvZBV0t9nY8uxaAGDEYeBHMXaFWbqtPdHPoPavynzjlL/nRcbDcWzznZFPi7XOuOM00CTw/fAcRxTU50b/VGTNqHm42wgpqC/zQ1q55EAEdoA96U68W5yC0syO5clkCkOl9ua8JtkvP2dUXCZxUg0HJ/oW1bajepTAivWZ0wI077tGhnAo2pe4eaDHeilS4ifBg82Sr4p98IyaAGxdMqVwRtJB6KE8KJY+aXdVFzb84oiKo66FwqdjcbL6+xHk+lTYiZ62yuj/9uSTfuDkzw6s9gUBxkF9iplZbUSlGn9syw6ZoDgXz6/L1ldzfLfwQXfRdqgT8eFbti1/p9CSyy4flJt/VEa6rGwwiEElgwRhCglQL7P91bKOlub67bw0OjHCOaiYWspZtgTdP2PNRZB+Oc9NxIl9oVMNzWSigydpV0mR7oL+mPEaOkRmm6ocfRm24dlMHreSArhp3UQeWIsfYB4nvcSYP5eCWLtCipFeMYbNzsAKZyeEs/92Kd5rROgGM8jRthyZYx2B9bkKjGw/Ie0FD3zI7l2VC63VtqPSUBA7YZMWX0/Ml0VDiqrdJzO3GMolxwjDvFsa/hQACaErMcLV9a4OaruYMybku4MNtAMQ40Rz3PS1YU9ciY5B+wXs/8WD8UIvk8Vl+uE7WuukVUciVgk3wTnEIPSSJNWkX55NldjfcQmWnW6NfHzwwPnV4h3gFJY89EqcKybpRUDIStXEFhLrpkKVKa9aprL/OWeSaBO/Vagp8jExobXy5vJstNFJjwXecMRn8ISpd9pLLv5o5j3PziooB/jAcBo2/8mopUN+6p6gFaPDp1OzSzzJk6SDKzISjuN506bEzTZ2VkFQuIfOLmdQYPXcteo3PrRIHkSNo+/54hD/TamGDfFiSlqO7Sq/1MXqi22HYxdW/xml9CAjFhJiCdRoIUfJ8n3WlKLbzFtlXzQmzxYmYOkd0cBiJ7Mtj2pT5Jit8+OrKlDcYhwEP/WyXn62hTMQ5VLx2rm4HsvjPvXftnEtnDRup51/BMrkoo/ZlcVkwhH9JSAw6Rq40mtLSwoXXXV+CVTAp8tR45Ob0qbqmjzc0h2okwJx3pMRGuc0ycmoF+qAi4N+KoQA2cjYUpCCTja1OCSdKDcIN2oLAE2KMxfS6C2Z18IWuZaLnR8EyzDO/9XABTNBoqGjyIsw2T0jsM1MZuBw13f7XHbjcG16dBsBIVU5tmwjNckViTiPdHKhfdkbCUUqfQ0+fB0VUds83rkh5ZQl6YlOwBog/rcvF7OHF0Lazsbg9aQElQAbtkIBkOSzg9bosFfonaMLXJ7NKP8NBg8kQoWaxZStOur+WIouoMaQ4SL+zNJrBSf7WvPfJkst+n+8WZjUhxZGoAvbp5XORGhCeCLF16EV8sBknWVzwOJx1acQ6L8qbdbh02J6mJnM9b9VQ1azCoKlHKaZrmG8mIOFPCjxv1nO0VgwmQ6ZHM764fbcMtZqb1hekwpLjfvvj/DquWYcjTAZecCXTm4cbRhqoL1CaDEKo0oMO1JAi850sLteQjsCHhQN91+05xncdnduG0PbpSaDNKF7phOjH2/9JKSwnLBt2bAH8nJHaoD4SPkmTmeSQ2fX72CLKacETwT8mM/Kt156XJRhEOJhWmPMEXmx38dKzYi/Oq74lg9c2qQUuTjVgI3+Hcm93JoYkLjjxSOOn/rbAnKFdya8YFOQsYpY/uj3T7OGy6+Q+lOTVpVzNUGr+fV7s0EuntMRELu+APRbUfSEdLSFyW5JAR2xIx4fy9TX08Kav1xAkhx6wrcGUK7YdOLuNFqQ1NA13CARO0c6gjbgaak3WkHSr4YlMvmIhxcTROLd58V+9dRvUhV23b5FpWjOFmoJZlnFa9ImISwOPiSB36GOLx2uOMB9AqCpu5XHILDXTjbz3jcKN7kCD8MygMM0MioDWGVOGKtc8Gj36m2HJpqwilJ6LSjYh9md/eD6hXwcRa8ccsfbrG5H2A536aZIu1TJ6nhkaCkm6mV/iZUbp216nqGBCbSg6124bCoA5ibPi12mHxd7IXBT/fzv0Iup3wyjvCnq/kNTBLjBADsc8WtZZDbXs35BSRzIiSByp4W2Q13WLw1K/ly1mg9wtAIJehOBh2YJOayxcNbPberP3pWDglRgaotnbooVvhNlu9VdToYBKiEkD+Y2OOWuqBbsrF+l47Vfsod+XN0OtTc+ja5Yyq9+AF1f3a5yrqZJH1MnNCtzcAzMSzQORVdced890q0MDvLduLym/CebLl3Q68jiM07Y/hph1zbELKhAqW+omg4EgzVZnICZg7oZstGCPQjz6FKQdy06rSiEnBPwhW69zWnmi3HsrAkvrJKJ3zfifD7nEAQVlO19dxVcvlLe+aNGMmHYSYmJsZcxhWkTG9wRpU2toAE56lDjWLAfcQTFGcLdQoTRGIvWdJL92ERM8tSxbkRpmu4Gb3D1pNGr4aCvvht2O3Jd9Qx4W9NI7wE73X5KtZRivbb0TIC7jS2CQZAiGJCRt4Jb71NLbqPFwEA4S2xYqjVC9Z1oBtQUvnRR5DVoGno8mGg6LZ6fR7L22LCLQxfjVPGDH7GErhD7anm+hbbQPB1HUwx07TJCZPEG0vrlsMvzjRI3gC2dbeiEPuoJqkF+yes1o25TeKo3wQVIlcswqoBho4BpwnN6bYGRXi6vIymkg3w2ScGGiSFG0CsuO+H50G/4HneMGSPIIi3Rrl50n2jmJrqCdVMok4i4v+xPRuvaXFluFnrCtRhLI8+BeZ2gDii2cpcLCkF6QSpdJhF/3dJsd4j18Ge/0yTqsrwzq5tTMId6mHIFeX0ANRO1WyqIXZnlIHMTpaEhV4h7ANuyNmCfPj7nEX4QaPTHrmIhLJdwp6dHCWvgDAT3p7sy1629+C0kMC1KZO2trZGbztBONUYdmlILbehcma2Oic2q1V9R0fsypbu74+K0I7XEVEop5/X07QGgDVptIGjRaGrGwdIdal0/Zo325SobBSHbuB4CAyNaxot5kdN+RpSWO1pOvP+rZAIK2USmP0dDnQqSjCa0prDrQgkgDVqatXP0P8IRBvg+/euJZdYQ3l4IXJ1kAeNa4YgjA8qWujNGaQ8QJCmYeQaTM2Ncz3n++WFnt6cXUXQ4VnatlpYNbLN0FHpfuAUPKLOijMLeqmpkAn+TpfH8XTkbGOelkXwyisoPVMI2Cq+H+j9kYgpmN4ddFDqkS90nDVYy+2FQVXFMIB8KPLcfp8ujvT1biQmG7qEXG2v5D2zkyVuHMs+69DwP0rR9Tp4oGhhf4o6NdoF+p5rmg6fwqRFxk10Ba32HzQ9RfKenhkdlwyGwCcNvZP46sdnIj/CRZvYUvxQOCY8vQpwC9ruXBCtyXdubzNdLvMABk+INQGMm+nnoTH6Awox/VTTUcn2NA9VjlnhkMtk9ZJGBrZY6bFY/xUFOY38noycZSWq5gK3nHBBh9d65LnxU/n85+yLSsTjCkJ9A2q7B7wxCdQ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:01:11,018 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:01:11,018 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110111Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_xv6ztvmqaqownvsnx8jvobg7undifrnrilrst2l|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5fc0c308595d1344cd104300277deb50|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx0HzS1kfUr3TUHE8VYLLFXzduLHArJYTkyC01DJ/ykZFIHt3qkCriJd6/tQRJqFfGHsORvQQdzZWOiUe/osITmFg2G5SjPRrNAogw9zwCiYtfYEk3XnRmbmVHSvSQ18gYT7HRScHw3cCsgOQF6uBfG5pOWuCLo4o=|_a043c6a5068aa53292fe47bfe76fa227|
2019-12-12 11:01:29,413 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:29,413 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_iruk84gantlgtidirxvx9fga5jmraljz9ijt" IsPassive="false"
            IssueInstant="2019-12-12T11:01:28.627Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_iruk84gantlgtidirxvx9fga5jmraljz9ijt">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>2XbKsx7Ku7W53TJqVYUdZjEOM2Q=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>niCFjNh9Pl+96AGa7YgJc2z8UBeTRapi8QXvG7iROM8xFoJUgmarsbm4vKJm/9KQTMEbZoEYtc6gS5KDUsHWYD88lsZRSWDE5uJLcf4TDa5Pm2cLqgSzTCjk6Qs7fcxMkdcNJhsWNHZtyzwVQfZunXgDMOfqM8DgLf/f8VEiFHeexkbteXRpkOqghKqbdHUUUp3Fp5iaDmtLxts8I97lXesWt3W69z3JqWgunj/u7VzGv6b6HUc5D/D3iur1QqoIHoZCHkEBIIZvQvkxObrziOW2DbJpOqc+92hWYSPxgmzZH0IuCzwyIwrZaoWoRZ2FtOg9NpIJS81wwnLYF3sc04csLiowatCzMizJ5Md+yQG33b6dOyOhjn+j5eTlmiTAcHAGmpSWSKep0kBx5g8cKw/GWdd8eMZ2IthEaqHm1Hnv5fHfba8+kLN2tjwKCWp/j5QdQCmxW4sSW+7sUHJnvCE+JPut7ZTEte0+WcdrHyjlJxQBuId+W7Qm+gz633qK+7qGg1IySd2s2wrR2D7RDLUfCGmWTae9Zrzw+bXMur2IxP8Ag7P7DBRQJ3mCMUHdwBx3Y7b0OU5cCLbXaFrIA+euPMCqdVdY2n5bYgomAPG8ej72uP5zSnRmPXDjQB6DUENyNScIEY8uVTMmHQA7G4NYI3oJ+Znksvw5mJkT9YY=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2019-12-12 11:01:29,418 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otc.t-systems.com' from origin source
2019-12-12 11:01:29,418 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:29,418 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:29,418 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:29,418 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:29,418 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:01:29,418 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:01:29,418 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:01:29,418 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2019-12-12 11:01:29,419 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-12-12 11:01:29,419 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_iruk84gantlgtidirxvx9fga5jmraljz9ijt', issue instant '2019-12-12T11:01:28.627Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:29,419 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_iruk84gantlgtidirxvx9fga5jmraljz9ijt"
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _iruk84gantlgtidirxvx9fga5jmraljz9ijt and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_iruk84gantlgtidirxvx9fga5jmraljz9ijt"
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _iruk84gantlgtidirxvx9fga5jmraljz9ijt and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_iruk84gantlgtidirxvx9fga5jmraljz9ijt"
2019-12-12 11:01:29,420 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:01:29,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:29,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2019-12-12 11:01:29,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:01:29,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:01:29,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:01:29,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:01:29,421 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-12-12 11:01:29,421 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:01:29,421 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:01:29,421 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:01:29,421 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:01:29,421 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:29,422 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:29,422 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:01:29,422 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:01:29,422 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:01:29,422 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:01:29,422 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2019-12-12 11:01:29,422 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:01:29,422 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:29,422 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:29,422 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:01:29,425 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:01:29,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2019-12-12 11:01:29,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2019-12-12 11:01:29,425 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:01:29.425Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:01:29,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:01:29,425 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:01:29,425 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:01:29,426 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1211691399::identifier=rick, context=org.apache.velocity.VelocityContext@5d65004a]
2019-12-12 11:01:29,427 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1211691399::identifier=rick, context=org.apache.velocity.VelocityContext@5d65004a]
2019-12-12 11:01:29,429 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:01:29,429 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:01:29,429 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:01:29,430 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:01:29,430 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:01:29,430 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:01:29,430 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:01:29,430 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session be91147449765b3ff3d506b1ffa69b150291a407f62d48b412d6c28b502fd92f for principal rick
2019-12-12 11:01:29,430 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session be91147449765b3ff3d506b1ffa69b150291a407f62d48b412d6c28b502fd92f
2019-12-12 11:01:29,430 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:01:29,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:01:29,432 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:01:29,432 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:01:29,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:01:29,433 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _6d4a74a103fbc5514f22ede4bbef8b5a
2019-12-12 11:01:29,433 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _6d4a74a103fbc5514f22ede4bbef8b5a to Response _ea26db41d84b4c2cde20220b6e3fd740
2019-12-12 11:01:29,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _6d4a74a103fbc5514f22ede4bbef8b5a
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:01:29,434 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxcTpqkHdQa5HqCuompRnyxhaQF5uF/poEw9pgtK+sleeiFFrSkV32p//MaQiH81gEBTEL94l5eCA99n9tj0Hf6ZmwjfOTnEu4rREKbifL5JfdOtEca1byhU4g8f1VTgwnxjDEL+B2 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.34.32
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _iruk84gantlgtidirxvx9fga5jmraljz9ijt
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _6d4a74a103fbc5514f22ede4bbef8b5a
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _6d4a74a103fbc5514f22ede4bbef8b5a did not already contain Conditions, one was added
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:06:29.432Z, to Assertion _6d4a74a103fbc5514f22ede4bbef8b5a
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _6d4a74a103fbc5514f22ede4bbef8b5a already contained Conditions, nothing was done
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _6d4a74a103fbc5514f22ede4bbef8b5a already contained Conditions, nothing was done
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2019-12-12 11:01:29,435 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _6d4a74a103fbc5514f22ede4bbef8b5a
2019-12-12 11:01:29,436 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _6d4a74a103fbc5514f22ede4bbef8b5a did not already contain Advice, one was added
2019-12-12 11:01:29,437 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session be91147449765b3ff3d506b1ffa69b150291a407f62d48b412d6c28b502fd92f
2019-12-12 11:01:29,437 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session be91147449765b3ff3d506b1ffa69b150291a407f62d48b412d6c28b502fd92f
2019-12-12 11:01:29,437 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:01:29,437 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxcTpqkHdQa5HqCuompRnyxhaQF5uF/poEw9pgtK+sleeiFFrSkV32p//MaQiH81gEBTEL94l5eCA99n9tj0Hf6ZmwjfOTnEu4rREKbifL5JfdOtEca1byhU4g8f1VTgwnxjDEL+B2
2019-12-12 11:01:29,437 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:01:29,437 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:01:29,438 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6d4a74a103fbc5514f22ede4bbef8b5a"
2019-12-12 11:01:29,438 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6d4a74a103fbc5514f22ede4bbef8b5a and Element was [saml2:Assertion: null]
2019-12-12 11:01:29,438 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6d4a74a103fbc5514f22ede4bbef8b5a"
2019-12-12 11:01:29,438 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6d4a74a103fbc5514f22ede4bbef8b5a and Element was [saml2:Assertion: null]
2019-12-12 11:01:29,440 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_ea26db41d84b4c2cde20220b6e3fd740"
    InResponseTo="_iruk84gantlgtidirxvx9fga5jmraljz9ijt"
    IssueInstant="2019-12-12T11:01:29.432Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_6d4a74a103fbc5514f22ede4bbef8b5a"
        IssueInstant="2019-12-12T11:01:29.432Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_6d4a74a103fbc5514f22ede4bbef8b5a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>6BpyuxKUU0PTvBMLgokRHLuuWgKYUfAOEwe3gpVO+EU=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>jropA/GpwPZHW8Aob98znadqL++ePIRYmclrwHKlNLqx860SX+X2R5KRR4chOquIIR2d5Y82jzPdVl1uyejikfhlq7AanK1YsuxyX2Yh4E8P6o7QGxownCU1GnYAKiLSiDdsgo8nmNKO5BUSuMwd7o87OBn9OLN/GlzDJAcUpwwPVSHpSCZ1FzyGDIEadTvzQoyG5BhP468YQl7wDbyf572cCQDNqhHbwUd8RReW7amalNStDT8jV7zgfGC5YpBWzxElgb78y4X73aEd9TdU8KU0IuBx7gaFt+in/0s7RALlI4T74rnheTp7c/yVK4JotDK1fZ+riCDTAv+blAChCQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxcTpqkHdQa5HqCuompRnyxhaQF5uF/poEw9pgtK+sleeiFFrSkV32p//MaQiH81gEBTEL94l5eCA99n9tj0Hf6ZmwjfOTnEu4rREKbifL5JfdOtEca1byhU4g8f1VTgwnxjDEL+B2</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.34.32"
                    InResponseTo="_iruk84gantlgtidirxvx9fga5jmraljz9ijt"
                    NotOnOrAfter="2019-12-12T11:06:29.435Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:01:29.432Z" NotOnOrAfter="2019-12-12T11:06:29.432Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">f00SNjPNTSsMqbN9u6lYFj7lc2LFhzzcr3xpRJ/vEJU=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:01:29.429Z" SessionIndex="_e8da2002ae5fbc7f9f1024a45031e0c9">
            <saml2:SubjectLocality Address="172.31.34.32"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:01:29,441 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-12-12 11:01:29,441 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-12-12 11:01:29,442 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ea26db41d84b4c2cde20220b6e3fd740"
2019-12-12 11:01:29,442 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ea26db41d84b4c2cde20220b6e3fd740 and Element was [saml2p:Response: null]
2019-12-12 11:01:29,442 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ea26db41d84b4c2cde20220b6e3fd740"
2019-12-12 11:01:29,442 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ea26db41d84b4c2cde20220b6e3fd740 and Element was [saml2p:Response: null]
2019-12-12 11:01:29,445 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-12-12 11:01:29,446 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">f00SNjPNTSsMqbN9u6lYFj7lc2LFhzzcr3xpRJ/vEJU=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_ea26db41d84b4c2cde20220b6e3fd740"
            InResponseTo="_iruk84gantlgtidirxvx9fga5jmraljz9ijt"
            IssueInstant="2019-12-12T11:01:29.432Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_ea26db41d84b4c2cde20220b6e3fd740">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>StRxvKYPHmmdFEK8wbkLg8OPNY/5jxxh9US9PJbBvVA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>SXL938y94+KArin9hfFMC3gLUATQYmq4SrH+C+X4rOYOlTXwHrMtVoRpHMv/6UGYHsGzNLECOnqbLzKq5K82fD3qjdIHA10NaHF8yhCE3q0NF5RUS+Eo/refqTGfcx0EMohGGr/VMysCZ4drUA8AA1mFpUELE0pkUCVVdTf/3CIGYNl2keBpmRaOY30Uq4N2ETO3rE8QEDM7FwgWv+UGVms8D9rixb/k+cq12SWr0Dg9bF3vM2dwPOA/utiQz0Sa5lo/W+h5nR806g4gqhkeHgb/5EkWOeeyHw+yIhpFp+/HNqZzLPYBakoXt0gU8wX3P8foD/zuE+KSNFE6jc0/nw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_05425380d823cfedccdee0dba888504e"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_0c47d39d7973438eaeccd0631b75b4c1"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>krDXNawhESzuY4CcBXhdhwFOrNVmsl3O/+DZd6QTKKlflo0Cgh/GFcUjpkgMzXI7sUeXGpzgE0YDM0oaU364r2mNDd5ldLbD4NdYiPsQBwEF2iwTcyxHXNxC2jkuSVsEHm90CxVWcP8nlGO4TqZFvyuvcOwvX8E33wyAaxUYFuQ5R8JSxQ6RRO4dbc003FIUJNDjT0uzPwxk3erqDzrjoEDHQcPLFSJz5/XMkCEDn6WzkFggx8imEePZ0UwZEtkI8p2eJcPVnYBzqK0FUYAvrxRRQ7FcpoO7lgdtsxX/4xSkMAGPPK0906BMCo0TXGqlIJ4b2Ucm7PniYWRkCXej8S0pVxNl4G5GFxxTac1Cyu61aYcljGDo4fYJv82cDbYdJ/HoZ34IxFb8L6/SVjMqXnpB2URLgQRQKldxiQ43df94k0QZQu+kKBFl/TfiSAf8sNxMC2bA79P6twL3NA5+jz93DucuEhtx/GjHpi2uypaNrkM6ZzVRZSp2LNVdOA5zNT+hVEFrmet90WZXBG99KD4L4LcF5rY2y4BGFUiMVtkFRrDuePnJndYOu7EGVx/12coZQDcQ0ItLO+kvPsQ++r4ReR0EEilRo+Yk2OEzX2sCMzdTndpvrDgA3O9tNaPcIK+TTwLhiiOijcVDq6yscZY4y3TIpCuGkujAIfAAQlE=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>GDlDDIC072jRuL3KAH2SzVuq2kCh656pfhjH0r9posa9Pb1bP9A9BbPLfh2aJ8b8WziNYp6nkbAg3fFEflB4NGEU0S3lM5OSC+7xSED+f9U0+IPu1OclJkBmf9v+Q3Ykqb7x3/rinpYicjbcKlyw6fWRF7TWuIebmBGtrviodgLrQS5fShhBKMcAqYUVKNUgUXEXRwy38SmeTGopUF+XCG2jdq05qSnAUZMVcn4WaB94V6aIJ7OltBrJDgDxL9RD2+dR2nWd/dya+hCxWU3mtt1uiYW9Z2fmSUR1G1c3ZLERHTzTjED95kFUkbT4GtlKJ/pZHYGDZyNRP5d4SL8YtId7xVyal4jojiwIA26uzqB6udOClYpnjS0TKlVcohyNyGTuanuXAd37MYjSXNkzyvXwc0aFx+SsLL8ArNEHrZukP7IWoZCMG7Yt4p+erQQOYHVCYpuGxuizVAewSwp7YMEcjvFrLzunywdQk7ZBUC2keiOUp+OiiAg6vJTBk9z9pADhHmztMpaOIj8Zm0PHQCM+IR1ltREXxSRo5j4p2lnbNCeU+s7CgrNf84GbNB7AIWoURt/wWJ0BNxddKNjZ/t8bRQntCRa9vCYR5B0CmaY5g8vUwTwp5tLu1J2aD7uQNkMthaXhDIx9WFv8hO/WolqJPjhElfraYNZAmbnj3jPKs+RdaVkBg6171R4K81dHsDBGjVPG51vPc36Upm3qzjjY+VY1BAzCJXKVCTsrmhujrw0fR7FlQqDqA7wtE1IqB1QLeuhUB1ERT5lltqIo507y/Ww4CbzAs/asVczDaHutgTqpBmhpmy5YPP+W9cVhEG4YR5MKT0pZHukEz3j+I9EWP4e/kOYBdKxQDSXRRotf3Oy4uqIVu58pyPMAaMHIwQf5zK30a5O4JDy3QwMQwQtBode8uAvu6PlG6ZhBVYWrhn4xreaNq5Oa8kf7TDp7nncvD+s4tf3C6j6BbiBI03WlSXc62SmbCibz1x61xshKReBXiuGOXPvo6IFWDU81KJRSK+0+TXXX6ETHDH9/tchvr7RH/G+KXHQFgdydW2NFtEpaFYC020P/egUk71Hmk+s+SVJrLcylK2BnImVxMX5kMJdLFDqAGNEKW92kbIYK1oKjEJhaw3Pd94oOAfbPlfHB+s0ix9ukhbVNraIenEeVoVCe6jm97eWc+MFDU+na2WBxbm99UWJo34OUJB14idHTLipiBHbPNf4LDDkC1QehLR/03c3NwiwlBxq64oIsajiSMpddQDW/WKM7f9FXNYu0n/yxZw2aMOqaFUjl0irypXqvzw4UXTC3Ktd+RDFlVNZtsdBKQEZhjRooGt9tg05PKet+iV1vX8nMpzawsexydQkzyW5n3JcYX/LFTSdYP5UfbqIT38ryDajpASScRj51NGFdqBxy9kxgcKiNGJRNet6AhAYSGuLZbohKv2BfXDaRBp3Rs8q8TI0ceI2NKFeDjS3JMRzNY1Mt4Lq/hoNptddisthbVyBy6scyBwAwwuWexpH1z+Bwy/fIlvwrpE7OBkTaOwJm3EYU7caJKinEFSASUQF+MAre0Bx/zeiQMcKQjbEx3w3GawJ0SghHgiVz5vmu9I7SeB6JM2jFV4fUDbSZFkt3PlRmIhuxXlL7u/cZu74NFCTDew1cq78flSx2IkIjbsDm3L/1UCDrWFiLh8qf+G+wxain3lNFztGM86mva0TRfQ2VVlA0I/HmZw6P8OMiq1WbyrdMuBXNCDd5UoJqJdpqcb/yQ1jy9lR6bosZUyuU/jmP4PqfVOsdtILSxamqfMlJOewiu/gUN71OQZvDSlOKaEjhvgO3TScTb5gRpSD0e4AHQ5RymxbG+LFwNhl8KIAR41Szp9SEGUUOYqyFamp/ybS9VjW2pPUyXQPH6wUATY1pfzsvAzUiWU0ZW4z+Tw8ZjSWcM9jm/natQKoik7mVb33FlHysg7fdeCqT3jzxxwyst+OrZ8Str2/7tRXs2BTEB1yWhcGn5cQ/esiod2bgxwYXtf+dX3+EnncrLdaOkRsMJ0NgDyLGACL2pB8KPkUEPVq8KeadllQpGG1r3EqaMBEsL9I8IEApNNtzkFk0mhDliGf3Zt0aKKQPus03YQ9tt5xKRwiZus+sDNIRQt3Svrb0HQSJ9lMHBaiHFD+s2zM8pUHdSRi3MS+HlBdQ7NkIIOeHmHIj42olzeUp4v/EsDvZp+8NjQCFewGfleptnA94JH6klSGHhwk3NqFlaoNFfpnsNWAPdFoKMEEqcK5f2o5pdCyxpuTkN3Jm6xYwxa2zQ7KG0XPO//N/DeMpZyULlBGZFDKyBbqAa2FofEeMan7E09PwBQc/Kr+BTJG6jQPgK+YdsuuFyDRL7m3Ev4dWNYiJz4/2dlpKalk/J5ITfLzQvaZ87scYC8b8zcJod5IxQckduoQn3eICMcodRYG8cmlRnr5+dPWRsInMEe30mg52xasA50f/5l8D8iphvNCXnSFYGqlTCRefFp8Vk49l3JPTccb/gJJq9xlcJbhOEpIY3edxWfJBepZ0JQ30PLCwnwLMfcDyvGMS+NKJYajyaqREJmL+gxdDg4+kJuVp98/DUhZYFVUgb3zMvt9QEcsPzJMn9dFHrl6DlSttAFvcBiqlKP+fZqGXGqznwtCQsqv8MjtXEe8un9hjSmQFxg3HU5YE/9KZQ3t48CwjKYUDxlGQVuyXuulFiBvTBq7kOHiiUiKQC8n/I7ESZHIKfLxBf0cSUm+Yrfrvt/MsY5vfjEQnArCd3h5Aj2qDUYeNEzW8H1V68DLNBfYd7WMjRSoYy7LYmMafDolVFwPVSzuPBE7tmzF9p6wtMKBDab/bnBzGoOxeoaQirmFfYnoyUejjaMKh9+joxPeR2MKIXuyu8nPCn1a9VM5J1I3sXx8FGfaZw+tmYmtrhahAboX7eWHyILchvUeBxbeURqkVzyYLYkIdeXJt3/AWtYb/cBTlKHzZ6dJ3mSNzFxSmF4hNMl/W5J8ZLkNR6AOpp7mVFSFu30RgMipi50xV1qoGXumhy8jMXdWyZCdvnlqPl7p271YcSDNFZdz6gZAp1/H7RyoRKVVzPJwQg1MwxNZ9G1CGgFIWDoZHCKhRmBEQcMreY6mt+Z5txzpZsB+uofbUPGyDn0kD2NPwR3o9NcBdwOzhHEWZFaggwBRDSTiM1CK3mT6xcrJ4eNUKGKt7ArzESXzuVGFSxDhvCgVb0njI4YIuMrc7+r76JUt/lRMdQaeKeAlxAY0Bg8VUQjZeVPiBQ5oja9lWc/6cIlp8/Ytjp5BKb45HvQ0L1rQXdHNPvXEnvc/DqJTQhEFIRi8eQewR5Tiy+83/vfLodHI/z5AxdC51P5SX7Cm6VL1pWulrr1vYsvwl0fa4ShUq1s0os3Gfb/DD/INQ/nQTDyaLM3SuQBfNLSMn955LAFl3QlD6bY+/llu5zq9l6NypMyoNpUyASqsf3qHagnacLAHcPC8WWyodgBGOasuAP/vP5hcSGhEt1HZICXnSNPy7yeNm/n8rpFXGu6jHO43NfOHR8EoAcXMKHfgQY9ZHEmD/8TJGmEXxrEMgmUDzBUo7DTe+wBpks0xPPWbN8xYEXHjUNWk8Wn3inuTDWCIDhZPpfv+Nz0UKjhHEIXMjnDR4GSnIntyTxVhY0ofOWG0UrE5bO+EWRXRYOX/Km4JBfQ6cvIZSknY6ZfF0xzI8rA6XZx/igxFhbaeWc7CFZFds/OVWx5uTK5+v3rwoUMwlX0cf5jUlkLc2GxfHzRJTS/6SwfS1z0XGAeVuJwf6iVW+DCyCLEck19CozkOzR4cCB70V67xuaEogNQPFw7qOk5Hmee2avYqXE9dyQMeR2WqnEwydeEsrR5s4K80miae8EkYeff6lBHAdUqF6ycJgkScEu7zOgtgv/ZQACTHHr24tZe2ahtMRSmIBWFBNN/ICL/PmJ8su1oV31iL9Q5jUuUUcUNdd+AwbKPcksGSWNmWseeBaxQ+gX/Tefs5RdPGP7cmpLuhgEMN/PM9zV6PYWKEga+Hsi2F4aBQZRkH7+91tVpraxM0itWzaUImsC+a90SFPNFU/axrBToboh5hmdbWQW0pyTDTjOUYq35F/70bP9AESZETY9m4PHEU5BV1SFZiZ48U0upa/B2okxLJRKOkaoR7anMagLRgOi8rZzzp/t0fksHOfrrHUNbZ7ZFU8qq8q9gIdmOzKuPWTpfh0vkL7cC+CeEca5hia6wBUrcbPdbzpFOF2zoeEJSxfDdAVJT/lbkJh2L3uO56xaUgGma/Cb6FEoXJBS9cNUxDMkC6tnWuBW7Jh5j46US5XK5Sy+7DSKajsQAXYb4+zQBKiB23hZi2U7Y6XTkIiB8a9J2desabE9mLwD2HvJ0QXCzIJk07DoROFZn+wlMz5ytHYaUB8y1O95289pffJ6Q6m+IM+HUOGZR5qvwDLAxtnJCrT0CSoW441fBqFrntl4ss5Wg9eaFZWQuZwEsQ4Z42ex+Z9sR9w0wgAEIOL8NHpqcB+mCc5uu61enUBhQQgsVMPyyUzVBO8oqtWBeDDIkNf733ZiT4b1toqeepamk+HDpxhnzLNkjqKMhBXF8vaT9LFTrY+D4dM7nf1h2wWnjzGXZ67Wj2UX1ZO8vLlSD92XVBl3y8TY1r/H5sqVqu2F0zBt25lAEkZ1aLWtE6PyakgblBVOS6XtWep34x9ZCU+3/UGrrFNqi0S4g3VnetrawsZ1lmNukQ9DnywRtpNxZ3Tl8WibmRyQEswHWu0ZwiIJxZHli5TsLo7JpkrXuiHMUnVFzX3rYEmw9U8L/ldHt8IyK8RNMKaL/Y701mmiILSLUtIfHTB5Wi6LcBV1CYLml+zEzw9M8rtRsWdVfF+q3C2gsyw9jNmmPkxPFu/uOeNAMk2I3U3mD1zPJEkkfpJQAnbCXdb/Qxl7mK1dHlFZRqOopzVIhyFt19rvzrP/QI5rkhJVvFtW3yvhedCJL99x/Kmly21Zj2Hg/ifVIW6njcLw456EN+tS5Ff3dS3npptQ0DH0eELaK2ZRSFVfsdZZxEAP0uBGlAsyeEl3zeM8F0ehWvd5RBSrl271m6PJVXM1zeyMPCUdePqZ/5Xj3C9RyKQTs2udliINntG9sSafV7iwdv1D5mohS2DEtCapGJf6MpZ8+UeBnXRcWEMGcMTHlWi+0YRsP/FcCzgMCC7y1bHeCPeNrciqmfa2+27w3Uu+s2a3s/s8LmOZAczRZGGNFezudsjZdIQswuA4t/mYVAjFBNo9W44H1FdZynI7Ww4z5RVHRtUUJd56JfgjmWbjh+Pyd2R794U1Bb6ncSy37MOohUfKuQKHUCFR3BTRZ7jR6BuGKg1gVQG4l3CqVNUlU9rLf/AKG8r+PjAhrFN2KlU3O23u34TmpziLkuBBfKZh6GDZh99m19u1TF0Hnwq+FZ8+jCpxLQJaadIX/1HPQ7iC4DPNDqVoQDvKaTliTq7AjDb7gMRTgvkNwMMET46JjTFR0dn9/fWaM4ns4i43W4iQrD69H0tQB0w+scot5RPDYSy5EFxRbRQEpgiiCFNCMf+Wjj0dQQnysU0iJHD7gbAYyZoPhOcaW3p00ggBQU8cSWKmGpLf3H/EGs78tKkK+yrpFdb98lgw3I/Oaq1KXrHTcSqYe9HlZCH25jqJnzmGtQWJUJAnLLiGSrJaK4SeTgrowIQQGQKiKpknjc2u78ZTTsBUbaCTscyJDqYeZg0ltBjk9ZE/ismJsOENGcpdPLdFz7FAPns+6JTFEJZljFW6/9xYKB02fHTykmIjnkkHFI0GyKJUtSjWvMs8qRWZrliQc51h1f4XyNXVSokmx2BNpqAnAewX9LiSNhZu1SSyDkjHhw1edoDHjuCZEpiSjyMLhL1diHH5ngMj/re1nlSw7FGWzbEvG+X2vvIFJOAPPsas8Uwz11/OPDrtFkxW+567wFJqbo9NHXP7CTtnhFldLD5iFFwzC9/WdmNoBAWufIM6ccnLezQEvqZhkNYgEXZk3aUGnKXAo+eOYFOMQsBwxS+FzoLkT41GNSG/MwFj/1ruI0/ys9jt+/t1anHrgy5XjE+tljBnfvM2q4D4T7vEiSacneMrk3vmnnNJoMlKjX3kQfjqjUz4L+pdxQKPGBQVUH/7fScz7PLcAo0brHxroAHQkUa04/d2T1gw9gjmHrkoVWZ7x8L726P701Azj5hx2jK6+QpQR0JNdwOYQSzcjZ4QtL2IAYeFPHxsa3ngduI44GXzV4qqpVl5aGxrnRaQj78UjO7no3fEkQlqzncSSPmqDAY0bkV91THLxugv1eSu63GkRWmeK6ArKDhrmODNGKzOVIXCF01Ldxtn6DkrlxoMD1Lbl3tfCvTNKHu9+2GeiOGk1veneq2y8k1UewPCM5iiSiLtxa8N5cZb2f1Cit1mgHUijWJyFbNlJ9IwCoECPPX3xMA7WThO+rl3Z0FLoLiQGKZAH1+Ap4lrYi4bWCKWcoyUHQOCJl/LO9C3W3uZxOYnreciacGFc/FrjuHb5sSaS0VWGs7GWMJonYrEs0lMzXVQiO9RgzN0/EtdZltKVpPFWfMbcLxZ4cWSDP6Vvb1rO7s9BwdwqUQpKyOGV0hHUwSTuqrbmSAwv16xO9qZfdPR4I4lTfFSRa1tvdweoeCmfUwIzOuNngb9b4nJSKzOtLb+PUSkdYT/yJhmMMuWPHWXmP3X1OQZRrNNkmRyiiRfKKfeiHAM56yIhud2GBorR18SoM+JA2tuapRU/uoeGo0ild0G0TKyl/LnZrQsHCCYaqEthYzONWfn6AMSdLUgfMe0X/9b/x7cF1qXa9adpcvHa2VYp+ZIuifjO3gbQ3/ljbeCfUzBnpwcYKzIiKmguII9CkbgNn9JmglAemXbWtTWPCmz7TriHFs8RT97d9mP4SawXVmQPalX3M1/7BdjZXcCSrRtw5qgMUlxdChTH2WZ4Y/z2KBtz+6aXgXu6c9c9rPYqZrP1ufEQwLtuHItIvZFV3Gl3ht+Nibuu0QjgYjQbm9vWC20ZGZ6bNfY2dEhZ3CxAiQt0xSv6h3ZZadk3QIEYymQmLmS/D6jsIVNii62g9qZ8ztsZSs/2/r98rNdCp65MpRSiQChxCnl6A/WMMhJn/QnCRf9Enl/8ULOnV+m6lCAVGmb4HgoNCd1srpbLVy50AUpSq9aIKvayCyngTBTBAQW7veljUmcodRE5NQy0cLVXTA2WHK+0tH2GbjuBjc32QRyR/M29PnBDES2+rVvqk+c2wjEXea7ksa0SD6mmHyMmJUcMKE+fTSUaxvM7bjQ5xffI+aOpW4R4kNSQmlQIEAveHSAyCW/gYwu8NFsZKuaE0rviekzq/tvRJwSCo95kVOsFABbCMymtcj9vFjx/ynYsvsey+j57P1j7Qe8NNdB4a3BnNgBiBfXr3/W9lCAN0l3P+sEdEQaagw+imtv1RgwswgRBBRyHPY/M/nIw2fhGsdoaBdMEFS5j7L83E5MjaebxBGtPePgj3T4mQ40zj8OdrCXGe6iNStima6LQyH59DoIw8HfyP2arFUe5KFcu9fioWm4j1OyEnl5+LwjftMs2FgY3GbjdVCT3QnGjXvh6EutNCDvh52ePT+wylBXZlCH7xNHWpXWM8D06iA6kQ5cvJeenWsHjqXC1lsahr7QrTogAuMM/4mKe4STYxfuYLItIbr4E4abrV/8/uvFsnef8pkdevza+QV5M514mxoz0kD9Ui92Nqqv3KbOIaF8LFOm88/oERoj+YNKYfuDGhEtJbxkMHe2AJxJmjKQ3V1xIVifoWFAGojzSyMzSX4BCDbv8xxB4J3J1NB9lN5h7qaxA37LVQul+kLL3acOytvbfKA9dUMC7LZSDN+PzNfojwcfH5gC1tT9AQTyTYaNk9EOyou4QuD7w/s18TtXInGAsJINggL5/KcvlAMJzoQL8/Ir/jgQWB3FrDvGwjjdXEHMUKWJIq9nxWciG6T0dxuyZaj8UzZNZXUfQWCxePMvkaLpbg1mAD3z8RxFN88BI+ioHK+/xPP96EWzwOO3gmq26ccO4adriOTXDKAIJPNx/H5z6eYUK6xd+E765Caw+9Jh/glv+SvzM0ZK3tXvF+cbtzcntuSs5unVE1y1kJZYlmabzwfpd2+nZlwAdJQIDrkxs0NTCaEmFwH4m4mBHEmFGDVaAFcXHp91bWy+bHjyXOCffgHfO5s8j40zg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-12-12 11:01:29,447 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:01:29,447 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110129Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_iruk84gantlgtidirxvx9fga5jmraljz9ijt|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_ea26db41d84b4c2cde20220b6e3fd740|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxcTpqkHdQa5HqCuompRnyxhaQF5uF/poEw9pgtK+sleeiFFrSkV32p//MaQiH81gEBTEL94l5eCA99n9tj0Hf6ZmwjfOTnEu4rREKbifL5JfdOtEca1byhU4g8f1VTgwnxjDEL+B2|_6d4a74a103fbc5514f22ede4bbef8b5a|
2019-12-12 11:01:31,557 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:31,557 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9" IsPassive="false"
            IssueInstant="2019-12-12T11:01:30.764Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>NygP4RMK9Xg7MsTW+9FUOnIjPGw=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>fC1XC05uhzLWK8HB3Da902Cbrc6gB6ch1q9+34nKQqCzr2A4oe+w5xkUrrcLX9kdi4JWC7TTjp1i9VVWhFXgBoGKSUVNeT2Ne3RPwZ7F31ukZo3zQaXQtAgdjKg8w4Zl1LqsupcWoM/VopaQzHVtLVUEMcUA69JFPu2GEDWZcXMJxTrO+MUcxfbaV+itJdiqPQ62thFAvq3YoMAfhU2L6IjfxuD0sOK0JQKOi8Jr7s+WBrX9QH96Ar35ri5OwBYSilv6ClxbhzsAgKelQPFfG9SG/kAllXaUGzU2XXYpq1Ra3Bs/3jOR4t1njQZUAphkNrzbWYZq6+1N7aTds4016pyBVgU2mIW17wCGCu28WqyFMp3/kgjQNe0yOFio2OW8N3ADsEScDB4mYxKfnTnATOP26OlVy+yMnNxmkfdJaD0wdHh5gmIAxImzxzqaLt1F+Qaev3PZccdBx/DIBhnAR9Zpk19wcqg4HDFgL3wGWRi0ARbJanmKodyFQOkvL+uM2MODHtMTYlyvZlUnK7XoRNBBe/PfjmUdX/WcEgGZ1dFjzG4H8tZKXCYRe222R701PQc9bRuxIxuhwcTzLeszLIRRAP2iMdJFN9vh2N/CZpldamZHrVc7x8/4NwzHW4KlkD/vkUn4rIkZsB4ZtpqM7bLCv2rIzNC8faBWfBGqOfk=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2019-12-12 11:01:31,558 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:31,558 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:31,558 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:31,558 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:31,558 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:01:31,558 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:01:31,558 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:01:31,558 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2019-12-12 11:01:31,559 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-12-12 11:01:31,559 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9', issue instant '2019-12-12T11:01:30.764Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:31,559 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-12-12 11:01:31,559 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2019-12-12 11:01:31,559 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2019-12-12 11:01:31,559 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:01:31,559 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9"
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6kk4o7vv08lho8qofylejzlcepbyarnzvvk9 and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9"
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6kk4o7vv08lho8qofylejzlcepbyarnzvvk9 and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9"
2019-12-12 11:01:31,560 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:01:31,560 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:31,560 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2019-12-12 11:01:31,560 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:01:31,560 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:01:31,560 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:01:31,560 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:01:31,561 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-12-12 11:01:31,561 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:01:31,561 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:01:31,561 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:01:31,561 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:01:31,561 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:31,561 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:31,562 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:01:31,562 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:01:31,562 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:01:31,562 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:01:31,562 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2019-12-12 11:01:31,562 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-12-12 11:01:31,562 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:31,562 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:31,562 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:01:31,562 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:01:31,563 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2019-12-12 11:01:31,563 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2019-12-12 11:01:31,563 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:01:31.563Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:01:31,563 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:01:31,563 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:01:31,564 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@992199161::identifier=rick, context=org.apache.velocity.VelocityContext@34100c41]
2019-12-12 11:01:31,565 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@992199161::identifier=rick, context=org.apache.velocity.VelocityContext@34100c41]
2019-12-12 11:01:31,567 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 0d1385288064a80f18fa27d8b52cb2e4ebc42f1fb389d879acdad5ad8b9b6e58 for principal rick
2019-12-12 11:01:31,567 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 0d1385288064a80f18fa27d8b52cb2e4ebc42f1fb389d879acdad5ad8b9b6e58
2019-12-12 11:01:31,568 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:01:31,569 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:01:31,570 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:01:31,570 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:01:31,571 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:01:31,571 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6
2019-12-12 11:01:31,571 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6 to Response _3c84ebd15abafb76a11994ddd7341dc7
2019-12-12 11:01:31,571 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:01:31,572 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:01:31,573 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:01:31,573 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:31,573 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:31,573 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:31,573 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx6RuPDwQ47yoJoE6jy5XIHaruDjSz2J+1LS6yDp04z/4g+VIVimeTbmuQR4x4/TBrNyh+SAQ1ww5pYcNwsMY6XoKasMeBHS/ZeFa+VlTKYo5B99Yy1vInbLrgIFi0PNSqdjxV3ygf with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.34.32
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _6kk4o7vv08lho8qofylejzlcepbyarnzvvk9
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6 did not already contain Conditions, one was added
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:06:31.570Z, to Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6
2019-12-12 11:01:31,574 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6 already contained Conditions, nothing was done
2019-12-12 11:01:31,575 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:01:31,575 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6 already contained Conditions, nothing was done
2019-12-12 11:01:31,575 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:01:31,575 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2019-12-12 11:01:31,575 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6
2019-12-12 11:01:31,575 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _76eabbf5dfdd76ee74c3f11d34cebfc6 did not already contain Advice, one was added
2019-12-12 11:01:31,576 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 0d1385288064a80f18fa27d8b52cb2e4ebc42f1fb389d879acdad5ad8b9b6e58
2019-12-12 11:01:31,576 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 0d1385288064a80f18fa27d8b52cb2e4ebc42f1fb389d879acdad5ad8b9b6e58
2019-12-12 11:01:31,576 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:01:31,576 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQx6RuPDwQ47yoJoE6jy5XIHaruDjSz2J+1LS6yDp04z/4g+VIVimeTbmuQR4x4/TBrNyh+SAQ1ww5pYcNwsMY6XoKasMeBHS/ZeFa+VlTKYo5B99Yy1vInbLrgIFi0PNSqdjxV3ygf
2019-12-12 11:01:31,576 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:01:31,576 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:01:31,577 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_76eabbf5dfdd76ee74c3f11d34cebfc6"
2019-12-12 11:01:31,577 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _76eabbf5dfdd76ee74c3f11d34cebfc6 and Element was [saml2:Assertion: null]
2019-12-12 11:01:31,577 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_76eabbf5dfdd76ee74c3f11d34cebfc6"
2019-12-12 11:01:31,577 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _76eabbf5dfdd76ee74c3f11d34cebfc6 and Element was [saml2:Assertion: null]
2019-12-12 11:01:31,579 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_3c84ebd15abafb76a11994ddd7341dc7"
    InResponseTo="_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9"
    IssueInstant="2019-12-12T11:01:31.570Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_76eabbf5dfdd76ee74c3f11d34cebfc6"
        IssueInstant="2019-12-12T11:01:31.570Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_76eabbf5dfdd76ee74c3f11d34cebfc6">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ACjOH9MsfAXml+etSqLLsrR7bvJ5on6jm328D6e8WDc=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>bolCFjySUPVbUtioElc5Oey06yOxGuixMoIzw9R0few4CrO5Ql6S3X4F5ZKvKFbM38anwYOrTR4cBDn2M1yaXu2kviRmqBYRTJwpc43uio0WQ1SZoJO9PmlFyZxkhBzFLqunnNySZkDLt9iipVqtRUFVGs4sZGBcv361VCvdwHdghB46bfMDIJ0gsWoZoJrTvGD7wgSVHl/eLQ2dqkAUuNaXg8O81BTphM3q7HgO6BzdEIJE6p/0S2qWPelc0chKLCMpsKvuhpuMZ6qOODYD89tzV5LQZ+lCGtsDMC6aQl6DSwreQcy6mNLVbGqU3nLQ1XptZ4ULPHcrps0zETmUMQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx6RuPDwQ47yoJoE6jy5XIHaruDjSz2J+1LS6yDp04z/4g+VIVimeTbmuQR4x4/TBrNyh+SAQ1ww5pYcNwsMY6XoKasMeBHS/ZeFa+VlTKYo5B99Yy1vInbLrgIFi0PNSqdjxV3ygf</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.34.32"
                    InResponseTo="_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9"
                    NotOnOrAfter="2019-12-12T11:06:31.574Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:01:31.570Z" NotOnOrAfter="2019-12-12T11:06:31.570Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">LGTZRPQvjA6vxelqJNGar5Y9oNCYcSrCluZ0EUn/IFc=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:01:31.567Z" SessionIndex="_e17962c8f0d8584c60cb87c0205d7909">
            <saml2:SubjectLocality Address="172.31.34.32"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:01:31,581 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-12-12 11:01:31,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-12-12 11:01:31,581 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3c84ebd15abafb76a11994ddd7341dc7"
2019-12-12 11:01:31,581 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3c84ebd15abafb76a11994ddd7341dc7 and Element was [saml2p:Response: null]
2019-12-12 11:01:31,581 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3c84ebd15abafb76a11994ddd7341dc7"
2019-12-12 11:01:31,581 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3c84ebd15abafb76a11994ddd7341dc7 and Element was [saml2p:Response: null]
2019-12-12 11:01:31,583 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-12-12 11:01:31,584 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">LGTZRPQvjA6vxelqJNGar5Y9oNCYcSrCluZ0EUn/IFc=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_3c84ebd15abafb76a11994ddd7341dc7"
            InResponseTo="_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9"
            IssueInstant="2019-12-12T11:01:31.570Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_3c84ebd15abafb76a11994ddd7341dc7">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>mU/KBMxxEaPR5/dr2M0lveeu3JGpi1wVxXhDaprZdm4=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>KrtToLKICva9Ufe8wtcVAAkdSAi64LxVOddKlCAK/syxoNcVUYLOcd7iK7xKxtnzbybimiQVXyELN6FWGfrGcSqmwMS6f4Cvvtm/0+3bc/QfV90MQKfzWC/qUSn7J5x95cVo1RJllmYz8fWOqADETt4zk/LiePeylpT1lFyKaMu33AyLDaYchdC/s2aHsINKtYPL2K8Gk5dI7GmDcjv3Omiekn9x9SH3ZiD+g6gkpsqimAEYbm7KBa/S/vF6T9UWXhONGx8Isy0hbSFndbeGKl3gilONlDVfSbZKuz57cVG70Ifyez+CAX42HAsEgMHgu/mOVQhek9RRQhSbORzSbQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_c07b52b53b5850ffd808c0719c63971c"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_024ec9b34b02d85ddecff4c8c70a3e68"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>ujLW8rvooXKmm852IxNbtpAz2wB3Oh7H/BHgMY9V93SNtp4sCIaFt0IRBxRHfd3b42mdNzhhrgmTnLlPBgpdDXhRc3WPyd5z8jks1ys3DmF94nedw6zi/G6IudeQr8C3AnXPhenlbIZQrngR1sIKBjg+qEtRPj9OTeyYVvRx5mepC0IkR3rj6WSTNIEChKwkixwrWDOI06y5E/aKZsFTg987Pi8PqRxfcBs2EQDlDL0fk362Sa26Exdvy0rXjXZtPFMtj38MZRwjEbMUfSs/Nh8aspvYC7RyPk7py/RsObL24zbCm382KLjMxEgaf5iheKsAGwXu/mEJiy6ZRbYEy8/zGgc+iopVhOCI/mSlTB+hdzswbpCgBuoL+T04tYLs/xysNVpHv2nVmhbi/ut9sMNymQW79B+XWirZeGUvChFI9jvdHAYUyMTbVuR7oQSdGJjWhktjlaD2tba5PxqxFGYXS/+SgMZwW2urhj9j1CDeBSKTYrUHkd+S9yax1pi35w1iPH0vyF8ybksmMDm5lVKV/gTkZvyaDQt1ssKMu6BgRwIiCWlsJ43GcG2s1jEpv6XOjq+IDdIJZPV1tmbMb16T1Ia7RZuI58ZGbedn0FhB8uV7htq4RZAIaGL2hACbDvGAJyUE6jsJ63S11Ny5jcXoXfM2bNzFsra1gceB6R8=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>i23l1qLb0pM7LGnRJMc0ucr6SQLkdZWBVuRZqeY21jWYN+DSqU9HwkRMm1Ltv7jllvmL+72LCfRcvXXuyP/EFCHhuHoRFbtM10csPi/Bjj205Atgr7apCwNGuy9GeTdZHqbPRTSJ7yTr8xGAsPRp5+0LOKeQE6TPVcd4fjZAEw1JIK9m1sC6uP2T6ipWyBQDj7/OhH3Drwu0Jjv4aBrdFZ4KEV7apX20eWKVHZ6XRJk93VeFxAftq0j3zmS6FkpPFjK1whdJZAyfDNbQs+UmU6zMJ8FcurG+mU5mk/5HSyoqQgLod37ylsyKIzcNQrA286eBgaGEFnmMTGWSNEe0wV443dX+X/WdkVXBdvC8xL2DeoN4xoMoPTK3WH2mmWrB11HOV2j++pcs6W+Wc0Sht9R2dUUKAyqqImOq3KjUw0W6mhTbc8PoubTJPpBiHfoqSOyRqcIY+fS6kBWojLR1i0X5FgnYEMNGNmKw5NqEmmmdMdu0sp+WtDcw7ui3JA0syD5+m6yJZo/QRJwcfiTP91DtTZslS3noVBQ8G597tspDHg9zrWIgNsTge02mlWnC8Z5suuiKJDBouvtMfTKzmTVdsk4D0ZsapeBB4oeuUOfVcugma1V+W8I0mvSpvksMOwsre9mcpaWm6qkEehd894QwuclRpunKMlFt9cbRTLsh0MSAvsX2NA1sI+ggSqpfoeruKtRQPQa7l3Nesd8NRAq5gK6J18NPT822fHClzyRVxu3iX1ITJ1ZuRUtvhac2Q4OrFNojNSJg1HejcXiE5wbAMJQyfbuPUfzcIEt/VCwZzv2jl2dLmDmxICVVw02KKSjZxpUCIff7q0aA4KahtOjvfQWoyoInMlpyAdgNrm8XsMrO9hvR6f+PPjlUwMOYNpHEBW+bIjo7zEbGb6/DQ3mfEVyBCpETZV+xtJMibuvl32uba98NQxND4LLchu3wnm79+xZ9Hx26VdegomLaR8E5RVyBGZxiYfBb0KAiEWNFFegnCHqkoWhBByhMcZhzsUojgki1Iz43eYKobjNQmtPwqnhgDgyE/HAeQKrXb5EeeaYR1CzR/IEHY3wHSxHk3tGpy/PabQHo0/2V3juWU+Ciqe8zS/cLM0tQLfPebMAtp/o+5o7CSh5glFlOgsPVNiDGZzWhWGQEMDDUlh+bguCx0I4VmWsaxn5BokoYg9xtnS4rMYyQ2HMvdDvKAUogV5O9jWvEZ/7KqDjz0Qfc+bh6VQhqlEK11CrZ9fV6WMo70cFLM3AlOhZIEePr4lagR16vkYqVNCAb1YPP0CPEUUcfnqH/oNsc+SxUjd/EC/xAImoZMNQLr4fpGfyyXpHtyd6j59qFfBWR2+4O8wVau3L3qRFdY1D+TvUrLBkgqLVKMtUK8AeHl2/RY9HAQa01TRyrFzeaxO8rlq3DoM+Rzp0YDtz2Vf1CyyzdT1NR9awe6bOWK1/emBn3KUC6VJwtqhilLcx81xyOeoGq3ZbV7p63ydUM9M2lE+nj4GBJ/4BHI616c7BYk5fOJN7vsFy8CYugen+PzaHNmattjxrkmS20O8lvC8pmU1RoWtz2adCzlN/OCp4k9yGum7Xz41s8qPxUn3MOG4DwVtan5h8sGkuv7V6sPY8/5NH5d+6ahrvCorlRphem4+K94YdLSqq/TwDfIUokArWFjIl1MxPsBZ7BcZAPwoo+t3YaAsGr5UVhijOIs+KU+hlu5KCqsL1urbhR3EH0jW01r3K/4rAc3CxAryAi87JqhI6q4S7uD75ILw6squlDfHs/r4giQ87GPCqK81wp8frzz4DX58NoR0IE75++xbuQCn+cUyyLnB/qDpOWDLVBPXtGYwA9e1/OeDvvYdOYDwgM6kbH6L7vB1PVYPOF+ubBkkpeFpFOOGO3G7G3egXjL8dMCLOjtUPUL/D8CVEqTcvwTAW0bXznQVc9/8C2EKHGwM3C1DJCB1UovEmRFEsmvEa2q9ahvMK2CZb+RHBSrZfxv6q7wdv2jyjBnbGPsNpOBJL6CN6U/fnbR2KIwBfpxmKRWffj2P3MNZlnhSaJqablDvtYTMc2Wffp1aU8jKStIIY7R+a2EqE1roo2oTPprRitFusSG7hFKCrQuuZapmImI8UWSct1E871Vgpjnn4TyLaKduAuhplkLqS8rSTsROWHLsmaIzzD9jNtv4Q7ASMI0yREnuVAo/P9DE59yQ/B2eJiqnEuWcyWgUVi8aMYZliB2x5g2I+4NrhY07PeQ8ziC4RBd83IURqOx1+s5rMHhE/MrpS0Md5FQzqITjsLWeM4nYEdV4TEQu78uRrERUWOkIB+uXgp7ryfnN9FMLdb3iDo+zxqYDs6a8dG9fK4jWhrj8I98CsAlz7q2rmQ+Of21R9cT2LyZ7JHyB6lIHBa47Ye1V9bqZgVzL2SL0N4VG+/xbqOi5e2NxEfCyCAj5W9rJc6Qq37kBhqieN5Ib69ucicZY63BW2QvlSkjoivZ/fas13arEoDALsmeqsumLGJgNj4ZYzr13bDvYXMr3Ze0BwGdwSLkbkeeT5wmfwOi+J3deozmbMcaaxka93bST6Oj6948b0DE6/UAv8mNeYjDzVUwR4gtnniv0uaJNUr5K6YUpW6Y6xmM8Ero2mrAWsc4eeshKD42EttMqmcQG77rBM/XSRoeFkcTR1n9Vb+RAAxg2DDfEOZe9T8kFwmIeE8yohCr7quaUbXsiLNrOF+Jiz7eykWxJY6IGAmDb+pOLsq9hiajdOhYE//zYWdsJUBLNUb+ProSK9DF4VMeG62xXbRaFVsyTmoEYhcoWu25rWzIu7UeX+rkKZyeWaVfdAW6JS2hdReW2YYuwLBKAJBmiKDhqkihBLBZUA6x/chL1OfNDpQi0ViqbxJTGEAMR6i+ayGQRYdPjLdUy7NeyWJNOyc0XfDO4wi3X8YlkyvcggVJCIYrUqv7mClVq392w6H8Z5lLMjEQ7JZDCNjEs/XDmkE7hhS6ILsR+y7f28vOnbqi1PAY6TBPhDwq8fGUiNUyRDkQaZZIAsL2zlPHYZ9pbC3CZkZnUZ7HwDhzpyDVH4iaQiDimVvKzUttMW8eLQyz6BUPM7YmGOka3j3PPHVE1OGr32pJk1uzM9wxJDlNI2cf6z063lRaJ/LnjAQzC+Tu4L6D4x9qSVtGp2nJvYED+QQ9ngBG1IIJ5WakujAxUgAxPal/u/XpiEq1SsQQ7t8kdwfbgYu6TY5rIKv2Y5L3AgXs700w1kTu63WXrNO+BWU0IDLjEUBixgHjr+x2lqAXU91f19+cyc41mKHK1Manq3LCIIW0qeDGXsPw3haXx+Ehcjxv3jWprNUxi7Xi1j0ThIndzNV6paPLH2EF0D8Tmid4kLZU0ZU/Mz/V3u7t8oqwhoEwR+txhRUW+BdM9Id0tCvA3Quzcgb0KLzAHkovqaAMQlyJR0ZqUSnrax1S6nPwSA/o7/MNTT22ZzMlhMde6hV2Fs9jy0txvbJtr3FI17It6LkQMMX5lCwklaz+4bVbq2jB7eWuoUlSqhV48hTP44rDOA/zSDv/4UnhAq7K3ufE6tNTYFvX4qcVYzQBPiCzj+aAdOyTeW+Si65Lot85qpNxJUzR+cwcIdJ3R0CjtxrCmAOJdM8MezRMcedxRxDa+j0NP2CLrH0w4H7VcayYukSxcxyQ5LjItB8y4Q6d0cmg1O5E1hLxfn3DXQxCG5CP7DQkcDLWGkRVZxS9AtkOn/PqzIUssis2T6kbqw1gzOqR8cUYIzO0V/cgVBF4aAHZl2Fc1SQKaA+md6rn+aDWBa7N1TPWj8H4YbC0dx/pNd41+tsBA7df5Vvb0YK9knjhGZpA97BL11ig0HssWu8nGQ22+44FHjSD7PKfMt6u0o5Wt4+BnuY9qR8HlOFdiAhlq717h34zyThxCVdvmFkuz5MMV0UzF/Jd2Z8I4Ctsmgj+lZFR3km8dvccXe5n3q9oZap/j3ECmsWlRrv0XkZp5ZemiEeBmpcKGyxWkHTHXvIeVrYc9OAmQq1JTc2XYXWk7Na1OnZq9rzfy6F8VjNpZFHG8PnJFowS6U0YCcfqGELTqFNDDccjRZjnJn6HCRh6gydunPiPRXE/mp1SqN7SeySTA5FqpYctkjM0U9a6hT/sEuD9lCuR/JefCg8JjAfzv32o57+RBVVpyenMz6/6qt84UCcBlaKf5vhjt/bwuWotQ1d9KAWaRDXcQazUoMItVCsH3p1sdqs+xcg+Ve5kNI9DSnQRvsILVIhUN120ftqs9VYY256CuBBx63sOQDhoU1WqcFJuh4eaetsVbjL/ZQ98YHY/b1aTtu3fAFaiItjIqCFlDfXirMyURCFfqKlliF4m4RTQCCqkY2hoNxGLPT2InrVYhhoJcdN/dP7hUUu7tjSplHGHQUtlXB9CFt08nfRQiJ02wVRWQsnD750mBQpOepO0jYC9xvLsktUs/3Wl5PllCP4MwlMJLOggH0zGKV4bX2rgHvLyUC2fdfEC5zXDDQGn62FiIOvixdLvb20XSpXjgqpQboICP6GYmiRPzllq6cX+VFEfmm3ofru9QDUofYN64fcIe5ObFkHZ/Xur5bBN4sbx0Wvb64c5sc2yzYI5HzP338eANdii6Fm4g2Dz3hM3jF24xY4vFBfS1wF2agEL3L++tdK9TQ45KM4AtKGmBQiz6CRjBkLVhhrknqDtuTLI4+lSsGPNwXN9HYJvVMyrcfCoO5/gglU/T2PJZi/VVswCogVt7Lyzz+P7PSScFsMXLiyvySHrTSIq+BRlbfebrLj9E5rIYf5b1c+0/QITY+OytiQyqG24VtvwMr6V9nL8kgAMKa9PDQkUZgV4rm1k/I9/ckxfP6d4caKaj7n7vXcX+yrhDxU4+beBxqxAIZTnvQ5dhbr++g1aseouSfpdaHTL5x69sX2drob+FZ+Ohc+Pvlug3kl37WcS3QxUCX3unKQHhvj9aZ8eVkWgBNqQ9uW5c1I5eDJeJusEj2UVia3XZuqFzJsXQIrr76tnwElV/F09/pypuqs3g9TxxJAimOhj5wSaeFMsLIBCTkWKCDRQPJHc+WLO///2IgOyqdOekoTZfdQFcGX0sDGbQhy8pMeEjWlA9T0ndLzdTC5glCkpzSh7E09eXKFR5siK2yw/uGzSPK+vPfmksC0DskGpIakQDnrkrRrVu4VlIe0ZqeDkJYnN/webqSD/dXCpOkDKTqO3UB2DDhrutEt7iccs0iPVu13amRtHjFEDn3P5brgdPUpXgw9ujBb8hDOeAt3bYRJu4YruXtNSMNVkVoQKieRRe6u5AdNhlffe8Xh41aUusqJNZm1kB57Sr8XQ1mDwTOOKBXNGEBTIeateOC1mOvAFQchQb/UsENCpCTxqCY/bzc2Ez+zIOfWz2Dik2q+YnyAJyeeMU4z4HW/cuEr4dSw8AAQl5PLqoWXgtJZeaoy0l0eMdq0LMeQ74VIc6VGVDxHxrGWv6Q/2Me1hIGJmq74En7q3kKNUPoOKLFgxUm6WADlwma4W7aBmDNXnLXgW7G//n62HMJcSxlMGKm/l0A1o0WsiDo7tNeMsa6Ui7luE4Eif7Qrk4H6ohFzCbOx5Ad+ZoaVVwOQD20ZWbV3gq5GZqGGh4DOFu+BvEictRf6g3Rby6ztx92ZFPvGZg4GNsffxIYTtJ8JeGfwVFdw1tD0+dTnkuF7ydyKWvDkbYUnQt5W8bdHGSHgfG10Wk0GtWR/LagyR8FC1RXBHkjFnofDv8Yud36Ju/q6UgXMiKzJrSeYPngIjmmvvY8lJl2kbFct9XoRb1oAYm5C7hu7DEWEQ1e5DJv9syK9s/m9WyDPIx/6zZ7XPw5DGAGaUNR6pJA4clUpNh6F86V01dZMaQfx/Qg7xUffBONEiyaMClBu0tWowx619Y6p0Q+Uj9VBjPqATkLpbo5d+Kj+0v+zNHxbaY6J9u5+gbGEs6W0hXfcweihdo0PMEZ6oDJuB8Nx1kY0qP1MjZrFA2Pal9na72igJA6dc4tNlk+8WVjF1V+LA1xWI6ZC3hQq2r48trEZXlg0awL2fd+okxBLRnfee0OHI8kOjvAQbh/C/1JZkfenbshIoHMlBXK/0Vw4RH4ZoQgz7AjrtnJHn2OuCZea8OpfmMcMTYgvd3hVhaJ7f9zhydCHJA8hP0D6QUWJqsCojcu+XWXFxiZ5UYngBU3mi+q07egU5Aaf7XmQoWV6QDjrGJIcocipcTB0IR+zNj1x782Y1bLMIk0nJwweyRe8I4MmTY9tbqcDYcZepUefskjXON4UpOq9vIuE93p3MPmY1a0CgSX5OjyOWz4e9qz3fZttfeD5bE9xS8d3oj5QGVBS5W+kET7lVkWkzFpTF8Ou3Vz6LVSOslPO7q1HrrDC6peWi9sqBOQ8FtRZD7qHKdeJQtTX5g/dEfMKuV3FNMvj1S6FJczyd3ZTgTSCAFfEZdq+9WOs68bVWOte8uuxf+HJ1PAiilFtrri1q0/ja7PSUVv7M7EMgPQeoDR+i0I9rj0rTVX08RxZg+LoqcvQpWegxsf6fRT5lmzS9HVTbZ8fxBNwwCNaYgnvYcJm6Di+uH13atNeJoKVNP/qw+7aV2txEfLhuRDJPJiaRkyRSbEpS0kj1HFD0Pv2VQ41gF7fVU0EActBpV+S/VccfzmVPkF10Ox8T5dZACg+6rg9RxfOVubVdbdUlkxE3vlt8CX/N1caZ3gu4LDxkdi8PJCGedqY8Nt5DZcw84VUjfG0n3ALhP2gRAMouTwTEcs0G58PuBi4cs9xWvNxzUQKWG8VtRDzG5SUUJMt4AYzzDDlKzkMGTxNrn6k/y4uHC1CzPtwqH2+N8XROsuMnvj0++wdnkw4e/pC5NN2sBmhEZlSOZS417+vnVvNFFXr1cRPDZ6F9SU/Z+MfiN+F6EVcpz13nWnvWPob5CIYVfUSumVEC39UAflQ90Byt8vYH9tmJ37uaPxIRn5ImwKYFQPhTUmMSmtWyns90beLLZkKaq1wO3umIXcKQihBuyXlaEy8gEgSZmSkhjUJOEhsqepuv6zhy+LrLhqhv63tnWp6T0vgEYX6CGbdFPgEnsDv4hknd4QMizKKB2PRlmbQwFhbXlwyGMQ8vEFNlKh68ZQwrMZu1ifsgZ+TNbZx+IFOt2RVsv+FgqImGmvmAapgzONY71F2U4wb94DEmsoFqXfqx3rH2cdENeonZFIu4jklKDCKmtpJACDWRwdyYIGKrzmrT5/SIR+DKLgX2bFr5d5/2gIw2GwozIWgBh1UNzWNyT/Pu6E73iNzDM4jOMlMmASkGXy0nkAj3nBp+hrtm8DZl7wJzXaKR8EAiZu9Lo7Kw83i1Ho9IzxzHmzVKztQirdeECOCuXsqN2LgR5su799lkdUiXqcUorEPk1X9W84Q4pRZVr4r/1B/LK70J05bQEzcLztKO5GwO+fFHNPFfJIqX3kyj8XlPLlPw38XOEhR5W6UThVfHOeQTaL6dLYcFhmwzPlds/jBOhWMFz7GyF7xwxcsLvl7TRdoFyMZVwDM4OZN4QOp7kPuAVFouRZyqutcqxc/uaHX6E6aCmVhuKCLHxdXXUiTehQdIMhl2OJJTyst0mhHdLe3o7zkxQUhh06Y+8Ui72UszgSEFVnSd/IKjHdo5IX5jQEWR5/ULdYYxXhNfbdCYYTa8WQk3jeEgYv97mHqnIp9njFsdGvOTFBPFLxI+h9vQkd2DAd3kCPzm+5056jFllNtF6kDpat4EqPbElUbEXakLsBAnA5J1Bbi1GWrmm1yFcOk3LVHrztNIAy/LiFklH5cYHeQMxsQ1Qj0pChPTQSfTeZDIAoFzu5jDuly8vRRcRBtV87OwLejp+1HVXtFGBTG/9HDFd1TH8BBkMwdjuN0JzMxhJE5HBer+Pt9+QlNGmdXQHqAmYb+AplSVJkPmu3g7xN+bAibwGS8LBV8Te7U981fJSD4hPDXrG6fK7JdgMoZ+8/xp1TTOAWe+PM8BmT2mjfczBAOSUF2ZA8k061VHnEgAiGrWfABfcJbYQ0Qx4iYjCUAtf61E/UozMWwTvyHVgq+/8qG/RDh8n2BkE4zXWZ14f0h02OA7XkFhZbsrIZnOCDeU4RbNBbmxNaJ1UEkV+491vWcXqD90FfVev0664pvhgXStsNL8VNN/eGSLj+5YFnIx9Cq40KvY63P319MgPKICweggxsSnPCGjWS45G17mbt0Cdy10d6l6YVPUg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-12-12 11:01:31,584 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:01:31,584 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110131Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_6kk4o7vv08lho8qofylejzlcepbyarnzvvk9|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_3c84ebd15abafb76a11994ddd7341dc7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx6RuPDwQ47yoJoE6jy5XIHaruDjSz2J+1LS6yDp04z/4g+VIVimeTbmuQR4x4/TBrNyh+SAQ1ww5pYcNwsMY6XoKasMeBHS/ZeFa+VlTKYo5B99Yy1vInbLrgIFi0PNSqdjxV3ygf|_76eabbf5dfdd76ee74c3f11d34cebfc6|
2019-12-12 11:01:41,136 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ZXlKMWMyVnlVRzl2YkVsa0lqb2laWFV0ZDJWemRDMHhYemxZVFdoa04wVmxjaUlzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbE5CVFV3dFZHVnpkQ0lzSW1Oc2FXVnVkRWxrSWpvaU5qQTBiREp1YWpSek9Ua3lZemxrYURWMlptTmxiMjFsWkdZaUxDSnlaV1JwY21WamRGVlNTU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHZiMmRzWlM1amIyMGlMQ0p5WlhOd2IyNXpaVlI1Y0dVaU9pSjBiMnRsYmlJc0luQnliM1pwWkdWeVZIbHdaU0k2SWxOQlRVd2lMQ0p6WTI5d1pYTWlPbHNpWlcxaGFXd2lMQ0p2Y0dWdWFXUWlYU3dpYzNSaGRHVWlPbTUxYkd3c0ltTnZaR1ZEYUdGc2JHVnVaMlVpT201MWJHd3NJbU52WkdWRGFHRnNiR1Z1WjJWTlpYUm9iMlFpT201MWJHd3NJbTV2Ym1ObElqb2lTM051ZUVvMlZXeHlkR3BSVlRoWWJrUkNhR0o0YkdabVFWQndWM1UyZUhkd056TTJPRXBVYXpoQ1FUbEJjVTlLU1ROd1QxcGpXbnB6VTFOYVYyVmFNbGhHVWpGWU0yZE1Uamh0VWs5a05VOVlOWGhEUkVoYWNqQmhNRFpvZFZwaFYyOTZXV1JpZWxKWVNHUXpiemN0TTAxdE1reHdaakZhVjFkblJEWllVRm8wWjJ0NGJIZGhVMWROVFhsMFgxVlpVV2R1WlU1UU5taE1Na05NUjFGMVVGbFpUVVJ0YkVSVllXWTBJaXdpYzJWeWRtVnlTRzl6ZEZCdmNuUWlPaUpwWkhSbGJtRnVkRFl0YVdSbGJuUnBkSGt1WVhWMGFDNWxkUzEzWlhOMExURXVZVzFoZW05dVkyOW5ibWwwYnk1amIyMGlMQ0pqY21WaGRHbHZibFJwYldWVFpXTnZibVJ6SWpveE5UYzJNVFE0TlRBeExDSnpaWE56YVc5dUlqcHVkV3hzTENKMWMyVnlRWFIwY21saWRYUmxjeUk2Ym5Wc2JDd2lhWE5UZEdGMFpVWnZja3hwYm10cGJtZFRaWE56YVc5dUlqcG1ZV3h6WlgwPTpWS2hMZE9OL0VhNEE4ME1YcjN1dVZMUTRxQzJKSEFtdW9oSlVxd3l4eVZ3PQ==
2019-12-12 11:01:41,136 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-12-12 11:01:41,137 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-12-12 11:01:41,137 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_4420b7ca-7814-4eaf-8485-a24a127d2819"
    IssueInstant="2019-12-12T11:01:41.008Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer</saml2:Issuer>
</saml2p:AuthnRequest>

2019-12-12 11:01:41,141 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer' from origin source
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:01:41,142 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer
2019-12-12 11:01:41,142 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:01:41,142 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:01:41,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4420b7ca-7814-4eaf-8485-a24a127d2819', issue instant '2019-12-12T11:01:41.008Z', entityID 'urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer'
2019-12-12 11:01:41,143 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer' does not require AuthnRequests to be signed
2019-12-12 11:01:41,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-12-12 11:01:41,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:01:41,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:01:41,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:01:41,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:01:41,143 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:41,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:01:41,143 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:01:41,144 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:01:41,144 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:41,144 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:01:41,144 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer
2019-12-12 11:01:41,144 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-12-12 11:01:41,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-12-12 11:01:41,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:01:41,149 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:01:41.149Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:01:41,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:01:41,149 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:01:41,149 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92
2019-12-12 11:01:41,149 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92 to 2019-12-12T12:01:41.149Z
2019-12-12 11:01:41,149 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92
2019-12-12 11:01:41,149 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92
2019-12-12 11:01:41,150 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:01:41,151 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e73c197'
2019-12-12 11:01:41,152 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:01:41,152 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer'
2019-12-12 11:01:41,152 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@1dfabe81' with context 'intercept/attribute-release' and key 'sheldon:urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer'
2019-12-12 11:01:41,152 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1607683351358' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-12-12 11:01:41,152 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:01:41,152 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2019-12-12 11:01:41,152 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2019-12-12 11:01:41,153 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:01:41,153 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-12-12 11:01:41,153 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e73c197'
2019-12-12 11:01:41,153 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:41,153 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:01:41,154 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:01:41,155 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:01:41,155 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8eaa630e8ee24b996795c451fd55f5a8
2019-12-12 11:01:41,155 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8eaa630e8ee24b996795c451fd55f5a8 to Response _d23754dbe233828eac7ff7d33886cccd
2019-12-12 11:01:41,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8eaa630e8ee24b996795c451fd55f5a8
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2019-12-12 11:01:41,156 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2019-12-12 11:01:41,157 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:01:41,157 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-12-12 11:01:41,157 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2019-12-12 11:01:41,157 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _4420b7ca-7814-4eaf-8485-a24a127d2819
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _8eaa630e8ee24b996795c451fd55f5a8
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _8eaa630e8ee24b996795c451fd55f5a8 did not already contain Conditions, one was added
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:06:41.153Z, to Assertion _8eaa630e8ee24b996795c451fd55f5a8
2019-12-12 11:01:41,157 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _8eaa630e8ee24b996795c451fd55f5a8 already contained Conditions, nothing was done
2019-12-12 11:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:01:41,158 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _8eaa630e8ee24b996795c451fd55f5a8 already contained Conditions, nothing was done
2019-12-12 11:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer as an Audience of the AudienceRestriction
2019-12-12 11:01:41,158 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _8eaa630e8ee24b996795c451fd55f5a8
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer to existing session 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer in session 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer in session 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 46093c477801970aaba12dae00f476e1d7207a6bc747f57a1254ec9ccfa68b92: replaced old SPSession for service urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer and key scooper@samltest.id
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer and key scooper@samltest.id
2019-12-12 11:01:41,159 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer was replaced
2019-12-12 11:01:41,159 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:01:41,159 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:01:41,160 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-12-12 11:01:41,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-12-12 11:01:41,161 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse
2019-12-12 11:01:41,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse
2019-12-12 11:01:41,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d23754dbe233828eac7ff7d33886cccd"
2019-12-12 11:01:41,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d23754dbe233828eac7ff7d33886cccd and Element was [saml2p:Response: null]
2019-12-12 11:01:41,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d23754dbe233828eac7ff7d33886cccd"
2019-12-12 11:01:41,161 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d23754dbe233828eac7ff7d33886cccd and Element was [saml2p:Response: null]
2019-12-12 11:01:41,163 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:01:41,163 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse' with encoded value 'https&#x3a;&#x2f;&#x2f;idtenant6-identity.auth.eu-west-1.amazoncognito.com&#x2f;saml2&#x2f;idpresponse'
2019-12-12 11:01:41,163 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:01:41,163 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: ZXlKMWMyVnlVRzl2YkVsa0lqb2laWFV0ZDJWemRDMHhYemxZVFdoa04wVmxjaUlzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbE5CVFV3dFZHVnpkQ0lzSW1Oc2FXVnVkRWxrSWpvaU5qQTBiREp1YWpSek9Ua3lZemxrYURWMlptTmxiMjFsWkdZaUxDSnlaV1JwY21WamRGVlNTU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHZiMmRzWlM1amIyMGlMQ0p5WlhOd2IyNXpaVlI1Y0dVaU9pSjBiMnRsYmlJc0luQnliM1pwWkdWeVZIbHdaU0k2SWxOQlRVd2lMQ0p6WTI5d1pYTWlPbHNpWlcxaGFXd2lMQ0p2Y0dWdWFXUWlYU3dpYzNSaGRHVWlPbTUxYkd3c0ltTnZaR1ZEYUdGc2JHVnVaMlVpT201MWJHd3NJbU52WkdWRGFHRnNiR1Z1WjJWTlpYUm9iMlFpT201MWJHd3NJbTV2Ym1ObElqb2lTM051ZUVvMlZXeHlkR3BSVlRoWWJrUkNhR0o0YkdabVFWQndWM1UyZUhkd056TTJPRXBVYXpoQ1FUbEJjVTlLU1ROd1QxcGpXbnB6VTFOYVYyVmFNbGhHVWpGWU0yZE1Uamh0VWs5a05VOVlOWGhEUkVoYWNqQmhNRFpvZFZwaFYyOTZXV1JpZWxKWVNHUXpiemN0TTAxdE1reHdaakZhVjFkblJEWllVRm8wWjJ0NGJIZGhVMWROVFhsMFgxVlpVV2R1WlU1UU5taE1Na05NUjFGMVVGbFpUVVJ0YkVSVllXWTBJaXdpYzJWeWRtVnlTRzl6ZEZCdmNuUWlPaUpwWkhSbGJtRnVkRFl0YVdSbGJuUnBkSGt1WVhWMGFDNWxkUzEzWlhOMExURXVZVzFoZW05dVkyOW5ibWwwYnk1amIyMGlMQ0pqY21WaGRHbHZibFJwYldWVFpXTnZibVJ6SWpveE5UYzJNVFE0TlRBeExDSnpaWE56YVc5dUlqcHVkV3hzTENKMWMyVnlRWFIwY21saWRYUmxjeUk2Ym5Wc2JDd2lhWE5UZEdGMFpVWnZja3hwYm10cGJtZFRaWE56YVc5dUlqcG1ZV3h6WlgwPTpWS2hMZE9OL0VhNEE4ME1YcjN1dVZMUTRxQzJKSEFtdW9oSlVxd3l4eVZ3PQ==
2019-12-12 11:01:41,164 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ZXlKMWMyVnlVRzl2YkVsa0lqb2laWFV0ZDJWemRDMHhYemxZVFdoa04wVmxjaUlzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbE5CVFV3dFZHVnpkQ0lzSW1Oc2FXVnVkRWxrSWpvaU5qQTBiREp1YWpSek9Ua3lZemxrYURWMlptTmxiMjFsWkdZaUxDSnlaV1JwY21WamRGVlNTU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHZiMmRzWlM1amIyMGlMQ0p5WlhOd2IyNXpaVlI1Y0dVaU9pSjBiMnRsYmlJc0luQnliM1pwWkdWeVZIbHdaU0k2SWxOQlRVd2lMQ0p6WTI5d1pYTWlPbHNpWlcxaGFXd2lMQ0p2Y0dWdWFXUWlYU3dpYzNSaGRHVWlPbTUxYkd3c0ltTnZaR1ZEYUdGc2JHVnVaMlVpT201MWJHd3NJbU52WkdWRGFHRnNiR1Z1WjJWTlpYUm9iMlFpT201MWJHd3NJbTV2Ym1ObElqb2lTM051ZUVvMlZXeHlkR3BSVlRoWWJrUkNhR0o0YkdabVFWQndWM1UyZUhkd056TTJPRXBVYXpoQ1FUbEJjVTlLU1ROd1QxcGpXbnB6VTFOYVYyVmFNbGhHVWpGWU0yZE1Uamh0VWs5a05VOVlOWGhEUkVoYWNqQmhNRFpvZFZwaFYyOTZXV1JpZWxKWVNHUXpiemN0TTAxdE1reHdaakZhVjFkblJEWllVRm8wWjJ0NGJIZGhVMWROVFhsMFgxVlpVV2R1WlU1UU5taE1Na05NUjFGMVVGbFpUVVJ0YkVSVllXWTBJaXdpYzJWeWRtVnlTRzl6ZEZCdmNuUWlPaUpwWkhSbGJtRnVkRFl0YVdSbGJuUnBkSGt1WVhWMGFDNWxkUzEzWlhOMExURXVZVzFoZW05dVkyOW5ibWwwYnk1amIyMGlMQ0pqY21WaGRHbHZibFJwYldWVFpXTnZibVJ6SWpveE5UYzJNVFE0TlRBeExDSnpaWE56YVc5dUlqcHVkV3hzTENKMWMyVnlRWFIwY21saWRYUmxjeUk2Ym5Wc2JDd2lhWE5UZEdGMFpVWnZja3hwYm10cGJtZFRaWE56YVc5dUlqcG1ZV3h6WlgwPTpWS2hMZE9OL0VhNEE4ME1YcjN1dVZMUTRxQzJKSEFtdW9oSlVxd3l4eVZ3PQ==', encoded as 'ZXlKMWMyVnlVRzl2YkVsa0lqb2laWFV0ZDJWemRDMHhYemxZVFdoa04wVmxjaUlzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbE5CVFV3dFZHVnpkQ0lzSW1Oc2FXVnVkRWxrSWpvaU5qQTBiREp1YWpSek9Ua3lZemxrYURWMlptTmxiMjFsWkdZaUxDSnlaV1JwY21WamRGVlNTU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHZiMmRzWlM1amIyMGlMQ0p5WlhOd2IyNXpaVlI1Y0dVaU9pSjBiMnRsYmlJc0luQnliM1pwWkdWeVZIbHdaU0k2SWxOQlRVd2lMQ0p6WTI5d1pYTWlPbHNpWlcxaGFXd2lMQ0p2Y0dWdWFXUWlYU3dpYzNSaGRHVWlPbTUxYkd3c0ltTnZaR1ZEYUdGc2JHVnVaMlVpT201MWJHd3NJbU52WkdWRGFHRnNiR1Z1WjJWTlpYUm9iMlFpT201MWJHd3NJbTV2Ym1ObElqb2lTM051ZUVvMlZXeHlkR3BSVlRoWWJrUkNhR0o0YkdabVFWQndWM1UyZUhkd056TTJPRXBVYXpoQ1FUbEJjVTlLU1ROd1QxcGpXbnB6VTFOYVYyVmFNbGhHVWpGWU0yZE1Uamh0VWs5a05VOVlOWGhEUkVoYWNqQmhNRFpvZFZwaFYyOTZXV1JpZWxKWVNHUXpiemN0TTAxdE1reHdaakZhVjFkblJEWllVRm8wWjJ0NGJIZGhVMWROVFhsMFgxVlpVV2R1WlU1UU5taE1Na05NUjFGMVVGbFpUVVJ0YkVSVllXWTBJaXdpYzJWeWRtVnlTRzl6ZEZCdmNuUWlPaUpwWkhSbGJtRnVkRFl0YVdSbGJuUnBkSGt1WVhWMGFDNWxkUzEzWlhOMExURXVZVzFoZW05dVkyOW5ibWwwYnk1amIyMGlMQ0pqY21WaGRHbHZibFJwYldWVFpXTnZibVJ6SWpveE5UYzJNVFE0TlRBeExDSnpaWE56YVc5dUlqcHVkV3hzTENKMWMyVnlRWFIwY21saWRYUmxjeUk2Ym5Wc2JDd2lhWE5UZEdGMFpVWnZja3hwYm10cGJtZFRaWE56YVc5dUlqcG1ZV3h6WlgwPTpWS2hMZE9OL0VhNEE4ME1YcjN1dVZMUTRxQzJKSEFtdW9oSlVxd3l4eVZ3PQ&#x3d;&#x3d;'
2019-12-12 11:01:41,172 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse"
    ID="_d23754dbe233828eac7ff7d33886cccd"
    InResponseTo="_4420b7ca-7814-4eaf-8485-a24a127d2819"
    IssueInstant="2019-12-12T11:01:41.153Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d23754dbe233828eac7ff7d33886cccd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>6uRc55Z3RlnEh/wVtrwH6h0htD/hJoW4mATSjYJ2ePc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Od7P9Iby5TYYXll/VkEoQioUIwJrmMwfGOpBe78AwOnsU4UzSn02u0kTHEFFa6zFtFhu/sKF1WU2gyVzEUPRVL9pQTfjpXU0D9r7g/I5dL+HiZuKnFP/U03TQqnMNZsrhH+V5h3BOWhhKjqRz8U8Gn9tIu3cu9h9uNtTCzkCQah16Wv0a0K09bOTyktqJdGavrlh6nKK7ikWTLC663f2MMDj4sf8RNcicyQLTyZB30gdRi0/j1FsxLxAK7jrm8FiTTlqhw7Vo6lo9+kV5ng5bZieNA2LryvWjl8DBl3W8B65IB0wvnDY8vTjces+xVrbzYeL0u9BhommvVRoKDDPzw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_8eaa630e8ee24b996795c451fd55f5a8"
        IssueInstant="2019-12-12T11:01:41.153Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_4420b7ca-7814-4eaf-8485-a24a127d2819"
                    NotOnOrAfter="2019-12-12T11:06:41.157Z" Recipient="https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:01:41.153Z" NotOnOrAfter="2019-12-12T11:06:41.153Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T10:53:39.314Z" SessionIndex="_6dab2ef987295e35c797db6d9dc3c330">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:01:41,172 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:01:41,172 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110141Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_4420b7ca-7814-4eaf-8485-a24a127d2819|urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d23754dbe233828eac7ff7d33886cccd|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_8eaa630e8ee24b996795c451fd55f5a8|
2019-12-12 11:01:57,712 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10262-87D0hZxqhUilbgTr1cQ7-9uaeh3L-UN9
2019-12-12 11:01:57,712 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:01:57,712 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:01:57,713 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1"
    IsPassive="false" IssueInstant="2019-12-12T11:01:56.737Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>aMjVKhpU42xrphukJfLJayb+RoLVgVgJQUakZyhHk7s=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
HpvDdd0fndJnjze1hvptE4FjHCZNlhoRftM6bRbxiY8Sjv+9q8imvKDhDnIHekcJFfqv2nLmE5+q
NvDp8bYB6PKZKC+xbzN+GaGalv4nUdMpT2JyETGgISkCozravAFJuMtuy8lxA382ZSW/9X6jZZVY
iLEeezxSF5S+K89Av99LnaHsEZ03LCX+jqVVCB7tEuEI0vz3A/HpZTNSvHDJho6/wM4nO3RgHtB8
T62qzVdeNpCzG3CIdtVZw3J4V2ttAWm//wxfqX83ODk4+VmIh7RwwJQwia6ExHx0Xj9fWP9JpctC
FuP7N5+JfwxOHbMXSKfXZAOlgSiMOkrZ0hY+SQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:01:57,718 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-12-12 11:01:57,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:57,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:57,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:57,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:57,718 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:01:57,718 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:01:57,718 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:01:57,718 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:01:57,718 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1', issue instant '2019-12-12T11:01:56.737Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:01:57,719 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:01:57,719 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:01:57,719 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:01:57,719 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:01:57,719 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1"
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1 and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1"
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1 and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1"
2019-12-12 11:01:57,720 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:01:57,720 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:01:57,720 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:01:57,720 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:01:57,720 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:01:57,720 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:01:57,720 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:01:57,720 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:57,720 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:57,721 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:01:57,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:01:57,725 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:01:57.726Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:01:57,726 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:01:57,727 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:01:57,896 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:01:57,896 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:01:57,896 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:02:00,287 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:02:00,287 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:02:00,287 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@575401284::identifier=rick, context=org.apache.velocity.VelocityContext@60ce3476]
2019-12-12 11:02:00,288 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@575401284::identifier=rick, context=org.apache.velocity.VelocityContext@60ce3476]
2019-12-12 11:02:00,289 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:02:00,289 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:02:00,289 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:02:00,290 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:02:00,290 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:02:00,290 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:02:00,290 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:02:00,290 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d72595923f8e203559c80dd4c51027f9599a67607d4c524126099e21de6af9af for principal rick
2019-12-12 11:02:00,290 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d72595923f8e203559c80dd4c51027f9599a67607d4c524126099e21de6af9af
2019-12-12 11:02:00,290 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:02:00,291 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:02:00,292 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:00,292 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:02:00,292 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@f767771'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:02:00,293 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:02:00,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:02:00,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:02:00,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:02:00,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:02:00,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:02:00,460 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:02:00,990 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110200Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684520990}'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:02:00,990 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@f767771'
2019-12-12 11:02:00,991 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:00,991 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:02:00,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:02:00,993 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:02:00,993 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _6721c38d7fb7b479f22501099f09a14f
2019-12-12 11:02:00,993 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _6721c38d7fb7b479f22501099f09a14f to Response _5400b9106c38a286431bcb7863f4cffd
2019-12-12 11:02:00,993 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _6721c38d7fb7b479f22501099f09a14f
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:02:00,994 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:02:00,996 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:02:00,996 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:02:00,996 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:02:00,997 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:02:00,997 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxD1ssBjDAcOAqrx/4sr+3yvlE4ctjTEwBZCh/R3VslRWVtOE/ScYZXsVDzB2i2sXH9Wwgh3YNjZoR75WduzaX+lpUIzSmyhgb6c0IpgbdI1EikeYv+Gz2QfkOEOSAw2hXICIea53MVS9VqrfHKzGmRdk6UM/gkKs= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:02:00,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _6721c38d7fb7b479f22501099f09a14f
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _6721c38d7fb7b479f22501099f09a14f did not already contain Conditions, one was added
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:07:00.991Z, to Assertion _6721c38d7fb7b479f22501099f09a14f
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _6721c38d7fb7b479f22501099f09a14f already contained Conditions, nothing was done
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _6721c38d7fb7b479f22501099f09a14f already contained Conditions, nothing was done
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:02:00,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _6721c38d7fb7b479f22501099f09a14f
2019-12-12 11:02:01,000 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session d72595923f8e203559c80dd4c51027f9599a67607d4c524126099e21de6af9af
2019-12-12 11:02:01,000 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session d72595923f8e203559c80dd4c51027f9599a67607d4c524126099e21de6af9af
2019-12-12 11:02:01,000 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:02:01,000 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxD1ssBjDAcOAqrx/4sr+3yvlE4ctjTEwBZCh/R3VslRWVtOE/ScYZXsVDzB2i2sXH9Wwgh3YNjZoR75WduzaX+lpUIzSmyhgb6c0IpgbdI1EikeYv+Gz2QfkOEOSAw2hXICIea53MVS9VqrfHKzGmRdk6UM/gkKs=
2019-12-12 11:02:01,001 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:02:01,001 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:02:01,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6721c38d7fb7b479f22501099f09a14f"
2019-12-12 11:02:01,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6721c38d7fb7b479f22501099f09a14f and Element was [saml2:Assertion: null]
2019-12-12 11:02:01,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6721c38d7fb7b479f22501099f09a14f"
2019-12-12 11:02:01,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6721c38d7fb7b479f22501099f09a14f and Element was [saml2:Assertion: null]
2019-12-12 11:02:01,006 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5400b9106c38a286431bcb7863f4cffd"
    InResponseTo="_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1"
    IssueInstant="2019-12-12T11:02:00.991Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_6721c38d7fb7b479f22501099f09a14f"
        IssueInstant="2019-12-12T11:02:00.991Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_6721c38d7fb7b479f22501099f09a14f">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>+Sc9kMOw6az8JiQoqZfxKoYgtGe4ud5rOk2ClSn4zFtIcihmmvQuAGTIKf3tNbTyhbbrSSpX3MnDjSYUzDquaA==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>cZuN1GYb5UmsgnWHB5JPEjEQHpp2EItTnsqmDpoywe4NYLneaHdfRtsgGxMnEOkwVHZgyoL77UxpoDAPpDAq8mc3x+iQVkauNcAv17tcj8QejAxFZ0Z8C3ger9zZulL+bQLHfZ0MT7BBP7FW0O0jBmh+igXNOdmPyMorxyJL3s8yJ1dKa8v3Ih62K4OdlZ1jO34/tlz5Uw2HYLW2FM5U9zqk1ll9hN03aHWxhg5PRbKZOgjqQFA//9Cj/urLuPN2lQXyZlYVHYl0XiQE5XB4/egsEOv/lC3JPYwUKxzZOMagizVzphWFEI5gNGMqk7PpqStlbFCYHxN9jkNmXqprfg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxD1ssBjDAcOAqrx/4sr+3yvlE4ctjTEwBZCh/R3VslRWVtOE/ScYZXsVDzB2i2sXH9Wwgh3YNjZoR75WduzaX+lpUIzSmyhgb6c0IpgbdI1EikeYv+Gz2QfkOEOSAw2hXICIea53MVS9VqrfHKzGmRdk6UM/gkKs=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1"
                    NotOnOrAfter="2019-12-12T11:07:00.997Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:02:00.991Z" NotOnOrAfter="2019-12-12T11:07:00.991Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:02:00.289Z" SessionIndex="_357936606991cfd745fbb246528d06ac">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:02:01,009 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:02:01,009 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:02:01,009 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5400b9106c38a286431bcb7863f4cffd"
2019-12-12 11:02:01,009 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5400b9106c38a286431bcb7863f4cffd and Element was [saml2p:Response: null]
2019-12-12 11:02:01,009 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5400b9106c38a286431bcb7863f4cffd"
2019-12-12 11:02:01,009 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5400b9106c38a286431bcb7863f4cffd and Element was [saml2p:Response: null]
2019-12-12 11:02:01,012 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:02:01,012 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:02:01,012 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:02:01,013 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10262-87D0hZxqhUilbgTr1cQ7-9uaeh3L-UN9', encoded as 'TST-10262-87D0hZxqhUilbgTr1cQ7-9uaeh3L-UN9'
2019-12-12 11:02:01,015 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_5400b9106c38a286431bcb7863f4cffd"
    InResponseTo="_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1"
    IssueInstant="2019-12-12T11:02:00.991Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5400b9106c38a286431bcb7863f4cffd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>qd148XpgBZuetKM8MXGUtp9bKIP0bRYd7XfWLTRMM8mri/p0ukDi8SeH2ik05R/aLyBvDqXmVRKy+hiQ+QSbrg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>RSepIo4GMqqm2iGBkr5o6SgdAHx0DS0/H7SfDbRvQIvGQT8/ENuizYlZPxS4Fn1JtZG8H2vNZ7yGwhyYZAbBXjAQuvK97W9yMlVtMTLzcJVpBg/Hgt0vRusv/oHm8oLtLqQaURW62ag8QQ2dW/v2CQ4xp8iSdIF1voJe/sZEHofqPi2iQJtSnohxr2aAeqSFbEkLNzm64roTuj1yPIp9tTQsHG+EgAQNOKF/35V1p6hVxzkhUoXfQPzS1SEKb2vNvxoH66GBrxRzZZmIIuy7DdMqNlhdXFNxgaJydCk5CDc6bhonV7h9PG/E2VO8g8S0TmWZ5WS3vGJevOJfR0PCFg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7f99b3a251e30a1b3716a38cf67792c0"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5fadc11fd238e68c88dc1b80614b4525"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>lFPWUrIN2r8cEKXyHXZzRm1y8NhoM8wCGayWf5tiozdsAJngEPhv8JN6kiq8NdrA/sKguSsnAXI0xDEnlVHeqpu7AeTQaRWftoUWVRXnQiiRk7uM9Q2hoDhqI2/rK0gXDEuyNldkNqyQpje5Kn7+9/ntWsklmjnNbNeh/cU9FWHUTRNjGZl7I1cKWlWxexhH3xYFgVOlKVfKdCS72Uc0c1z/GzqmGIFlbl4XO8ggJf8DHqeOBv1cKq3/hinU6u0/nr/TnS6IpLJ7erLJjQtxntl7Zr1uH97n9TLjqtSXIYzASu4qbDlC6NwmxXqQNb9L7VHOvsuNI3K3gJS2/+KFlQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>qNzcJMxrwvnNzhMbNqY30Ip2xdwBnyUAVqp36LDZrONI3hRBlsgl89+/t3FHK0z5JIG63Q2AOO16Gk0EjDo1fCoHa7/EaH852hmhKj/yxvxF69GJ2UHH+ss6EMJ+AmyUallrVU3zSHOnOwLH9lRezELHa72PZdHAPnwbrzmuUi5g6JRqTBAq+vqKDIorvQUoA9HD03oZ/sBm+a9CY6luuUV4xOml/5lvXUGYsigQuP/GsDU78lV9B4kNz1Ncn0Kq/bMdryRGoqE1uWC7/qVVVMHtY8QRjeJuFQARAF1lGSK3uZt1kt7GUddxSYmsFzcq1wgNHwC04HLEU79F9NT5Mz7dU/FVL0vnQmHLJdLHq92MW2srM4o5cc0svz+wUma0GQo1poJ4/qqgMwtVbWZs6AuMs7QcsBkENPf07Cgx3K/bFt0PmyOtluZhx3Ydpf3CxhnZdzKeO8jp/5unCIvyyqhtbX7foK7wj5BxKSV8gWh+4dyk/paEOkd7qLNeUOZ68C9mGm1+GS9YItulv5qdGCKalQYkVSbOEvabVuTlhSl+8F90G4HXHCYVW7WAlCD2KWjDa+nbtRlc9BxR2DqAjVNqe5oUWOIIGlypcWVvofIe3Eq8FVY0KmcpCQA1wc9D1acX7zKYb195ikoOJxPB6WWsUMiHjA48QZ5cgDnTuskuQ6xmLedKObyb4ntmKMzlR6PRO81d4KfHkjiZu6XpAcBv621g6fNgrOkI+++1pY2p093AvuzuFIf5HIHWgSt+sckIKzYZd4Hjt56GXzdD7EyNXVmPFZyla+HTGs9PN8v857goeZ7aPmEBWnlysy/LVPQI7R3HlX+i17TWFF30Riuf2rSYuPBI7MDesNVVdKkAb5GKclP7XQO5CHSctryXOVd0bUHU3F1Mixvrw1hz+RHNWX4EbVk++emsHTkmaTCr3ESfDsyy2YffIjcZ+lsDk8kfk+sqS+sZHB1YrrJteK52yNHqwWaH8UFoHVmC0vC/1K6azxyuWfBKFurBYZRIORu24eUUq073jk2rlw+I9BAeL3EUbN2KK70nknFS8KZdO3A3jOpgvfB51/KNAprV+ruT2UK7rxyUuZctTLhmqUWU+m6tBK3IE+6E7wXRp0mDpCD1rWTDwMnFtsD5evAc7z96SbnhYzp7vJktKum1c+pVzKu7lcLSr0n/YH70uzIjKEFcn721HfExj4FiHFZub52Tb/55tieARu+rDK8Oyd4MyDGf18Gs6M0uBx7B7Duw0I279bfT1dg3Bowuh8SYRPMPVou2mnT9O/XV2IRKfgz5aFtMWMrWhxybbfPuMxSiIv7qc4p02uJxPEMme6phS7hP+mwEdpnAHtRJ/cqh5Z60osgOHR1K/9p0lozCLdZKM2crFhV9NsBNPGtmoo4MmTZewiBzvdKnCBUe7aL7ZQ9Cjpc+wtSia45eLEjhRgY00RLk5Lbkgb1m7y3PR2F75IxNS8+wc/983bzbfoY86WLee3/kHf062laaMfgfOBpmZXolxcBGqHLk3P+LHjvpwgQOgG5Z7R6fCzxsPrwkqi6H/AsqlCrk7IWn+7M8eJk6Of2MH1BfH+rkuMjHQReugVbUywHaSTaD/laYGZjfsDMD8E5n1Y9ZX7CE/K/MQVjkSuaqBtpTaz75yU5sc05hp2SdQz+tn4TPVt+c+PQbWezPdfqKUg4r3/OiMgyyDIVuFvql7+BBz40yR9bJkEIUZI03DPnjVJSdYEkDltz6NnUhUqNEmD/qL31S+64gpUwgOH3Cx8kZmrvqYLcCwP8X22dR7XoAwUX4VhrGiVkHne/N7EGnv9mXjVx761cC6zT6ubXZLtjhqsMxIn3hjsYjzOl6aT1L4DP3zxI4A5Bf3Bx6ZoU/TXvRwQH3n3kQTMHjhbfQglbyjPpwWeHlW81MdHfjeUoh+jhYRV0EG6f+yEn8yXVjHvGmKqpCKdYBDbr+0kp418xVAwHQSEMCVWPH/IGdDi5ePjVMMtBlCaYYXZ2L7Ep4wQyUZ2gyikBEUTXsZC6j8fxzUlyJHq7O/EkkPBq7/AjjwmijFOM4rgDc+3woldBGgV2w0OLtFJBbAEyDsfoZBjzKYBMxdnDJd9SmytqByxQvibY95LGWa42dYgA8O3GqLIOVb+gqYrPkNORjgwlyiBYxERrbuW/kS7oaGSnJw+XoFISxxe+j+NUkU1Zaig509bSNNCTvs8V/rk+vwjUd3UXd2Dgrm9obZjkjy1Wgjv8C8NLA1s8neIfwgddAxGwomrqx/atWs4ElZorXVdYKL5yYx//4ZqPyw6PFsIr8wTw3gsO6efrtNtpwY/fR36dIhOJDIX+Njpv1iQeLF0Chp9VH0+fl2C09Vr5utGhvbww7hNtXYU5HXRPrwXANMzXe8tLwdnovTbrDslY55yr5hKwKbak19rAEB9dhRjjrOpTr14bVQFlmpNq9RRmHBUmVnSe0T9cpwB4/X/zwcT2spusVJ3/8SW4bDMjUPcFRRo6cFBQkOZwV/FIKeq3D/JOwThHV8ZEFcgavJa3d/R7wS1X9Yzx1xaMSFkZPOLyef0z3nJZ2eP65lKFqaDh/QsoTSJXSTle5VZCeX5virtmiWAHtmjV3wEE59j8jXeAYttW01yvWvE/V5OY+v/Xwd2kdnrtzPJZEgDKoxiT/rAfTNEWswQ1W97LXW3/A5+6MQPVb6U4M8diuklLJV10h0Tt2olzDCa2aZxt0lgC/thW/M1Dw+VLJDQPqlvPI1YUbOghQhmgtJwYENgK8/pmZxcIkU2i9NykELRhjGCnnNTTocQkp1pre+ozd2G7z1UG/qPkX1fJnuU+2Av5vdzryyeBcj2qtV2m3/OONwEIK9I/vqLo+NdDwJ5QJS+K9ZNP84X9KIaYEVY6D2l+scVn7zEYg0QexjheEKnpsxd1npBAhWgtrUO9J/ZhVDvMBN8LYqnb7oOol/56uOM85i1XVj9KP79Hbb4JUlUL+Ff0C0XlXC6yRFV07xOTbKNnR5ptkYemOBQp7oIeradESpxIMNnq6/c17h8eK3L6iMLFzJ3YUY6c8uGvXlZqoq8RP7R4W6lXtl72XIuxA6TS+wsNPgYJTAAQ0vx1I1J4rRYtxpAKzeT0mTx24NshCSWFzpoJ8YCBKC/dFqDF27Ennp4saHgbmOI5qg/Rn5qIwriluNsRKwLop9IjYh0bbvB1v6lleXnV8aSxoJYTsowHmfuB44h7nz0Asq0kFu8OkEnVXF8X/DmxUgODaHx3q0QHI3tFAa5RTlsoz2wmXE2bppiUXWn2f4RBv2pgOROAywZhuc1C6evaCrmYawHG2vTpP3nK9EMIqTjsXHc2mlRWCepC3MYi/MFdu5EaX/uFzun957aIzVcIEeyCRrTU/S0FR2Oal2ikitzWhLDcwFFOQVDI/3J66UdClJq+n6YcaEDIUybBF8S19yRBcCZkrxNyaET4vxndopTKfebObKBG18cGRb9wQwjSvgRDWQkZH9X6uRyFo8UXtUEVhnNcFUlSBEd+VYorubeq9dAPvxNJ0RkubnW4S1sbLW7XC2Awysx3phD3ZWCtKz3WLqVVXIJ41Yh7CiMlfPklDtCGAmeY+s3uHtUnNWiB2AUaJ6x3OS1CfPqAE99cDyCELzW3foY3i1xAKAJzDwIqd1JGdyLQOFRmhMaMzeH5aKpQlDoU9fpG7gSYdVeO91jfxgxbLRGMvlg1QUc16Yzav7vOmYuaMJFvPf5qQN9bUg5FqhRSyOI7MylMFbB3TKEfGhd3R5rioExQHVYnRh7nKmjFmudDPbJPKNwlKCNIQGwTYHaB4oxomunKiaSHBNMKpfwaEquIrjHEUNnve+6j0HureKaGCaIuwoiV2ExSc2sVi230JlhPWNlehqUPcLBqaLO4pOtYopL2wOyzQM6kUO4mkThCTdcWCrmO85PTon4kNn1ox4EOySK3dJ0Gt1NkQb6OFAKNnczjKYPjQoWzLLiKCqSIjxBVqALvcATsvJqSSUDJqBKlfQvehMe+pXwqEyr0J+F26ECgV1cwkq7X8UfApypMEO4JCmO7nQRJqGjTx6Q1p/KUSs30LTs8fgXlKrr/sag/Q9ceWkIB3auTNvs+DZLOAxzYgT/LgZ/uv8gfSYYGKAit1dQlGooC1BNvP7p9nVlcjK1mVY+lVsbmsYbEeQKWfdig3IupsimyzjbE8nkrY76ABy11UrapZZi/JwsKxxAvuJMz4bGqT7P7Mjpx3ngH8o3STpwnubX3Q01RMMKruwZGADx/f1mhXaU9BxIWcXGRoFqNE2Po371AaWddCdBdfTZ9tIIePysb5MgWKQQZ++iaKtJTJG1catsw8l3ZR1oVoswIXHNTEC0SBJK1aNGpn3Nx36vMYnb8FX4aiqiCdxGKH5mQizq6L0ze4whmiposCXMdsm5Akfgo2cOAi6yCK/EeJbRSRjR9ldavmBsJm79aylhD6EP1oFDf7q+nxsElXkePvmHT6HSpxxKomzJM5dNVQb0T9qvG5zcyqD0vgKcXeOSXj4Xl7X3gw3knFVuIIt8h0+oGIc+9gKNxdZGxb3j+DvAqSm3z4u2RzjtdNbGRSOxz4DPfUwCWt69znijZX7MQZuzRWtt9AMbyuri5xEB/T1gQrZmJiirCx1JBuqDnRXa11pM8ipOmJw/uVXwSCfhLp1T5VHBEJRMOsMoxsQh+vi0/msUU2DTnKBKhbDTEl5LXfuLR6ipF7l0ws3ZuXLHxOaKuDDc0k6yKD2/dMlPSWcm79dLtarH+JWcJJYVi1xVTWgfAbXIjTinqzj7wFfnNVR38xZrvZhljW11FZRzaVIpHMRxF+aT2FjezBV9xKjJapmBrYzO037Nf5hEiRC96sFenpxWbjK+jrdgGB2wAaaxywvPOBfoMrFpiSFxW7FA2USv484et/tJlNbD2U1UXWM7skL3uAS0/z8T+2gCKxpHmFTCF4OWt44IEBQwHMcT20oS9AhPQug9vVvZFrC79RbQGvLYOCKycSxlTqZnNW3YsSguI3HJ7cciJFpuDhZLPxpPqmfE9FNo7K4wmRXBQvJwEhOZRW1D9328cQ6aZ+Zaz0D6JMFr/XuiAhMujaKPGKVSREKFhiTFekOpqYnAyxd9n0t8h2FB6hF4Id/d2LOlJb8D2hnePYwIXRm5UlUyZKlHTAuMChXUY/BiDTiHofj5RpVs5Xa5PqvAHkTuUjffMvCHeH80aWCsxe0On41PMC4lmgwG36O2kk4Yo1a43kT86ly520uNjPyFkFVkccecK6g6IkU5Y2cs2Xe0GBEqe/qNsUgRzOzzyaLNjbVUuPME49qV8Z4lczJp6IbHF5Abum3V9sXyjkcRdPgaabgIQK3XAkf1yAoLUN03bGNtWJT8TWYhB0onZMQPjI985rUFjVAx9M+C68sm/b3d5YkoB3wdi1L88N/iTwB/FSt0s1xVC14gyerStvmig+GmmKRNCUiq8MoMVtlywIBKmXANv1s6wqRbR2sVKo+S5WgSN27ntd4oMtC14Ox2dNP1YkwBopqfl6ORh77kojfkhiKOySV0UwSrVSKW8FQpVQcQkqotXgcaDl/QyOWfYRiNeAA7/Ryr0BwjdzZVOW10Mz++8A7rxj2XQIrX2jBsd6eLKAuzwTT8GABG3PI/PGBWs1LyD9jKE87G4+0N/TDsd/bo8i51Xd9TzkJk+VPkhsjtAL6hV3yxvOPxxUEfjIiNTA8Qoo6t262kSSjEMlOpg3CRzQyQFjgo/j9mf6KEUXagRCVkmtoGpcHe5DOuFVVVxlpIpBZx4xJtoJtWMFXJ0huwr6U6oAuwrSaut22EagbGpe8VyZNg6TyBHe+Q7pAnw4+Aas2H+rTExu3X9WY+cseFv0AXQanLHUkaEX0qK6I++iHKSuXm6UuNciExerbwS8FtjFreIZ45g4LlLo01DRXTj0T1nxHBXFVHJhyfH8Bc6e3AJXKCwpxkgxBZe9di0W7twwMsfohOnYsIUPPwloLS86KfiVc/8xcAODBzHeAMvXspZIYA2ph0m3EYw8FN+uwbvX7GZ11qV0oOtCddG3t+fBEQlFN9TRgJVq8qgEQRANSpQW0kmwDD4ZlQ1dBVqSCYZyIEc888twLt6qY/d8x3FIl6zSNT4898HDRsf3rXWFKCk7C3SnaGovh0nhngWoiWccjNYEpzl9xW3tv3T5w530J3cofBhQ5tr8Y1Vj1rPHIBwhFInqhA44tdYgi/Lf5TCKcsRg9hP9lUw7m4BCIZfayLCwQo5vQAYfvR2+FvYo6eBKQ+ewdPCwF8+noUBbveC75UrG60bF8n0ckjCDyNnpeXnaHN/B3qohzy0HUxNTNS5e7NvAFPMXP1OcNDt8hv4Fpum56i5Y0lTFysKRkBV1KX+81w4W3sQHyunJriC4pNg0ArtWraiQv93NAyVkHU7G1nNGFL7AFG3NkQuw+omsqr4FK6ymhM/fmHVd2wGX7kTlykwcZZhV23o9JEt+vW82LGRWuSmfkcKIP7z+BhuPGMeXhrDUWGUTEVy4No9hiBW566hLbqelELfHWBLXnVIjwGV0lNlIHfxAxCoeXv/Um5DBO4XusPTulPeq0An4vf98oaSsigEGWRMQeXFza7J84KMIozQta6mwE1I8K3oZP4oMTF8gXgGm8lV5/j9s5GUoERwP59upaV7QPSpU8+rB2L/lw4XzQBB3sO6m5VPRqyryALdklj5qpP9tOJiPKSQBTYc4nY6nR1RDY9TBC5QAoTjK6p3QDR1Nv+cjhz5bnqLpmePe9Y6qFoYefDhvSTVNQ/UomrFx83yo/Eoo+U6e6YlFY5BIEKYGDbNaorK1oRFSstTjEpvcr2ZnHKDdl/jXJ5gitYdgkVkzMmDUyP0cj/oIxEHsYy0Tayw7Ee6evg1vzqcKEoULuvTHts0lTHPIslHk8zpTQxVhzoTYglxyw6ADucnLREMzAWX2UGCbjKF8QagDjP7wqUrOjSbpgr7FSChLfLsvn2yRKSxDM0IK8M0thG3ViJsWfVwGDl3i92j1eKW+GBD5W4JOLCv5NmfyzWl3pw8bXjUpUtBkDHuKMwp26Sm1OOegF1Bk6Il8kqW16lAsAW+vp7Cgk0e6lDUGh6u1dEFOlBfIvyXWz4lYfcsYaZbYflbL2gqNcNi9TIscdD/maMrdlUVTZ3urQxvbMpqIesdBIIvyB9uUquZQzDboR1Tx/d45nXKzh10Rjr35cHNozGmIdN85V7xcStB0XB7eeDgRwNPovRXgGcMXk2SrLWolZllRbYcAFO1K2wnaknQD498O+KthWqqwN2yYQBGS9hxvdTKRY1IjJnWNA1RAdSjndDKNhoOb1Xb8SIEGdg5y1xbpl/ZhjG4nqBXnWdt47HvqlNM/OIPpBiymI/X2bhpsrruQ85yXX6jBeoJBbyJZDB1/UmRaxkzSIIRTEXFUhE9c3ZZEOtqtKMQoyNNU0cZSof8G5gBoL0DM38FLa5v1LzRaUeT5Yo5w6BH3NbJvzq5JbuwxprOsq4scGylnCzWQ5a9V1kKzzyWl3tV8MF4p4AITRg30tlZ+HPIjELZBjfavErPSTIGpNlt3tx1B6qHDZWYbF5b50mqGuKLnZPUaEksraP3dJl/SnvJMYbRbXssftiFcBOEorg2u0dk4EROujqN/J1cc4ymrR+WnYzETC4v8n5uoPSq7J542KBbp6kmAkc0bDnSiy6GH4/AuqNlc7wHfT50XiQDA9zfb4eHPiqGoTzraEAGG9XNdpD1r3CqQeGmNSSoWHysrJRpifSEtMsmc9r/eJxMKtEsywXeOVx8xntFvsNANk+CA1/vcTV5fiaGkYNipH2wB93+XVlRjyFEsB6SIGE81085QNSaNjeGyu2fSEuxDe+ZGxHopy6EeKGmvgMBE53ZZGCsUCEmp3wgq8s53136N/PDjYTLFr8gnnbrxj9lboIuZSeQvhWYvR0Df6VCLnr5SlyOrI1Kf4iDkoHYClXEF2rX0134C72nW3T78qovMoXVDIWr+DOP3ziF4D74vmmCvSvjaAFga/o6xkB6KoESvwlii3ymjxEzfsWUsW0akpam4VN/JB4jbAQg09lEeTGFmJqRxS79xgd6VllaYl5Xz8GbMFu0BijIcHVpX</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:02:01,015 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:02:01,016 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110201Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bphs3ehtpn21odxypcgfs0xaeb6aarvrpnizzb1|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5400b9106c38a286431bcb7863f4cffd|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxD1ssBjDAcOAqrx/4sr+3yvlE4ctjTEwBZCh/R3VslRWVtOE/ScYZXsVDzB2i2sXH9Wwgh3YNjZoR75WduzaX+lpUIzSmyhgb6c0IpgbdI1EikeYv+Gz2QfkOEOSAw2hXICIea53MVS9VqrfHKzGmRdk6UM/gkKs=|_6721c38d7fb7b479f22501099f09a14f|
2019-12-12 11:02:45,925 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: 7be2bd47-b670-487b-aeb3-4eaf323842c5
2019-12-12 11:02:45,925 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:02:45,925 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:02:45,925 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest AssertionConsumerServiceIndex="0"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="IDHUB_a6f27ee2-67ac-4ef3-8cb7-58222cc19754"
    IssueInstant="2019-12-12T11:02:44.102Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://student8.trustbuilder.io/idhub/saml2</saml2:Issuer>
</saml2p:AuthnRequest>

2019-12-12 11:02:45,930 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://student8.trustbuilder.io/idhub/saml2' from origin source
2019-12-12 11:02:45,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:02:45,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:02:45,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:02:45,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:02:45,930 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:02:45,930 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:02:45,930 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:02:45,930 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://student8.trustbuilder.io/idhub/saml2
2019-12-12 11:02:45,931 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'IDHUB_a6f27ee2-67ac-4ef3-8cb7-58222cc19754', issue instant '2019-12-12T11:02:44.102Z', entityID 'https://student8.trustbuilder.io/idhub/saml2'
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://student8.trustbuilder.io/idhub/saml2' does not require AuthnRequests to be signed
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:02:45,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:02:45,932 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:02:45,932 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:02:45,932 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://student8.trustbuilder.io/idhub/saml2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:02:45,932 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:02:45,932 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:02:45,932 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2000/09/xmldsig#rsa-sha1
2019-12-12 11:02:45,932 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2000/09/xmldsig#sha1
2019-12-12 11:02:45,933 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:02:45,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:02:45,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:02:45,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:02:45,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:02:45,933 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://student8.trustbuilder.io/idhub/saml2
2019-12-12 11:02:45,933 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-12-12 11:02:45,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-12-12 11:02:45,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-12-12 11:02:45,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-12-12 11:02:45,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:02:45,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:02:45.936Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:02:45,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:02:45,936 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:02:45,936 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:02:45,937 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:02:45,937 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:02:45,937 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:45,937 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:02:45,937 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:02:45,937 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:02:45,937 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:02:46,439 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'student8.trustbuilder.io'
2019-12-12 11:02:46,439 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:02:46,439 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:02:51,345 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10264-OLkpt6YqQAy3XBgDin6vpXiDvX21WlOw
2019-12-12 11:02:51,345 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:02:51,346 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:02:51,346 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz"
    IsPassive="false" IssueInstant="2019-12-12T11:02:50.450Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>+IcBtGw9oZWF7xQ7OV3R7u/6rNH3+CPFNXijwwt09HY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
U1dKkVv2SWUJvdj//rbkKX400PnMN/WfPGp1oy0cT1DdZFFcgrKeLneXI/4ViUa6C5wxlPyqRb7/
OxT6Lg+JOpL3DFRSXepZxBHUr+jtoEeaDJcfZrJxExNrt5deJvHt1qz2e8wu3/S9zpedMUE1Yu4Q
OGdhADilXw+H20jpJnyQHJVQbMxfVq/dokGEd2/7hiz/sHBneCKjRA5cJ+gsdWh26lSAvTa0oer5
OafXfhGf7RyiCVX+uZfG7vf/cx25BiK2gJgB/0HvNzt4r7YLZUcZNHfZNXg7td9WaDUHOQLBtAeO
bqtsX9xdSMwpPv6Cj9PE2CRSR11g9ZEYkSvvoA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:02:51,351 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-12-12 11:02:51,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:02:51,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:02:51,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:02:51,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:02:51,351 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:02:51,351 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:02:51,351 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:02:51,351 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:02:51,352 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:51,352 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:02:51,352 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:02:51,352 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:02:51,352 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:02:51,352 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz', issue instant '2019-12-12T11:02:50.450Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:02:51,353 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:02:51,353 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:02:51,353 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:02:51,353 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:02:51,353 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz"
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _vbh2z1dlaishhctur355emxsse8fqaloktdb9gz and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz"
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _vbh2z1dlaishhctur355emxsse8fqaloktdb9gz and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz"
2019-12-12 11:02:51,363 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:02:51,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:02:51,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:02:51,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:02:51,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:02:51,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:02:51,363 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:02:51,363 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:51,363 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:02:51,364 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:02:51,364 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:02:51,368 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:02:51,368 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:02:51.368Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:02:51,368 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:02:51,368 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:02:51,368 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:02:51,369 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:02:51,369 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:02:51,369 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:51,369 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:02:51,369 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:02:51,369 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:02:51,369 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:02:51,541 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:02:51,541 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:02:51,541 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:02:53,692 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:02:53,693 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:02:53,693 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1056735047::identifier=rick, context=org.apache.velocity.VelocityContext@629e7540]
2019-12-12 11:02:53,694 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1056735047::identifier=rick, context=org.apache.velocity.VelocityContext@629e7540]
2019-12-12 11:02:53,695 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8f39777a288729c19dd3642cf3349768e21ebb1399d5da81ece6fa003e2399b2 for principal rick
2019-12-12 11:02:53,695 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8f39777a288729c19dd3642cf3349768e21ebb1399d5da81ece6fa003e2399b2
2019-12-12 11:02:53,696 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:02:53,697 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1fb90fe3'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:02:53,698 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:02:53,870 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:02:53,870 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:02:53,870 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:02:53,870 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:02:53,870 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:02:53,870 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:02:54,386 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:02:54,386 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:02:54,387 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110254Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684574387}'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1fb90fe3'
2019-12-12 11:02:54,387 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:02:54,387 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:02:54,388 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:02:54,389 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _3177b95f377b304a16ccbf26016b5583
2019-12-12 11:02:54,389 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _3177b95f377b304a16ccbf26016b5583 to Response _d4318351ef9668c9d8bb39c3435061da
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _3177b95f377b304a16ccbf26016b5583
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:02:54,389 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:02:54,390 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:02:54,390 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:02:54,390 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:02:54,390 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:02:54,390 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:02:54,390 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:02:54,390 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:54,390 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxvmfF07s0nPQgDh7ylcWdOKuA0mg9P5z3WbWeZwREcNdK1xE6OJq4D3EvEaOXCxqImXRYaw2msTs1ig7YdCY7Cz4tipf0xLmJPccfLfVkdHj3arf4jrfN1XKCr3NAIUYC+vUdZSLLAE6l6AEffEKzRCshU9EQq40= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _vbh2z1dlaishhctur355emxsse8fqaloktdb9gz
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _3177b95f377b304a16ccbf26016b5583
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _3177b95f377b304a16ccbf26016b5583 did not already contain Conditions, one was added
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:07:54.387Z, to Assertion _3177b95f377b304a16ccbf26016b5583
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _3177b95f377b304a16ccbf26016b5583 already contained Conditions, nothing was done
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _3177b95f377b304a16ccbf26016b5583 already contained Conditions, nothing was done
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:02:54,391 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _3177b95f377b304a16ccbf26016b5583
2019-12-12 11:02:54,392 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 8f39777a288729c19dd3642cf3349768e21ebb1399d5da81ece6fa003e2399b2
2019-12-12 11:02:54,392 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 8f39777a288729c19dd3642cf3349768e21ebb1399d5da81ece6fa003e2399b2
2019-12-12 11:02:54,392 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:02:54,392 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxvmfF07s0nPQgDh7ylcWdOKuA0mg9P5z3WbWeZwREcNdK1xE6OJq4D3EvEaOXCxqImXRYaw2msTs1ig7YdCY7Cz4tipf0xLmJPccfLfVkdHj3arf4jrfN1XKCr3NAIUYC+vUdZSLLAE6l6AEffEKzRCshU9EQq40=
2019-12-12 11:02:54,392 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:02:54,392 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:02:54,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3177b95f377b304a16ccbf26016b5583"
2019-12-12 11:02:54,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3177b95f377b304a16ccbf26016b5583 and Element was [saml2:Assertion: null]
2019-12-12 11:02:54,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3177b95f377b304a16ccbf26016b5583"
2019-12-12 11:02:54,393 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3177b95f377b304a16ccbf26016b5583 and Element was [saml2:Assertion: null]
2019-12-12 11:02:54,395 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_d4318351ef9668c9d8bb39c3435061da"
    InResponseTo="_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz"
    IssueInstant="2019-12-12T11:02:54.387Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_3177b95f377b304a16ccbf26016b5583"
        IssueInstant="2019-12-12T11:02:54.387Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_3177b95f377b304a16ccbf26016b5583">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>YLUii170rOd+4m1TDnVGZNtM/5EOpbqT2Ut1RCTskvlnQy8lnZYV0zWHK4PWVNX+2sbCWu8ye7tVKTFoxkrSVw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>H9pNZR2lauZNFL9fyEe84vxPbHcfV4Lb2tD/OELtFrFw63moO9B03h2tCeVSIw165mqcHrxTs8G3NmRyYV2hFhpmfNcTyzRUpBAsMHbZRn+RilXRLHZ2gOC1SpdgtwWdfOrikpZldNwNEIiAvLVh69bBNYxCp/3YONaLci0c3D+gzuChiaFeeFHSA/uNIDJlNj8ygis9c+Djj5Xsj7NymeMnRhjlX8tvSPXlQdSmhoPjZo+DK41BVZ6y6Jsgx1YoozXf1Fxr9jKI3tW0QD4Q+1OIJLZBbiNF8oiq+9u/BJrS6dUNzPawmJwf4EJbDgvuDLgXIccxUlIiuPpxvefxpQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxvmfF07s0nPQgDh7ylcWdOKuA0mg9P5z3WbWeZwREcNdK1xE6OJq4D3EvEaOXCxqImXRYaw2msTs1ig7YdCY7Cz4tipf0xLmJPccfLfVkdHj3arf4jrfN1XKCr3NAIUYC+vUdZSLLAE6l6AEffEKzRCshU9EQq40=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz"
                    NotOnOrAfter="2019-12-12T11:07:54.391Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:02:54.387Z" NotOnOrAfter="2019-12-12T11:07:54.387Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:02:53.695Z" SessionIndex="_b2c8653c36631f6a3c7d19a776dd4fea">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:02:54,397 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:02:54,397 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:02:54,397 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d4318351ef9668c9d8bb39c3435061da"
2019-12-12 11:02:54,397 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d4318351ef9668c9d8bb39c3435061da and Element was [saml2p:Response: null]
2019-12-12 11:02:54,397 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d4318351ef9668c9d8bb39c3435061da"
2019-12-12 11:02:54,397 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d4318351ef9668c9d8bb39c3435061da and Element was [saml2p:Response: null]
2019-12-12 11:02:54,399 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:02:54,399 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:02:54,399 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:02:54,400 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10264-OLkpt6YqQAy3XBgDin6vpXiDvX21WlOw', encoded as 'TST-10264-OLkpt6YqQAy3XBgDin6vpXiDvX21WlOw'
2019-12-12 11:02:54,401 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_d4318351ef9668c9d8bb39c3435061da"
    InResponseTo="_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz"
    IssueInstant="2019-12-12T11:02:54.387Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d4318351ef9668c9d8bb39c3435061da">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>96SU4sakbq1iBxyXvoRnFv5Ty3C3ZPAkeWqID1NtRGozSTOJwhJKMqnOjG4ucwzmwnXQwrzc0715+CVgWCv/DQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>lzKaiZ/Oa7DQGc9GFecroAYeVA3e5T81DkKCpHOLrvqR0f6coB25kZzRXPeDcpRLahoTua+3373YPiNvxQCgjR8/9bJs0xhlBakmXRgRNEYmPB8emDAQp8sOcO01iu0cOYGrcw1/tz02Lh14gJOZMKlsH/PGrHg8EroiVeD+LKFnDKO5iP4TgkirfKE14VpMYUsyjwyLXvrBjNaI2iPuLq4FLMtZDvwsk8cVMfd4h2Y6pPT6Z5DJIpS9gg5JQ9ll61ZJBdrkajf54BtHhqt7+pWej0aoS6wvz5eQS+MkI0C8/vD3No9MS4zqI0Eg+TGcj0CMuWZ18eg0RQwa/2yIXw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_9fee44364f2fb198bc8ca132777d1276"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_402590b476a12104687c95525ec527a8"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>nFma16nbvqJjhMh9X+j9l3lqLva9xmx2K8Ub9aZ5sR/eFEK3L8PKzYolEAIOVk0+p7p1Zs5Y5lKXExUTT3et7Je98TOngHCs40WoLUU+hRez4FXWXVQrnENqnuHtm/NQup50YdJaEvQDcqqUZMDBrKb9p4OUqUNfD4TSJWTBwTdHU+4GWIDUH6roMSqbdcrXgCAAugkxk8rk/QtuZP1WmUv+BnTy7t6FN+rEN14BWfujuZ54+7wBPQUfj+whYkVy1jgYopr92gTjj2Iv89qXuRQ+ZlpCnZQIPQb0qBTXhxWBgUFTnIjYULfvVDcAaQOtxpZfvKwTmIOi499jGc0RNA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>N3NI9r4T2Q8EiokIMyPOsd8SBle9+j6SSuuTtPHHyh+TB78+Qn4o2YbveVN5OqF2Ij7npMtqNpiFZTx7MaGBoN+HbF5BPln2jwaKJfZ5tyynXMtTGAGZ6aKCRqSEetlkYAf2ggwnIeFdeEM/KiPoOknFsWfontvMzLKxiZOJ/Pg1pW+M2IqGFc3fotC034GyWspAEev46BfeseP5lxIz+l6frP9lEtFsdWIVm/gOWj4VQ8KlWsJwgzbs6Yy3zLDrNBbjO16vGYl8VVztf7AZQAJ8ssuIgwlNKteB9VnvvWki/0uVclKqJLAEnTZO6tHxwFAlZpU6w6XK568xL2Wmu1RaraobtWnymO91qBepRqvja0U42tNpMkmrA2fnYlMkyNFLkRhpACDHQ36PGWWsBpv46CK1XaLHoEo8NKlO/NOzA8wa0R6GLP24YDAtPRb4krEv36WzS7NBkU3fEyoR6ObTtOKkkV3OhroSkfHPCGgZsJhX/rwV9Lf2KtvpxBGciATz5bpIjOSz2XoaFnEaaQ3toICwjkTMoBNaW8+oI9u6xO1Z03sgyoS1DPsckgWv1WLxGMkTUPCKKiG8J6/Y96dEE1Ei5Dcvso5PccQD2YGPIMqZ556ESZgtFunoGqkJGI62H+mugbl4jhadckvFGpLjgTnypOH7zoJbRgOe8LDp2w7Su0GBAZMrQujBPDQ+cGllqKUfFc3TPwslPPHSKtESre5DAR5J/9e46o35OOx8oMHeFtyDM3mT0TQw/nHbvR0yPk/B/FvlgC/UeJPNiRQF05XXNRYu/rCC5tUgkhFlZYbo5dgP6SKBoXyB5Fl/ur1NyBgUlSFmEg66uEltOMcQPMSJSXs41fH2GJb7JbSuc0jBZGfgBVfyR2tpbA6fciYhPAhU3VLBYqI9tCvkaRPYvxeTvRv7KXDf+q4UsEPmiU1rc5x2Jq28R8f4E5CJc9wmc6gCExWvwLgjlsKFSorx6T3m9Jw5ULSsr9q1EQcJORHkeckmQKFFqxesJ30ICy7ujMhBppkhXwYIlzEzCoBY9i+IXdNevfabMAzXUTKKQV6ZNGslz1J/8LDJ7evSl/WvE2N1g+TZC8PPhf9iHAYUTqWvzHti3XU2jWLxnOEImYxj6GwkoWNdb1tWvRrUfJ0D7EsVtUm7uwChOTWB5rUZouAfoCCEFwCdw/YY4vtP4wM0MP4gZs5Hc3ln4XWHImQ8k0iydU7BKmRsMIlRecHeiuk8p27z8dWBpVijsouR/qAkIc6qM6vqOrIum+J16HlyCJ6ZDjnfnPcxWiGViJDXS7LEavVNoH2/rjSo0Y+OjG1HuHOXHKZ9S2qqY6V2+uZTU991RRRwqSO59iSu+RQ/uUUfLXGKQ+EFuCFG87l0+zN/WRrx6CXI0Q3hNmGgxe+11Shn94mBpcARPJhQ1BqIvVBmglcGQvaZNPBW/bwk+W5m11Gkw6vGjO8c0IImzFFh7o7abde79Qlh36tyRoqfsU4pJ7zyE5UUU8s1mxkLtloSJ4rwrTP/rNhEqBE0+64snYayZQnmFHO9lKvVF0a0qAlccOWVE6+IIYgrfTG+VCvmJWQDhEOkiZX/77zVbPCIY4NxBmCB6/EY8P6hh66k2Xiyb2ZahDownjVKEFe9LitaSyH5KtZ4sW4/nKcnXNJhov9vIqxlgrIfgfBkYCK08hWA1+PsalskzdxjbhwyxweANl/rIK/Kc+lB3UjA9cKNLCaSbQgtRcL5bY8NepKbOe4+2u6VJUYz9Yn9mSiYTBMzjCk43So4zUwKgAvoKU9LdvfkdMxeRSjFWh7f/1CIKcWuvyMyd6eYOilIHkev9NH9UxU/nwHogvrVYgBjEw1YKf1TlsOvDXHBls5l+P+jKzxCsdDb7KgbR5D75zDp9hLCHvKZAg4rWGxMT9AfiR/EuN1IB+6f24NCZBh9dQ3cKrXD5EBMnNT1vmZSfhd3jwQRmeSnxKP2fySP91ESDthhJuK2K1mYaLHwZZx0OY5NGfW0jShFFT8BGfwTB5hiwZDFo6q1ODNpVqOz/tRSQnTm5vcMFW6YolJ4FYy+IBH+fN5mw39dXVrQr35ClknfZ/HC4aRgrFUm6wxZUvSih1fjYTK/oByhick57JJZdX8boXAmq8R/C1fw1sTjIZxX2S52B+NHkh4UWGN9k/kM8VU7rttXOb8B6QZb7ZIfPXut5qWXG5qBoJ6msY+iWyDY4KmNMOm/kMk0ytytOUN8NgDyWxPwlZX6BmbcL43X1WC4uVNtcg40XrYGAQCsHouX1/sQ0/8cjTftaZaoSzCVqswy9RBhchJ42OT9pop7AOsQI7xJEvBabuKRdDYl6o0Z9iFU+7/7iQ4ZuWDR4suMqULiUNTSZtcwJD/zBgfjW+flBiEG4JIlMSi1LJQtCqXuGLY/ONWpKTH+RPJRkvVixXh6zTMx3bm2u3HjlHbyOWNYO1fSD9vtuij3RFUrF2NoDzf/iUPycbISiurvttDTLsbrubbhTNBAVFq8JX7Hz75F99E+kb8DccYgGnwDfoQY2H1nSw679L2/I5B7gDRmgWANuPfeRPpB0xcUGDT0VMQgPfLRmVGW02r6bpQgjJNb3LMMCmpDwNIh/jyWXor0FEGeTgDTsPAxQ/+DXyKMHaeC/rK8mnyMssMxx3swCtUG810Nm8c7Ez084AUYiLdB+Ln4C3YBrBd5OTxVS2Kp66LMELlDHl8QHKeoTpTLcFbi3Pnko23Hyo6vNt/aVQSEq9i+tQT7YiJ8Y7ig5noPHrjSMITA7CveY2q886ahGzxztgxaxO0gcm/0wnJQYhHQkfuPbq+Ro8oxAMDBVIm0pMS3gdRXaHA8wG9S+HSHYTjsa68O4rmxhKE5BZmSg/Dd+ARx7Zx5pvK2oPkJnQeCnpWRBHWfl15xH2lClQAUesupaT30kB71NwIjpT2A0jY5fIgGEISgX7e5dtKQMrubqTx/Fw1/AJ8Zr2NJ/lOww27vK1qK749FdUVMKTOtXUiBJ/z5c58YnfK93pAP9ktKqt9nxajqghYJ1b03S//BNPKi38+LjjF59VZ6cbNZl7cgxmc2HtB64cLomdlLCGV7hkF3mU6oLDcUb0k2L8ntkFJxoUiQ9m+dvNqyY1qY42LcXd8b05Y6v941wUxbUdroANcfOOuBanLaJ9U/Iltd2xmBw708sKEO996SJJOhppvTfI06ttosFqZLqaFGxxVosoioami1/RNEwDW2+H9Ggl0ZNCoorQyTGvljceQdYLRzoI9UFfedUFy3SaFFnXkPgYt1BP1C+u0AR/feUS+5mwrfckb4XCVmXQ7V3rBooyzCSl3P3anJcJgPxdhlage7vau9kdBytHriK/cMDK/oYUWq+jbCyPTI2gPn3sYzeaL5FtxBZa2VXzEOyRPn9ybQIdT8ZG7nkdQTw51bEU8SRZAQZI6c9GDKUQmDqrWixA4mS5Z2WMfsDMt0h9LyM8IYxIQOTPOuBj4AFVJjIw2HuuhFC0vhZQ6+GAVS/ZFPEckhRyum9Wyjrxj+/x3Po1X4SvibW1TewyQ5AuKJs6ZTHDjtjq/d74Eip5g4T1P7TXrCAHkBxZVn5ffowSVsdvYYyT3Ck2gvzqL5afavJl024SoUOBodVfxqTJN/PKOUC2wz2VZBUHHXIrPZq9JyqKzQUsi/qvGglBzT8J39vPaJKqA4jTyoQle98zM9ytE4O3ltPmqAH9pRI7/5uT5oSYCix+1cInF77UYTWV1sNb9RgHbPuKkW0B/6GgGAseyicT7W9ZFXlESakZBvVyqyLL2WGwZ4VCVcPXlfhzl930AsQhAfn0pIxAQ6tKYl0J/2YEsisSoQVhPlEwBVe6bDKMcn076A/yDO3amiirxh66TmG1NJ8Fjcuax1H016dk2Fsd23lLZAOohWOk9OTeU3WcPOAGRinvYLtPzgXfsclqaQJjufMB6f68WGW+q+y6DH89EntBVLeFYaZSUTHXY9ZSW6inY1laaf47725xPJRaetpdUquAVD/ExXbwUs8JIVvZuqE4e89xD/weOwJvI2EFY+pd7JwAXmwh7FBQwj0BCuLQNA/R8wjSQCF1myo3GRnSucObYTOVlZNm8qIZnm0eMeLSFZKv5mfM6nkI4iLT3XqEWbXlBDG3qkPFIzg6J043fzYd3BRpBJqGETQuxHXouZ7pU6FKdOfOjNP7iMAuQKXzEKLeq362aSrEa3qNE7G7Jdf+GpUM921dNZSBLeyrOpzsgGJoDD35/RbzYuN1KomcV1v/mPaNBxqrpyHlMSRthbUI/iMYNmjM28CnRM6ZWi8ov74tjg9a4P2dqDdz1T0LmqFCUmTE2pjZOX5B2LKQG7ZIvcEFU3v0nipH+WcQWNWhOErpWI9tMad2p/2rZzdaS1Sxoq6tTA3vYVoJBFQ2tm5IQro0ww3a2YLnZbHzzKWRpFnJ9RGE1Y/K6P+KAM2QGWjA0zxDkj3ahAPDK8eFnf05W2Nvht/9T5mWz14+Imm1yJX8upSE3fxxqub9Mef4opMJnROzKKZ60URUQEZIOiYP7iiK9E7KO83ieTjX2BKqgcP7l4dlfuMoFFKjIv3VMZj5QaqBZlfxAwOEc/ZZSQECJ1z+pbhCyeEhqYLXyV1NXIF6qAT2VcdHmW2EDiANHwmxO+GoiiAyZM7cHM9R/dCmcXrFPX2cH4CnY8rL+vtKWebdgXVChIPk6o6lHQTB//ZH1Y4EVF0KEQqVOz7yPL48Zc8FFwwhxQfdGsA8vIjfA2xclw69CPWv1TZMri9edgzNgQiMS4zALeC3UCIq3LSaGrduYU2qChlDdwdk47Q25mq3X30hs+rokPoikqVWtI0DkKQPXK6bBjXn+5CTB0qlpS8qeLNFEnRVv4g6rtzr+Oxw5ORFl+atZ8+3fY2J3oCDe1JEazCjbLHTX4PBaBZ7+J2l1VBu8Qb/U9eO3oz/VAdTTVHVAMb4IUeFxRaChvjVQhvQ3DFjnBoCKHpG5/7n5edyfYGDPiL9217wVq9gR69Bw7cQA3Zrfnn2fttsGkSH7uujeaFB5SxmPwU/f4nSes9qCiBU0l+W/meC1I73BozHbSRGonFu5XNmI0E+JXPducp6BjJKMdpFqjjNHNKamsoN6fgCQZeEr4B4/juMbMaIwF5sjrjYjtn/O6eJ1yoB681gQBQDn45cRUvQv2BBo4xbp9nFQ6tdSInLy+HhnSezT1XF3nQO8stCkYthCZbrEZ7+q9Rat9iawm0qipBD4DQ/fDS9jutWfx6A7GMmUNIpNrK4wG89xc3hfHLrQaeWuUC/V/5n8ujFU05pQKICoUl32uTITFngM5t0sTEp1Cs9E4H+68lDf8i9Xdi66RmxomhMJE6BfMDSMaWnNhsO5Eh9YRnCZNZr8Q9ACu0yG1AGiqIdSrtzfTN/ekBthl8SF2GFqUlVdPXpdMPFwo2/PxeW8JWc+cb7RVwOfDin6lfD/s1cQ6horerMCEZUyZ9a+MoVpe4eF1QY1e/INvoUzzW6qwfzzLBnhgBXTolxD5/irRWSbWGiOM2OsC7JoZ1m4KFoiHJ8V+PhBXpnxby2GUgSrJ7g8R5M9uPFqRs7H5+UmaVK2YGD8Cgqy7j/LGgFJIKdwY0gXwAZ6/OoTQFQdaWnExSeZJwMXjuXTyER6H9o0UfmWsSvKRsYg7XKXlT6D3awUSbFxApOiNeVqdOGRV2AwudTn6RHk2oh8v0exJ2zfXC4NcE8rBDy6ZPb0wC1R0Y3mQr7Zy+Pekp9Sh4qtZtxh/ariVAiAvNY35n4VhzkcROSRfiyn2pBmw7j6mx/08FlvkOs98gK4GhlLdu3NKgfSowmZttAtKcBBq9uWISJcBqwLvGg+jQJ+zCDjtse69y5yVRJSzK+vb7TawRadL/tZxGqLGN4jU91b7C6M7L2tfMYDWm7zWYBe/BF7V2LtcvYQWU9wnV0CyvVweEfzRjSwaCMjc3sBNgjX0DekW326E6yc1NgXk7WM/M14JJJs/ztxXxbUhho2WaTRcUdG1qr98PIN9mzmPwyWKxxYOkdsLklt6RY7ML3cW5bGlAdcSnGa90XojiKHD5graecChs9OawC4QaW2thLxVZgTyJWPwJdPzUz9ytq25kqS+zMjRTNDIMJNVRFBaJcm5Xu2W1DeV4WXuEZemqEgD+si2RFXVi4JzUwLgVCLqrk6EhdA3DrdtF4dSAocfSn2cbcaAmxjsb+o4hLv2uQybd5pwppL+od7JtlnsSOob631eA3Y0Qap6AXXTdOQCh+eSctJKf7A86ACB8Tu9dVbOsFKyV4VMu2DaLCySvSEwlALNmEBm5KfHJIdr1DJS9bjJngKmXXrn35hbxzKSCjbXVIqf6icnPGAWUh5jAPGTzunNvMByVfv1sw5db5o/m0H1KdO+COTtequkT4ra5pxGR/8twweWgljIoNQUesEvgOCi9NdfXWPKSF4oiRKNtMws8bJP/L5QX5FwbHcComGaZx50778e+QSY6sy5YNojh02QFNyCu7eGeTDJogP6YxlGa1Hj3p2Mab4LXGcumUWPg6YG+ReQPxZuKxbU8zx3nT6tma54SdfVSumWfFIV5rPXoJgZKgk46NiDq743FwsfU/OYsCTr/kFzKF8xV9x3Qac38s7OLze37l83f1Sw5SCTC/0AEmPDQ531KykSJJ6U1Ge1QRmF2BtPNoQEU1SIffEbgvCfK5LLE2fDK0W+4mlGEJTuO78Ud6Ns4J9c/neQGjjHHCTSZtf11Wxe50CSvrwz4nvumyGIpH3sMBqj3L0QPAmw/kPquDZEHpsab7e2nQQr3fQ+0YsppENoJCdfcZgTIrPHjo3QdGV0w6uOAndnt1/YVmZk95j+cr91PyjQkfP46uofANUEWc3F9we7ZRS+DJX8OcU+oiJL5GLEHMUrxTCWzTK4pJO0u7kbYcHnjf/3vp7ugmlBpQ7POZcGIKVZkJlup/CKzzV2YMxpQbU+PdtXNzqsKRiAhy0tN1pPpy2NolfPG0T6qy1MY6XNhyp3UWaM33bJvKPGtOJAQodaJPppqb0zLuhThCGu9w8y6JBMjwumV4QagHJQaCy7yDDzI7XwpdbNUZyNHUjVM0tTy8duEtFW6DD11ja4EayqTxt3CwQixb3ZLjIDpXMl419piF4Vp/a9ELquAOToXCfqfEqpOG0tFjShVFKVLIKD3HfYPoJB9Jq9vrxKDIwZaWU/khGkDI5EaBih7/Nt+G4NSbXtIfDeUFGUwSfpUYONd31p9tujkd+HD5yDtj7t9IrgHWEn9dl9H041fCN9Uric96UGeLzXATWE/LkdODJ3V8+k+8/95o2cuXdBZw3oNr203nV55pvhxbVujMpzf/MEDR+uHpMG3hVxRqCCtlAWY6KdaOjHz/fGBEA+VvfqmhPwIasEJOQ5OrxVs6P44Rz7HvkNMxHvpRvJGszU/tl08/HSLSIRPP/vHL21TCSnq+RHPE2kBnM6NBIQQxGWXbqXr9Q8EPwzdPc34TfCIFu2yEFKKq6J9uQLl54p2qqwmEHn0IIhj3lHRyWu2Vdmnc8Kg3Wqj8tZez1BfbPwK+enH43P889Jgj2K7mTGXDRYKhtSfQFgDX+pH0aBv9UC/kqn1E4HpMpuIhqmy4cQXzLpsSBP7Dk9iBz+jdPQU3zcyXJOvzMkMDLeQtRLiPkrhpI5NN5lYFaW2Qo1bcaaCm3EqaQTexE4M6nvATr0H0GMp4sXjyCw9pbyVuEpxk6uFwWKasj86DmrcPOLv4GME0lI9tyB8XsFQt6zK0/Y1ApzHAXLS/+FETRY5ZRiThTLS59/BWgNmtK1PY4xYR6JgKIyEBwZ7hSgE6pZg6vLsVEXFENug2/2Ay4zkRrxfAALo/kueULb+g6DiItwvI+rf57RZh7hfByFaqle4mBP3DXv1FrxD/Lket7kpYFDqVneRi1ayBqTTyDp6eomZnKpZpQpGnvewsPSC8zUd6nsk0Cvs/V2EjyVHGVSsxZjRi7ancwqOVLK8cEHHPH3I8C/fsny1ACrAznAR6esxrtTauWB8/YltMv8YXwPcdxPKgsjIfZMhTSVb8NxXCa3gra2gUcjHvA45STI9GHdheBehMMP+dPBgEaJ/PbMyI5xo1GBrJwL</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:02:54,401 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:02:54,401 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110254Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_vbh2z1dlaishhctur355emxsse8fqaloktdb9gz|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d4318351ef9668c9d8bb39c3435061da|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxvmfF07s0nPQgDh7ylcWdOKuA0mg9P5z3WbWeZwREcNdK1xE6OJq4D3EvEaOXCxqImXRYaw2msTs1ig7YdCY7Cz4tipf0xLmJPccfLfVkdHj3arf4jrfN1XKCr3NAIUYC+vUdZSLLAE6l6AEffEKzRCshU9EQq40=|_3177b95f377b304a16ccbf26016b5583|
2019-12-12 11:03:18,477 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10265-7oFwoSdZspZGFk3WHK-HPHATZoukkbnh
2019-12-12 11:03:18,477 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:03:18,477 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:03:18,478 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p"
    IsPassive="false" IssueInstant="2019-12-12T11:03:17.718Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xRqik1uOGeBWcqdXwb38FifPGOxwrB3kzZIVBKHhV68=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
RapEYPlASLdY99TBjQi6q2EUTJCYRcgeUlQ7gypBgaR0iYgD7QM+uREzq6KJrykjTkXrilYeqsch
m1TUOu+xRAU9x0EyL24i459CjnUDKvSVUtuoMPsSSfG8jfwpVYCxBsuMGSUpTpA6E+17yf49jFRV
3ntie+svQHgcDMZUbeWYCSXpPgBnp/2zDngLtohphY9Jszd8k0bfY3CcyXDycOEAe2Sh0tYWTQPL
XpU/6OigxXUWfEZbjp5LOFe+GidCPUEFOas9oaRd4TGhmIUhU+W3eVKbTVb0yI9+gOvzQ3rT2kHG
+XLnTLiED/0YfMbTtwepKX+3hXDNgEwCEmhxXg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:03:18,483 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-12-12 11:03:18,483 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:03:18,483 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:03:18,483 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:03:18,483 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:03:18,483 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:03:18,483 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:03:18,483 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:03:18,483 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:03:18,484 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p', issue instant '2019-12-12T11:03:17.718Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:03:18,484 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:03:18,484 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:03:18,484 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:03:18,484 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p"
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p"
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p"
2019-12-12 11:03:18,485 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:03:18,485 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:03:18,485 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:03:18,485 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:03:18,485 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:03:18,485 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:03:18,485 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:03:18,485 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:18,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:03:18,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:03:18,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:03:18,485 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:03:18,485 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:03:18,486 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:03:18,486 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:03:18,486 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:03:18,486 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:03:18,486 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:03:18,486 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:03:18,486 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:03:18,486 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:03:18,489 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:03:18,489 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:03:18.489Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:03:18,490 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:03:18,662 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:03:18,662 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:03:18,662 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:03:20,689 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:03:20,689 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:03:20,689 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1854217955::identifier=rick, context=org.apache.velocity.VelocityContext@457c03a5]
2019-12-12 11:03:20,690 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1854217955::identifier=rick, context=org.apache.velocity.VelocityContext@457c03a5]
2019-12-12 11:03:20,692 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 5b9208ee3724448a5a627d25015a7b4f105aabfc90e4b3f01d91f91cfac22308 for principal rick
2019-12-12 11:03:20,692 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 5b9208ee3724448a5a627d25015a7b4f105aabfc90e4b3f01d91f91cfac22308
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:03:20,693 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@57818322'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:03:20,694 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:03:20,695 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:03:20,695 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:03:20,872 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:03:20,872 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:03:20,872 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:03:20,872 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:03:20,872 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:03:20,872 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:03:21,366 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110321Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684601366}'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@57818322'
2019-12-12 11:03:21,366 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:21,367 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:03:21,367 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:03:21,368 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9d943731b39341f01c8e4cfd51c31878
2019-12-12 11:03:21,368 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9d943731b39341f01c8e4cfd51c31878 to Response _37e050a36907005efc4d210456f600d4
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9d943731b39341f01c8e4cfd51c31878
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:03:21,368 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:03:21,369 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:03:21,369 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:03:21,369 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:03:21,370 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:03:21,370 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx8VgsVV9jtyl2tvIXD8hE/B3CGlO3JePvhMhJvbhaH+tzxivFQSG/Na+QM14Kx5HDin0XtU4khkr22GAByZCQbVXQs4OnNEa098Fgu8oANJ4xrPEem6+XWJa23rcFmsWA/z6HBjO5n7E3H+VH2SIeXPpc6z1oF7E= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9d943731b39341f01c8e4cfd51c31878
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9d943731b39341f01c8e4cfd51c31878 did not already contain Conditions, one was added
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:08:21.367Z, to Assertion _9d943731b39341f01c8e4cfd51c31878
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9d943731b39341f01c8e4cfd51c31878 already contained Conditions, nothing was done
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9d943731b39341f01c8e4cfd51c31878 already contained Conditions, nothing was done
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:03:21,370 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9d943731b39341f01c8e4cfd51c31878
2019-12-12 11:03:21,371 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 5b9208ee3724448a5a627d25015a7b4f105aabfc90e4b3f01d91f91cfac22308
2019-12-12 11:03:21,371 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 5b9208ee3724448a5a627d25015a7b4f105aabfc90e4b3f01d91f91cfac22308
2019-12-12 11:03:21,371 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:03:21,371 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx8VgsVV9jtyl2tvIXD8hE/B3CGlO3JePvhMhJvbhaH+tzxivFQSG/Na+QM14Kx5HDin0XtU4khkr22GAByZCQbVXQs4OnNEa098Fgu8oANJ4xrPEem6+XWJa23rcFmsWA/z6HBjO5n7E3H+VH2SIeXPpc6z1oF7E=
2019-12-12 11:03:21,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:03:21,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:03:21,372 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9d943731b39341f01c8e4cfd51c31878"
2019-12-12 11:03:21,372 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9d943731b39341f01c8e4cfd51c31878 and Element was [saml2:Assertion: null]
2019-12-12 11:03:21,372 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9d943731b39341f01c8e4cfd51c31878"
2019-12-12 11:03:21,372 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9d943731b39341f01c8e4cfd51c31878 and Element was [saml2:Assertion: null]
2019-12-12 11:03:21,374 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_37e050a36907005efc4d210456f600d4"
    InResponseTo="_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p"
    IssueInstant="2019-12-12T11:03:21.367Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9d943731b39341f01c8e4cfd51c31878"
        IssueInstant="2019-12-12T11:03:21.367Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_9d943731b39341f01c8e4cfd51c31878">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>J2ooiK4fkz1mRxfq5lssuKNnGlGQc8tq7sLRI7y17/YkbV0FC8LeN5ZJJwUy7iYzrK9pLN1HSFItCDFkiDzfJg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Y1/9G1T+tetYkQwQb9DzxzwdY2raOnGxcgXAPAu+pS1Ct7f/d2N5g3z+ApUUq80nM1TPDEBR76fTE+WUj5U2Csee2eyUKE+W5K0ySfJm0d3Dzl3jMk5SyTxSPe3zom7xaaW611rMn6dRSW8nKQ9BJMOcDcABVBFLHo8ADKPkCuvCuNObTJDyTFWXqPJG5JDonyEXyhEuoi19Fqolv8wULQcbZVz1mYaRGFxZ7ZCTVmXMzhVl1UvifhPrbRtXsdY6ZYCm7ARoLXcaaNF6l1eA2CPc62jtXsw3Y+nwsrh1Ohmror3bwROA5fk4T5YrNFVbcNNAGW5WpXSaZeRtPcJ2+Q==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx8VgsVV9jtyl2tvIXD8hE/B3CGlO3JePvhMhJvbhaH+tzxivFQSG/Na+QM14Kx5HDin0XtU4khkr22GAByZCQbVXQs4OnNEa098Fgu8oANJ4xrPEem6+XWJa23rcFmsWA/z6HBjO5n7E3H+VH2SIeXPpc6z1oF7E=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p"
                    NotOnOrAfter="2019-12-12T11:08:21.370Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:03:21.367Z" NotOnOrAfter="2019-12-12T11:08:21.367Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:03:20.692Z" SessionIndex="_43cbe87940eccf904dc733da10f05d74">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:03:21,375 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:03:21,375 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:03:21,376 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_37e050a36907005efc4d210456f600d4"
2019-12-12 11:03:21,376 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _37e050a36907005efc4d210456f600d4 and Element was [saml2p:Response: null]
2019-12-12 11:03:21,376 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_37e050a36907005efc4d210456f600d4"
2019-12-12 11:03:21,376 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _37e050a36907005efc4d210456f600d4 and Element was [saml2p:Response: null]
2019-12-12 11:03:21,377 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:03:21,377 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:03:21,377 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:03:21,378 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10265-7oFwoSdZspZGFk3WHK-HPHATZoukkbnh', encoded as 'TST-10265-7oFwoSdZspZGFk3WHK-HPHATZoukkbnh'
2019-12-12 11:03:21,379 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_37e050a36907005efc4d210456f600d4"
    InResponseTo="_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p"
    IssueInstant="2019-12-12T11:03:21.367Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_37e050a36907005efc4d210456f600d4">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>EG94lejbkA0xpUH8HRf38d4A9pPYOkAPUvjA/vqX46JTQ7i/aFlv6OxpvFdqfkW1Hryk5YH+eH0e2j7S4jz5jw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Ysqixv5P/a4pbtFA1dzms1B4q+wlhGmvSSgaHCqsDTVho9zKHNkvJyt2TpDHFq65QHwpc0nWdoc2blk2u64pzGXd42MAbHYziAhGCZGb2Anm4AyVYP/MapGvV7P3arnRArf4buJzJPgygQlH8bqlF3oEp6l8mD4CT2RM9Ho+AA4WdTZEyX/mR8Uil8fodX+TGrQLlDQ4Zk1lAK1+28o1W4rlcpA6YzYrgyQ+mnaYVEFh2T0Q/aKJUByM37wcnMzkZFxftkWiaUOw2+TYRHx5JxUFxBq/nPdnPLxNGHAecSdripE97sM01wEA5qVTh5SM77y8LeJC4aHT8IOW4xC64g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8a31c578ab3bd6f54cffa6da27e978e6"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ba40ebdb8b5c322e9a6d03b301c2bd05"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ni3b5/6Hg2R9keGU0/rmQJVF8kDbFt4JTXMNvGadflj/CNrSlovRSo+ovq8QAlZblO2JpRi45XBXM1QHV+lMsS1f4xMx6LinEFvac1smxt+TewbAaomwsiMjuA5QDETobACivFx9MpOBF21a0wqsvlB9MrxmFBqeNH1QtFNLgdarULJcc7eG61cgrgwANjEQrLyza8VCakztgHQ0/OXasuMSWrGj9FXK625P1fFWcA8IHhdoJzIUM0aLnt+BYFXGD1yYVMFtvHBTJzwjlowPb0ms368rB89twkLwDJhKZGDz55FCOj9zR91eFm2zQuRoCdBmWdshBtkEYgvCq3xldA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>xY0OEgDvKIL2JT3Wsp7YOlK2wxPslNUwopcY3YPYUhduHlJIn8E2ElY3i8V6yeeGI2Q/qkEU2LBcUEMKdo86kHXtn87n4nrHX89KBKxo3l5sRdwDtMGwK13fpQHLYVswvh7+EAH4ryuIKxKGll9h1sI9hlgORvZ0kLwDEHCu4a4CgDtKUD0lxkF9PEBaq4CTAK9lTR6gCJOGFF8qQjVLMev0Xlt43dBqQ0/hhSRiEbjQsOallSqb3ybfqAhcMWLFzQ0LboqcyRcKcBo2MtQ2KUQwQbWG46No36oJBAb88lWq32AsXClOa0Xv2NHJM3Ny/fickf24RphXoMfPSObgJT/AMiPGmimedulrdpvsnFWn6UEtnkOoonX7/BDVQG+tKZFCGV4/qYtvbvfzCxKPXG+I/Ky/BE/8PD4JROvbMf0VzABINB/31o/a+rdJpjgq68NEqqQJjVlClFRCZC1zTj8aYq70iVWLp2c9LWFJ0Fj6ndDfb5o0v3ahbpxSZeL4TsV5gmUyJZ5QTx4ux8vgtVBAPKIdmzt2yY5rvqLLfM15yfLsyJigS9QOFUWJyzKZgvB43/fdy0d4OCT3295SN08xLS5qmxAlk90Peb/0/xZuGSCyJcMJBD8pSa2OeOwUnQT7qM45PByP3dQHbr4xJdc7ypA4x/mMWpnLTEdSWAsu7v1/Uu1Rfee0TJRQ+cmb2KwTAp2RQAmzrPV4JKtIaUUcC5VS/4abtuyXKU2VO3uul9UjmpVua98Fb9GjvgbXZrx4gMyHPjsWTBOXMfiM8sOy95Sd1xQesih7kWSgec0tiwjM3gGf3wf+PDdUKY4Ux+8cSenaXCZUt0Zf5J7xjqEEq1KLBjFNuwURGoONscWpPKgFk8wUkgqoZJvfOaC6fIVSI1tJVxK2U73VpQqAjtGOBnPHGRfVP4DA0ni1fyLWdbues7TRULDqiZsyKUZIVTpSITThltuP+JKJcjdhHYrvs28OwO4NmpaGtwkZEVw+o+XTeGLtuX8mXLt0tslczBpFcffLjBnp5AYM6Z76Rc8QRn6RN241QyIGtCQjVM09KDjhf/dKxKlAcqKi2K908RCD+hO2XWDJGDA1mZxYH1Dn0dbD3UZzDbH7J1wJrwDUxfnzWN5wMoNGSXNormj6E4NZZq/A3cyd4E/42ZeRJNKKRK+WXRPxu/I6mVwml67NGV5Uxnh0Oq6EssKKlXuxQ1rF5nFOSlXZ5AP9bK8s19+eUofQSHIhoIls33yRCnJqZbHLkH+fv7x/qxZHyz1mUqL2BeLqnS2iKF+Jdf8ogt8sXkha6FdYWsuoNC6zRJ3u5zOLgC7Ea/Y+tsr1RQtEb9hdUz1Ic/9Bj2j8ZoWvY6fowUcs6nwozd6nWBSt+TbtGCk2mI92bNsVct2rxrIaD5HFRMVvwdo0lR/u2N8YxwGJdtmJx4VdWJmHLKfcdRlENADt4fEvq3UCB6+cXYYEkcHSGH65ez/XBDC1BjjczcYtaKONSTkEHu3THwX5is4r84ySk/OAaAKvC3SjQIZHp7nH5t8qoTUDoL08gw/GGnPBu8wQ6CDSPx/6MUw5SXDa7rJeuuMsCjV6ZARI8oJdf4MnsT8m9vCDuvJ4mlTiC/6T7JuQOfLbfQhBwjtSgkTgEBTgCp9ySwmoHhyZcNPbokE3G+ry2ZUwPpAI5ZZPCw58dD1vZATFtoEiVSjtW5d9qt0USjXb3aNVde7egx2LTk5/1PUypvcAP350vMxHNOZhyyptcr90QK86cYHDJW3dRUYi+i4q3VH1ehbZhU3Pd7mYMtD1mzQxYQoYQ8k++oBLEwrFseJPuYKvCU4ToZ7KjZItopzkSyCSXVClE0NMi3xltww8Ke9CfSUdt9Wp+Oc0X0JTuJ1bQPexREiF6C+PHtgUy9hbN81wW5NO1mNvs3j2G8lo7AY8VUe7GSyuJXAf58EM018HOVHOO38cKzaGB/cCc2ZJiqvblYoMtLXIdxiFfqz0DJwwrypIbTgMfpNVxysf6rYISg0joUv0S7ElcsnqCqtkuvjODd6lo+4q9A3zlnR6DTj/XCPoYP1/eweQcj45Nvx/Ih6m2cZbREYHTRCwonKgkxLwDxUIU1pIYbJE9hwgbR8IkcVxfOZjS/4Tnsd0eJ/nO3YpqITu9Y2AZiCmRT+ZwtcWu9bbKsjNjtlV5V+E8kbxrfDbMWmgdWA57RA7Ew+m4RDAB5IfmGVBHk5WCc9SeSdkukRrSit0PQ4f8ROWTKWS56GpSryH2DgI+Ye7OhdXREatSPhqv9OAxBW32OkUzmfa5ddlSEduO9Vs9OzL5QgarPdTS+DY+dKMm/9gzEYp/bS/7NoIsTD7e8YftnnpISwNiz9A7nQ/0k8P5Bh3afZk1Zhrv1fWGy28mVUQCbS+T9zWrn4R4SdnQW7LoyD7kWBdACjZzeaTKTGgUvhtn93gJ9VGeX07SM+4VSG5Nzn/rnPCMJ10pUA24HDWB6uomKq3HZDbmMLVUcYTAm2sMqK8lC6vIwXllElY45QJCvhA5b3Kdxkqdnh+nAMbqSH+jiJbrR0ed9e9KGUux6vTwIfbYhJFQ868FJ7wCwtlaTc5lcTCW5m9Da/StwOQEMVy13peOJ4c5OiO4oP1Y8sJO8NhCd30AZ1a9tQUFsPCM8O40B7qM2J/s0U9SwqalfDfA4OKOXBF6Cu6qFNRc/PrsfSf4eL3WNZAvJ8srtzwd4JMT7qnxr/ziDRVm/90RSSZh8XcRS1nMxGiWlsB23Uf3yjLWMbQw6P9gsLio4Ss35qnGHEsVrMI1uIowzPhb4yg4fQgxF2w6K2WKyMoyf4UqsClBn79uBSqEtduAeM9rYTYxPHEJnl9Hww1KX8ROkWMR/NpXZDCBwbOqTi3UH2868nZZhL+rLteHNMVWep6lfxtRiaJQI/ic2Mj0IkScmCGldg41Cg2YsuPZJbekxcrdMCKLeovgJIHprDCFY/BTuDQxGRT7juictxtSIHAIw66mo7gpTB396dk3Wqf5W8j1pllozRdd2pXMJg/zvPkXzJt031dK/fFvdjjF7LBjiE5FuodityQWZGHAiX88Sv33E/ulTtZ0At+KeWehAGVr5xDwBkEHYc0HqLh7nWOz+upjyJAdulsRPrVqRmFfLFTBTbwjcRAQzxRSJRQOKb45o0Q3CTYb6jl71KCogutZntgsrTsEJUYOHtrS2XQeCYIiZLHiNeYeXx9vulQNMAC2yLA2B6XO5ynnBn+riSKQO6nNRaLgLG3L5HOX76iCBZSykxE07jq3j9K93YQ9oH2jf5VYGg5vp2iOk1dcUvWUXlyUSfdpZl8A2iQJ5X8ZPQWQVlDEJAbceNVK+h/3rHAUgqvz8BFJ3IofyCi0b/B4k4Wzb4Zh1oVVSC+CGBaLyC9stJmSzo1oDrfQxyXyIJ0ehKOcunDWhZnbckAICEcJfkrzuJCym10NJsyxq/vefFT+MC47puoNNY1680wuYiwgXuUkWijwpO50dUl2Ubsc/2qN6h3qSf7niiO1O78i4vd5sNLzFYmxkAx+UnNkiJ6dETJjhS5vOg/dzcQJY+s9VR5jvnOnFG8gaV7R3Zwz1FHu4JIi+eEgygy1VUWjl0jrk8p6hE2qjo88I95JgEa9kpM72N4gvGudetinUGgDnTyf5bGuIOYCGUMfUaP3Bu8d1EqVAul0F9JQBabk7GD39po+mXfq7myo4t+9AQ6eaJg5w3FBOv/6sNM62eAfsdy2B2Kd7vR78REOTuiepuZ/NsP/pQBzINQImUJKS3dZtkFolUaCQ3Lf6C3zWLCcaKuOrZLXidVJSajmwIsydYxFU0Gy4+QMQq8rBVtQJCA75N8I6jGKpT8gWno97NAtOA1q1D2EzVYHI4xDHyO6PZcTbirMWHmL8Dh9IRT5+A/0qGzM5+1JAIllk1tKcP9xYeeKvGKP4nHQmV2ArA8WBZDQRzD/Kchd8JDCA5aWeO/TQWMXfbl/hSBCNFjlrG3XTOheunrZMkUz72DE2WTSp+ZUqA0QPTTTc4yLVrgohlbOLQtqIRCMMcupm6+k0cxBa+D+pASUXB+gOvcXsuNLnLunu45P+1TF1QudyS6hxpnOZttpuqWzqqQscQhXW7VZcaNYjRICRvzSSHpg6W+VMnVXsMBvb/e95HSHGzkyniXPEAlq8qFeKw8fBKigRLPll9AefNoqjGBOU+P9ba922ARcpaRdnTQ7ISMdvAZi8pfVLuBrg3o7Q5MdaPF2JpGMY55D8tscGao5fsOw8L2ynkm7q3LW1Od+Y3JImcSIbcwbqoPZIZbEpv3vKIUMTwrGFoqND/CO4MYr44MxxsDtGv65Dp6dcg5FpGyaEuyPZDiGsMAfZDYDok44A84j4KugKAnYIvAShm15rgFmFdrrutCeIG/UW4MVEYxHJVe2H784XqKhc9elIgFOdDuOOUCopUr4AqSILQLGfhqlG3vHVEI5p5aVm7xzF1zVIChBf6i/J1qFTFRBo0aiy88YOYUUGsJnP/qBJNvFvl+gyg5/E3WdAehOoYd2d61u5vZ/LmEDGECupTXwMdWSD+RdRKVmaS19RDIaK/svosmzDfbLb+p0I8Pz0bYMduaSTTtEA5WBkC8yKXsD4YRbtifSh8WIimmzwcH/LYAzExqukTOK+/3DzByFqEmmkoLMkPb95jtqP5rdK8yxuv/sWgZW1STtdtAylVheJpKQUItwEr2Amlza68sqaVmANB9GRpgbwXGcWodG6/PMovDKD8y8B7rvl1U7g03HRFSaudyuXORVmBHPLEOb7uJiCsQyc5t4+hSSmh9sal/CX1kXlBCiahOvRmVI2DsbfFiCodVm2vAsXmQTDHfSEk8d6FjoyMggneWXIRDqNs+OHfVU7IOd1V/oJkoKsmD1++1gSMAtpL38cKoO459pC3N8ix8yMHSbkF/zez4KAWlvrMHERzAAaSaRgMtpTuKAK13VLezeZ8t+w9xPqOX/38hNPL58Pi0ZQNw9rCxuIVNi07byKmKF61QHeSkJv0FrCFcwtsw9mB339HzvGKiuDtH0mEkMg3kFKwnHmqJR9BS7Vt25cFzCM9ZZgZa2UDpW1Tv9ufd0sRA5oTbrx+6tF8FsP4tCuNRvWCawTAzTN7OrdFKhab5bWSc8dl2oYQ8WnYHfMbNoLTOKyYrs/e8BvQaxBNtdsI50LMPQar9getqZQQv8VO1QXhV+edTf2YhoT/CT+Ev/ZtYa2pH8JYG3/Z9g1yh25aanEHlBe34EpAIT9aXzyQCpyzX3ncugbPni/bacoAagENByjLEsh40858WHQBQS99ceGMiY7aDAatthSeKpd0qOvD5y/liWTbDcGNVy8B9cjg2jmg3c5lkwVdzVghG+2LISp/eycX8HAvKY8yIC0rlrWrAU0o21fK5bEV2L5dQA0IXNmvyiFU/wMAfq+ku/WzWDlqr64cdzk6PdSUri6vATCREQeYsZ4yQrXreBd7NdNoGAYaFrpo8Wl6ewmX1EAPS2oNX9yQTNo19RYZR8asBU3fHthvatngtWS7SkqZ6XXTWYVV88pltx7fJaK9ltOVconECbJrUGwkYOaoSTbbwqxPZLVfzXf1cE0vww+HH0bsngTINj7S7aUEToM7OxUgxpJY6Cgv8x/+hDQaD9WSfCNhH4/WGX1ixhY2FLIHCkX9u5Mc+KRk4ORpeAjARUxNYjxXRbqzcU+V3x5VVebmOsCKPpL1bjbo7Q3Xztq/qSgAMRwwvyFyy0w8HndmJ+6dVQ9TG2QU2osUkkhpgXHvuV/7Qy37HbmU9PFLFIZYSwaYM5Hms7sTqyY0midrXQ2ibRlHkHucDH5XjbkQfs3oV3aFnLOyBGLr8vyBztxRjLzQuOl8hPbDU8QCott65MnBOj5lEFjP6OZ0rErw/Wl0aawSQSQ06RnfWgYTH0Vju2HZhQHbcVs1aEfAZrQQuxORvys/RtNnvDkMR4eY2Uq+d5iJweikXCxAtvZU3bDWcAEUyP2niwdwKyDXsVKuk7FcO5AsiUBbuCHzZo8sUJs0s6k9/fWtzrAPLMeVs0XzR1Lqc4Eh7XBtwY+38R9LUlCn9hiiU8kPTZSoDd9RIiYN4EwmZVvg329MKbzK4BQYdwctyaxPRoJi/xmtDFYn84GImbzHuXGICmNog2bK7Ywze2BiKUcPFF+G8o6oo6FeuwZ1PKyiBz8g44BAWAcGgyt73uS9atn2bD5IXzPQc4E5ySBtxkODPeguqhDJRCYiK3Pg9kAFSWomRT9VJBEt0WnvRUzHKcKI2YIXc02uRkFwMi5IE9rALo5ZRzIFt3CReanS6p7Gyc/hvtyVplTSl5MvPDl2Z5aLeXbz+4U2mbPsB/HfS96fWG/gxXgQzNpj1HKXfYhuYVek4B6Y8sfWAnk+L8Cse541fQwkXyqFc6fh7rxdHMM6NyfonvP/o4k+jY6EeWVtwbcHX7oMLW5hI6lt9L0MD9IHSuqGXto2TxYHO3fPlivnPkFJFN4maCzMKj5AegT0M7TRpD6E87YN0sqx38rQC/E2RHGV3WkJLtA+nTZl3tIHC7wGw+TaX/XUapbwi5yCiQzvc88JtFg7gjPCAuPcrBrlEIN2obBz/b2IhgLyjLYnneB2G94BPoVvc5w0KmPh6hPQBFGXzZr+UQ8jlpJJiju9Oq2eNl4e0Sqh+P9LHOJEPt06/FmokD00e+mIugsVUfTTNoxh9Q9f/+uITj0lbyF6JTaxlV/dIT1hBFecwaWAv/4mweO6dfgV82lKCcHN5iYJB9Xuwkw3gPxmnEmxtt04vEjJ2mx9T1WLumue2vZ9SUHuZqEJ5jJNxb9ii7XXIwRjPJccZ/NIzEaEeyg21n7AtIXSgRMtBI+kvzKw6Uh8BKxUl7nucgLNqwPhBVvKRcqpwkQWjbuihcyoDxK5zkUV/ikVJD/nQyLCaqJrzXPAMlcTxoBp3PWaXXfUfVjubjlwN08jjxsZQWyjJtEKq7oFr7oj4Es1ptmeAiAHsSPZLK/5OIWGW4Dc8V6UwY4GjhBhRb/BZbTH8957bt/s9dckM0AdNYTyx+SyLEecB9pDNVHdZdMVOYsiYZwK1iKNzFJ5GQ2cnEWYNOzQIZwWYOZEc4sqIhxaIKwF7fRe5wlP7i7cqb7s94nnCXY24Z4NdI8HknxtwKkwamnRKevipnEs+RqYaywPpO7hDz4NGkZPhTNRBz1mPky/Kkm0kp+F+59qf+rkSpOzuXpKx7erLqQA9hJlNnCo3IGl6HDaQcc/0VReB1o/Bds3pWUANlgvS/zhlBVNTS3G9cQSlns9W8J1+G4zxDgKbfVpoZvCgkFHwHpbDHA3sICbCmV07D05RZtTqTYDbmwIbtSkZqYQsWLQ7aXTI7o3uEAWl3uulLWfnYvqzTzeVGdjMwI/k0D/aQb3iXTenMxoZUZ9onTLVlXpN36I1MOPzyKISQbE8iC50L/sCwD/HZk8EgIIBQs/9FlpLJRgkbu+10cPQh8FIRC0zg8vP6EtKKeZeCbL1HwH7sVwZE5Ug30n99mC5yyplepNe0MIeI49JA5y0nk7mj+Zghe6CL6NOPvBI015E41CzjmP/tnFtKIzha/K55eJiNV8vm32xMUQpY3cEIvMV718gZZ8dE+FHUfDZ55FAF8wCKLoCoXLdb+MMP2D6ZNuzOfTruAqfIvhG+cZ5uA/XzD4jdkwiJa68XaKIMCVpzMz8SY10QDVWnkVBseO8oXih/RBtuYZATZIlPibpDWzW09z6RwyqeSC7id3iZDbK3PEUdIa8dPTXhIy2ScsKYohaU7XFC+Ppj07Y+cQ9Ymg1xbIepBsSnH72b9N8AHvgZSooYkGu+VExNnR8J370qmWdL2ulQ4q8ZVR8QgVHuLLeT6javm3XpEAc0e0jg0HeU0gz/0g4sxfrEP73CYmuFtWf8eJhmtJlyFUUsM7R2EJKWIstail1WVqLSC+NC0/J00xKAXRTbjbij8GI2uwn8TWc76HU3pbe3QlpRoiDKbOr0cA0F1+JyA0Y8WF3tCBvsSH5wp9jz24fRC7p2xpy6lAlx6kH8ntRrDr7Z+L/+P9WzlzcfbcWWQQfekdjZjrtgcWdJzA+C7zrf0QYvPNraSJABqaw1bbcyB8TD2Gk</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:03:21,379 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:03:21,379 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110321Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_zb7cakg3t5ylebikjmtmelkkylenuuzcvoncp1p|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_37e050a36907005efc4d210456f600d4|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx8VgsVV9jtyl2tvIXD8hE/B3CGlO3JePvhMhJvbhaH+tzxivFQSG/Na+QM14Kx5HDin0XtU4khkr22GAByZCQbVXQs4OnNEa098Fgu8oANJ4xrPEem6+XWJa23rcFmsWA/z6HBjO5n7E3H+VH2SIeXPpc6z1oF7E=|_9d943731b39341f01c8e4cfd51c31878|
2019-12-12 11:03:30,672 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://acornlmsdeployment.pursuittechnology.com.au/login/index.php?saml=on
2019-12-12 11:03:30,672 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-12-12 11:03:30,672 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-12-12 11:03:30,672 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_793f79e3a7cca584ffce42ebaee3b5027f3ce2ad82"
    IssueInstant="2019-12-12T11:03:30Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</samlp:AuthnRequest>

2019-12-12 11:03:30,677 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp' from origin source
2019-12-12 11:03:30,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:03:30,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:03:30,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:03:30,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:03:30,677 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:03:30,677 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:03:30,677 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:03:30,677 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:03:30,678 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_793f79e3a7cca584ffce42ebaee3b5027f3ce2ad82', issue instant '2019-12-12T11:03:30.000Z', entityID 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=rZJNjxMxDIb%2Fyij3mczHrrqN2kplK0Slha06hQMXlGY820j5InaA%2FnvSKYhyYE9IkSzZfu3HjhcorQlinejk9vA1AVLxwxqHYgosWYpOeIkahZMWUJAS%2Ffr9k2irWoToyStv2I3kdYVEhEjaO1ZsN0v2ZTbvxtkcOjlTSt4%2F3I2jgrsWjhKgO97X7WzsFLRyeGhZ8QkiZuWS5UJZjphg65Cko%2Byqm3nZtPkdmkbUnejqz6zY5Gm0kzSpTkQBBecXSMqBSg9cD4HnIUZtgF8YW76HQUdQxPv%2BmRXr37iP3mGyEHuI37SCj%2FunPwWl8tEZiwME488WHFUhRUyaCNTJeeNfzpXytpKJo7bBwAWBWz8kA1U4hQmJ49W2pVQ4eS%2BQJQZW7H6t%2BY12g3Yvr2%2F4eE1C8e5w2JW75%2F7AVotLYTFtLK7%2BP7YFkoMkeUu94Lc9F9cr%2B5Bpt5udN1qdi7c%2BWkn%2FHqapmsmjh3KcUkVyGEDpUcOQv8YY%2F%2F0xgiRYMooJGF9dm%2F59zauf&RelayState=https%3A%2F%2Facornlmsdeployment.pursuittechnology.com.au%2Flogin%2Findex.php%3Fsaml%3Don&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=Z0SnKEaU61OTW7can2EoKe4elI5qyYAg4pZDGmwp5Jqkosa%2BKvbq7gowe5r%2Fauv%2BiKpxlEVqXByN%2B56KMxozXRvdkxg%2FmXRAJGfRRxy4v6MXOg0%2F2V25wkoj13EZJweuCCkudd5vjiEShbJiOAyQDUlenXKY4qpBgnMehJF3rG85sPh05DaMe1peTqR974HYtS7ZlZw1DwjzkLMAdlTflUSNnmu%2BsOzMN52hd%2BAvCMZwxU4bd9N9ieppYWjKkMqDQs8czkM%2BuxFCMRPH5O3wwTMIdznPsSY4DzmoH0LeTNPJvpl09mKqCPjlj4Gy79XH4m8Zn%2BESy9iJ9%2Bba2SsZrA%3D%3D
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=rZJNjxMxDIb%2Fyij3mczHrrqN2kplK0Slha06hQMXlGY820j5InaA%2FnvSKYhyYE9IkSzZfu3HjhcorQlinejk9vA1AVLxwxqHYgosWYpOeIkahZMWUJAS%2Ffr9k2irWoToyStv2I3kdYVEhEjaO1ZsN0v2ZTbvxtkcOjlTSt4%2F3I2jgrsWjhKgO97X7WzsFLRyeGhZ8QkiZuWS5UJZjphg65Cko%2Byqm3nZtPkdmkbUnejqz6zY5Gm0kzSpTkQBBecXSMqBSg9cD4HnIUZtgF8YW76HQUdQxPv%2BmRXr37iP3mGyEHuI37SCj%2FunPwWl8tEZiwME488WHFUhRUyaCNTJeeNfzpXytpKJo7bBwAWBWz8kA1U4hQmJ49W2pVQ4eS%2BQJQZW7H6t%2BY12g3Yvr2%2F4eE1C8e5w2JW75%2F7AVotLYTFtLK7%2BP7YFkoMkeUu94Lc9F9cr%2B5Bpt5udN1qdi7c%2BWkn%2FHqapmsmjh3KcUkVyGEDpUcOQv8YY%2F%2F0xgiRYMooJGF9dm%2F59zauf&RelayState=https%3A%2F%2Facornlmsdeployment.pursuittechnology.com.au%2Flogin%2Findex.php%3Fsaml%3Don&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:03:30,678 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:03:30,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:03:30,679 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:30,679 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:03:30,680 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:03:30,680 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:03:30,680 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:03:30,680 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp
2019-12-12 11:03:30,680 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:03:30,680 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:03:30,680 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:03:30,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:03:30,683 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:03:30.684Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:03:30,684 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:03:30,881 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'acornlmsdeployment.pursuittechnology.com.au'
2019-12-12 11:03:30,881 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:03:30,881 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:03:38,938 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2019-12-12 11:03:38,938 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-12-12 11:03:38,938 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@771910787::identifier=morty, context=org.apache.velocity.VelocityContext@76e5a989]
2019-12-12 11:03:38,945 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@771910787::identifier=morty, context=org.apache.velocity.VelocityContext@76e5a989]
2019-12-12 11:03:38,947 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 06a539db9ab46535b8fdfbb9646af23c810bf4b899030b78f3dcf5dc4440ad15 for principal morty
2019-12-12 11:03:38,948 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 06a539db9ab46535b8fdfbb9646af23c810bf4b899030b78f3dcf5dc4440ad15
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:03:38,949 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@56ff8dd1'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2019-12-12 11:03:38,950 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2019-12-12 11:03:38,951 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:03:38,951 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:03:39,141 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'acornlmsdeployment.pursuittechnology.com.au'
2019-12-12 11:03:39,141 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:03:39,141 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:03:39,141 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:03:39,141 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:03:39,141 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:03:40,893 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:03:40,893 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:03:40,893 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110340Z|https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp|AttributeReleaseConsent|morty|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:03:40,893 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:40,893 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:03:40,893 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2019-12-12 11:03:40,902 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684620903}'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp]' as '["morty:https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp"]'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@56ff8dd1'
2019-12-12 11:03:40,903 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:40,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:03:40,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:03:40,904 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:03:40,904 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _39a37639530eb233f0324f38125a02bd
2019-12-12 11:03:40,904 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _39a37639530eb233f0324f38125a02bd to Response _7ef72eeabe2aedf51fdfe7ff44bb736c
2019-12-12 11:03:40,904 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _39a37639530eb233f0324f38125a02bd
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-12-12 11:03:40,905 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-12-12 11:03:40,906 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:03:40,906 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:03:40,906 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxPKJZhQbQY0BncMYspQpK2V+ghvH9TBhW0M6mIetNmWbpyMiPBaoYKNReMFkYJNiLW5ibPDNvjZpASovgwHUHVwlTkJRY0R+gXCKfVdPlnKZyu2h2b/QZuYM7by4APcEkrg+whokayPU0ry8tlu0HIFRU0j0R8Qrl3Qhswn43o43VIZUP7S+OZCcLVP6RDUztatEBIg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.34.32
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _793f79e3a7cca584ffce42ebaee3b5027f3ce2ad82
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _39a37639530eb233f0324f38125a02bd
2019-12-12 11:03:40,906 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _39a37639530eb233f0324f38125a02bd did not already contain Conditions, one was added
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:08:40.903Z, to Assertion _39a37639530eb233f0324f38125a02bd
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _39a37639530eb233f0324f38125a02bd already contained Conditions, nothing was done
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _39a37639530eb233f0324f38125a02bd already contained Conditions, nothing was done
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp as an Audience of the AudienceRestriction
2019-12-12 11:03:40,907 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _39a37639530eb233f0324f38125a02bd
2019-12-12 11:03:40,907 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp to existing session 06a539db9ab46535b8fdfbb9646af23c810bf4b899030b78f3dcf5dc4440ad15
2019-12-12 11:03:40,912 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp in session 06a539db9ab46535b8fdfbb9646af23c810bf4b899030b78f3dcf5dc4440ad15
2019-12-12 11:03:40,912 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:03:40,912 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp and key AAdzZWNyZXQxPKJZhQbQY0BncMYspQpK2V+ghvH9TBhW0M6mIetNmWbpyMiPBaoYKNReMFkYJNiLW5ibPDNvjZpASovgwHUHVwlTkJRY0R+gXCKfVdPlnKZyu2h2b/QZuYM7by4APcEkrg+whokayPU0ry8tlu0HIFRU0j0R8Qrl3Qhswn43o43VIZUP7S+OZCcLVP6RDUztatEBIg==
2019-12-12 11:03:40,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:03:40,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:03:40,912 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-12-12 11:03:40,913 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_7ef72eeabe2aedf51fdfe7ff44bb736c"
    InResponseTo="_793f79e3a7cca584ffce42ebaee3b5027f3ce2ad82"
    IssueInstant="2019-12-12T11:03:40.903Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_39a37639530eb233f0324f38125a02bd"
        IssueInstant="2019-12-12T11:03:40.903Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxPKJZhQbQY0BncMYspQpK2V+ghvH9TBhW0M6mIetNmWbpyMiPBaoYKNReMFkYJNiLW5ibPDNvjZpASovgwHUHVwlTkJRY0R+gXCKfVdPlnKZyu2h2b/QZuYM7by4APcEkrg+whokayPU0ry8tlu0HIFRU0j0R8Qrl3Qhswn43o43VIZUP7S+OZCcLVP6RDUztatEBIg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.34.32"
                    InResponseTo="_793f79e3a7cca584ffce42ebaee3b5027f3ce2ad82"
                    NotOnOrAfter="2019-12-12T11:08:40.906Z" Recipient="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:03:40.903Z" NotOnOrAfter="2019-12-12T11:08:40.903Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:03:38.948Z" SessionIndex="_5da716a455fcc8d648fd8c5a178b7105">
            <saml2:SubjectLocality Address="172.31.34.32"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:03:40,914 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:03:40,914 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp
2019-12-12 11:03:40,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7ef72eeabe2aedf51fdfe7ff44bb736c"
2019-12-12 11:03:40,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7ef72eeabe2aedf51fdfe7ff44bb736c and Element was [saml2p:Response: null]
2019-12-12 11:03:40,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7ef72eeabe2aedf51fdfe7ff44bb736c"
2019-12-12 11:03:40,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7ef72eeabe2aedf51fdfe7ff44bb736c and Element was [saml2p:Response: null]
2019-12-12 11:03:40,916 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:03:40,916 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp' with encoded value 'https&#x3a;&#x2f;&#x2f;acornlmsdeployment.pursuittechnology.com.au&#x2f;simplesaml&#x2f;module.php&#x2f;saml&#x2f;sp&#x2f;saml2-acs.php&#x2f;test-sp'
2019-12-12 11:03:40,916 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:03:40,917 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://acornlmsdeployment.pursuittechnology.com.au/login/index.php?saml=on', encoded as 'https&#x3a;&#x2f;&#x2f;acornlmsdeployment.pursuittechnology.com.au&#x2f;login&#x2f;index.php&#x3f;saml&#x3d;on'
2019-12-12 11:03:40,918 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/saml2-acs.php/test-sp"
    ID="_7ef72eeabe2aedf51fdfe7ff44bb736c"
    InResponseTo="_793f79e3a7cca584ffce42ebaee3b5027f3ce2ad82"
    IssueInstant="2019-12-12T11:03:40.903Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_7ef72eeabe2aedf51fdfe7ff44bb736c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>U1wTj30NJIcjFEBihplSvJdJrRFA3Tk24m4qm5HVt/s=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>haIEoo1XMKlRYIcJJwRvnV2Cgg5lQZnkLEz7rlfznhXjUZdjgoS7ChmKRVeBupc+5XEDk+kQWkN2RvirrrkWTTCyR+TGb/QgaNgxMr0M/b+E3RzId+NyL+/yWQe68lpaBKzJGKYCZdC5TIrEmd2OJ+xnOzQn5GL/qS0P7FNGTgbR9KaqfGIE46c1IWUqa0aojL9I+dY8UMeq6mHz3fzZ40fdJXQWyknC3Z40WdGrcpU9Tt1+6lEiIpUT3PAYzFF6+TNc/RsTCiXnoEiaquw5encFl3PKRV85ifnDVykXx/1npcXnAnRyC1z1DNz5KJNmLBS2HwDNFKALh/zRqCiiDg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_239d5e5bafd16fcd579abc45c298fec7"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_893b06ba42cd1a0f0c143d5317b6afc7"
                    Recipient="https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID1zCCAr+gAwIBAgIJAIRfX1nHIdIzMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYDVQQGEwJBVTEM
MAoGA1UECAwDQUNUMREwDwYDVQQHDAhDYW5iZXJyYTEbMBkGA1UECgwSUHVyc3VpdCBUZWNobm9s
b2d5MTQwMgYDVQQDDCthY29ybmxtc2RlcGxveW1lbnQucHVyc3VpdHRlY2hub2xvZ3kuY29tLmF1
MB4XDTE5MDkxODA0MjAxM1oXDTIxMDkxNzA0MjAxM1owgYExCzAJBgNVBAYTAkFVMQwwCgYDVQQI
DANBQ1QxETAPBgNVBAcMCENhbmJlcnJhMRswGQYDVQQKDBJQdXJzdWl0IFRlY2hub2xvZ3kxNDAy
BgNVBAMMK2Fjb3JubG1zZGVwbG95bWVudC5wdXJzdWl0dGVjaG5vbG9neS5jb20uYXUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuU99qkB8VJ88no0zRynilvavTfkcB6g7gKggrUeXq
CzUNniwuflJGVcj9Yrw5br5ZsTBeFpBb+U5qLODHVaMfpDekkjiyNiR2LTtiv6SGN7PFWO8GXpGw
bLMkPAiB4YtM1B/sIT/k5OE5NBnvUEV5Oxwy78EJ5jhKjAGosqCTTSOsdZsbMD+AZgDaWq4uX4VX
KVAaaO9tXa+M28Xt5m1HZ4Td2XWlN2ESt9Bq/KwZpVDTIjvBv5FSUQeaAfbcbgbLKM+RL5aBwZWy
qI7tRadJT0YS8nCqXa5J/kW0JDP1eiKkt30IIz2go4VSZjBBOZw8rQyDGZwg19Wuo2rgadopAgMB
AAGjUDBOMB0GA1UdDgQWBBTZDsu5JDIptE7YzY31ZVFWL+ov2jAfBgNVHSMEGDAWgBTZDsu5JDIp
tE7YzY31ZVFWL+ov2jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAwYyDDZchZX3/B
h4hQ46enTXvxAcGln+ScDLwao8bB6L1Qaj0egbKa3KXtD3m3NpigZ7TPqrvcbe33fbGkQ+K763lg
JXNnwxqyBWCpe7qhQvj4IClD4OIV+ALyHx5WNTiMXESa2tHCq5+N+6tk/laCwnXPzFEobKXxCib2
sBeWMg9UMQJwwqHhNL//N2J7cPl9C8vXIdNtILAp+g0iaEE6rMkLPUuQbWwqbENhjfcQnVb78vGz
tlti933DifYDBC9W5HB9XSESHxiiFCcfff3RfYmul5GWud/9ASgfJPwj49u3mg6I2thevX8ushuT
OqCGQXzTHDhVZd6KNW6L0/li</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>RF3g8QvMC7/BLBk4QX4iQ2+UItY9jQASTefrjpoFaCbEcXvgKqW9uP26P15TDqr3yhdYhKXg5DjwjMg+KpfRlQ0q5hhfcrnJZf41qXv+91+Yw08HnpFrEwJt18y5tsXdISrC6dJHsaXphSaTO1G7WpPhhCShLEXC03nVRYuC8wVN3d2IEWilkUs+sBNG8iS/2cs6sAcxqW+6bRGpyLmV+4wdhSkAUAtVGghnR5XO3K+SKZ9beUEdP7OTAa8iiCdWacN1hA9ELh8yJjXW1Icqr800QB5zCXkIizUeM3srP6Kb1DVHOVJPPjJ6X6FZ9d/eo7iNu7Ak2InL+q4uv9d7zg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>pPHfVsOCu1P//SdVRa2NkHh/SsuMfJ/uvEKScd6PlSEoGhzDb5tsuoyWhin5Z7qNiN14cBJht2AJ7SEsnAnmYemFMVIVJbAWjfywFhLbjvfUVMqcrxujbVTCeDfO6Hlf5kjoDIGynIo+JlyNrbFWBSJjxFtJ3fMSThqr4mbqE8hldulOZw742aTs3Ul4BeabbBuK6l+dM2xGO9x6/c7B1Hubnc8eussw9FzM0wJrn8NUfF3G93jZUNdg7eSz4dwdcF/iViIMtQTTsjeZ28Ilh20oJ6vfZkjNnbSVWPWmt2UQ9lVKSybrs5b81yM6UUDUjGELhXStDFHtLAh96oW1uBfNoOaS2Qk6GN7rY8K69elGCsU4Eblp6+mYAWquKmEYfJIDr+6Kwt1xAGg5bcdypL3VnCZKRJ4ilXi8tJynZETnATvFlVD+934D2aA5Fm6rip3uHPjoF04PEjWHIzJM2XNuSgdKV09RZ0G08uVEt6ypmfteRHQwuZKCAfaoTaMdXJEh7qkdaIANmq941uV7RHwqPHrvBMFo8CfPSIFYMFF8XmdQ1YfPhRbMhA/1tP9XgfDdFGFs7Tqt0xlfWMSZX75kPsJhllc8/c5/jyLyfvLQlBl7CDxeU4bzm9MiwsSqMaE47jmi4ZS7VOvq+ax+fXBRK4eafLp2/8YGFg4A44NIIpegjJ51QuV7+xQ99bR0U27nTSYl47hB+WE+uLmoG4pBZDlqVr+3dOAan3bH092evhWaxAoPMlPN9AHFs1xVVgbyLXql0UwD4vwXxHewwQMVry88NToHIt6Mc1qGJYjG9miSuhUKhrBcnDlC/MzczFL2v43d8YYR+KXnsSW1r3a9xwR1wQA9vXiYUs9QCEDsRdmax990fQa8IUmM4aRaXf8AaNtqdPi+LJ9CK/sUKx/1HI/RPSnGB9syz4+xN4TbQFVG7pTkVp0+r6KbaQKuDAarSSaapWZMt5z2KLN4lHOZenWCmOEweoovejGualJmLZfwwlUjgpe7H+zpvoMaLzO/uIahjb527BrNI8bpqGsGcfo8PAj0gmuMc+She6Bb/t4LvSFZOSx2/mZAPjG7iudkLiYohwJnjPYDIQdxYQi8iRqOgLrW/R7ouJqpaiJ3qRXbn87BXQskOcNstXfpcZnGkpOCjUwfrEW6Cq1SHR1sEIV+s/a5zTbhi6EVuI+iNWL8jW95KRwHGfsrXzKAH/bd1WZooZTyPBOdXBpfO15ArfQT1gzAhENNwyzgJ1PpMdTEM81L54jmOBAPUAYA+MfRUwS4PXpu1/QwVV3ZT0oszTm5An/05KIj0/gg2b0n1ctyu8p8hV+Tnt1x1hagnMxMJbq6GWKmm6rj8wTCDx+O5XGH/h1LEiLKY12EZ8nR18PsEzdd8/6I0D9DU0RyXBrgOuAEnxlkglXvtjGZh66Z3NGE+v+gFF4aXjMqHFukFJni4tQT34v967DP4A2PoevyBJfsqe7/DCeG41CaghEQUO0vDoo7lL0u9LBff57nC2adNCMdTjNn1U6W5btJ6bo/wqjN5CbwGhWT5XIskMRW4uv+57nzG9Tve0eHDS5mGRnspm0xZmg4+5UfN4FZqMoYMnsBkbHP/8XhPJSHCOgIrQ3usPlQynIUJ2UOw4t4pD7NBnFVNp+lpH+lBcPcLfmhVh+RYeCIN9kbjdd5XPNnbk7PDXvlq4Buo+P8GEWq/tCM7MNOn+Csv27CvW4sq0FIhS5GQ/wdtV0fxcRjxYY3DiaX+0JlCV7ddiBZ3GTvRiKsaA/UmVqkFOKMElu+dhOOI5vthrY2s4bCAr0DlTuCI7iFj4zm0x01XdVgarTgBCWw9Fr0PC2yZx0A+EO4UJkfW5JCkYpJLM3ontVijp1NMULp5D1Fr79S/LLBpL0F9vt7rFDk6Pgmy89FIrVDxsvpm4GU3+K5JdrKplNIEEeo0k2ECGV0dIPPilqUY3zgscl+eKmpqBIwgLKmeF2D+X8YJE3U3ueKA4bLM8hiVcv6QgMAsl0hZa92xAkcenTKG+CZUcRmJamXrbJyHD4/D31kwwwvTpvvy0DZDDgw8LVLHeR3Wq8y7kqIwuEsPtxdt1bOooLARA1uOuRztuGBHmgvhJDXFvNGbVhMabCr68uszaSxQUVvd6ioEr9iPzWzLR6FnWxWObdLx9BBYa2h1cKy7ZgMvFB83It1pNmttpQmeK5htfo+qw6nzMeUxfJzH6AbCvLV/M4nBTRNn8x2QdobtP5hvJIcxjR5tR/ITcts3RgwwuDHF8nZGM+mvLcaGfH6SBYStdLc6hQMLrq1/mxLSqi/r6y+CsyRphPkp6QQDg5THB+GLm1jEqOsk4lLeV8Qn0yA011R89MFOLnShsTW025IFymxSsXoilnh32gr8lNNMtv/x0IDgMRt4BTh6Fo4/JTKQLtMkv0SMRh4jW7tzo+4m2ReHaHedyN2ZKQGiV9vbE95vbEBLXhXLvQ5a0yyCetBvjXvIqR9VC9+i4LrX9yDmn1/ihjGDoU31fdh0ZwM6r2SKoLxY/UuIEnh1IrQaj/Re/jf9CelDeDA44STNE4SLCy34+sb7cQivBHxMVVZoyDYid3GnHtOeGStDNOR0B4I+SlsHVgWnjy1CgmPkpFClQ1Fm0Ulgldxdv9n7sejOWByQnDH34B0npa1+zK9K4bRQdlJFvX0sYzmD2s69KPvs5X/7JlmsRhhZp1RZTCJzDWoWGU+TBHbYc9g9P3SKzkXYClzbflvptwRhVjFf+uB9QzA+G66zT5rP12SPNduuj/7j1VnZynVJ45Mebfut2/csileKbGLNui7g3sKY3pWlgau6WsC4Qf4LiXjsYPzhoI3LKzGzUCNzBhqBuQpAd53e9LTLW1YBUNaYOEJPTvdxAoLRPn0/EAdSoUe+sVHfjEfhpYMiHdk/ZDuDurXo++SOsGbEthVQrQjFk8U42XVCNuRbK6s7ZvvcaVvq4ZMDqoVloBFB1HTxhV9PsnZgVu10obOwM+b+9Fbaff7Y1r3mycfRNOotHldoexwXSPtapH3e9Rr9pIpsmDhtk7gVFuxbDJqgTBWQgMd8K9HDSs0vlOXLZNdLB1qGBGUYbSP9hxTUcIT+gPrSgQp+8JOkzUfRUrr7avcHQsJt0FT01SEuov5odegfMcMSTDVhJXpfg7o0CRgHIpMFigAKvSB3M3PEBVVSeKle2PPBnCf6QQMcbONpDmbEGSopwvoJzP3QaWQlRdBMCsUUGEBGr1po7nxg7/dRO7+CngNOAYJ2qPfwkGD200MVcEN3UbI2734bagF9QKAqud8SSTVHuDLBAoCae4cDg4jypkJYyDdYrroVH/oQTNsAUh9AaxMU9MJa+Og21x+d0CpRLO7V+xE3qjp+AtSi1ugYrhK2FgiByzAfcbWSlbZGtezG1QXY8TWRfsRo0oq/QdnzUxowy11Bsk2D0OKSArzrImjIznqc2/BrVeiO/6VbdygibxDEyJKPURk7DFiSa09AK78FOIBs0Db1RUhmd98XJhe9qClqpYp4kaBWeDDzi/lHbpPkPGPNtvobZgKiaEcGgFrBcSXKTeGOCk1t1hTQMPzECOsAhECYQtYIiG3RdvILYNTQaZaurmZjrlIRfaq36qunAoYWbACGHZPX040mP510o/wfPJjbCyIMqm7I/tCLNv/JPIEf8BDcIlnzXi7bPAZaATVGSsBXL2ZqG6NLHtB1hzbo0NETEnOQvtQPM0dRkoMLxFh28HTiSxKHSkl12jvR5bgg30MK5mL8MTJ0Jpjqvs/lUZwKU4c2Efj8b7CouAo9hjwNt/eEz2aYQAhbzcUU9s6RlHaRiDqiyDQn3YrkjTXwjOnwmhqVGeEO6g8bze+39we3n1Q9U5y761z70vqpMJ8e74s2ULZoSe9331swbLctZzB/w8hvNJ4pW0Yd/IxyzX433zko611GJFAGPemU40ATFObDyn5lnTPJoLCaR+95crmxDgl7k+l0tRrmCvVexPM9PMwc6NU3ZQZxDpZOcLPh/0wlfvo7bySFf/es6ff5aiYtTUosvhaROO1njAWOyrimAzLdTcI9jHwC35w8fATUAVztUpei5WDApJwZnqDJAEoyFxn16CqWVFBjojkPkZKZapq6LMrYLEiUj4H4ccZWain/EqNmKFfxGiJASBpGn71pyBJWI9SiIK6v0erVrF5ySedJtKr0psZf76gcicBfr/v4O8Wjl591HIpktqriHjiNKC2kyUIfoDiMRIvF8MiPiLmwmdUetu4gg/8SC7S1DVyq297+EQKYwhTRWIPpNPZFAm0B0fUq6Qdwr07+4Uj6eLRxmQILIX/2UFK3XaF/N+SZ5cBVsSuLPzAMKdFWzUVcp+kVD7Mn9xCPL3tsfqSTeCPD3ZH05pzhrRmTfLYD0mesfVIxQyEM9E0SJ4ymVVlU1bVBwAJqVrnX50O345k8fqnbhtfbTCq4y6cRcnGu5bImsRkeKS2FRP64WljEaXCkrMWM8pKB/BqoKKeUAn59kiD4ECZN/3xxgGyJ5GPAmVLOL2WyE0XOnWhKMwP585lKbW+oB3VGVqfKlZ2MwVaarn1BcCyM8Zlj0BGTaby5NzfPH6LopdgRRPCyE6VcMbQWXMqSlMxojHi6y2a2at5Hc1iur4+pDbwRWyL1taWxlme0GI2YFOA7/i0VNXiLNtthpIL64bMJL6ZEMzdWWtJuirWUV20kKAqxb0h/QPpsVva9D5kcuHGT6zJVwdwuqTZF/UKrweVprLG3v93RlSohk7pEdZkIB91TGFZ8ZfZ/uF/a8nnw8np7LoMdGH9hBcSjI5oDTv0dalAMQD3iTHLbzjnzMkeRRnHah1rCT47y0oXOqqtY0ET2G8I9eqIyeK2fKwjISQmrQw4ptOGNMsuUf5hKli1m5krSUYuq6tlLXGcM9xdtTDTditQkUyuzvBnXtFrliRN2xyTV9XlWImQa9hPUJ8oA8tTr6AUhHT+gWiFSTrNSMAL4Os4Mi9h99b2QuAt5Wq3x32ZzmTpOThgSMEdnbLnc0aN9VSFa3wO4GQiVrh5bS9LuM0uZuAv0Kq/owKepQrio6Qt7n4LyRfjfCzQtWCEoDoBmqm7wx3Nx73gVzMSUtF762dxd5/Ai5v8RfQcDekhmcpPsw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:03:40,918 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:03:40,918 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110340Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_793f79e3a7cca584ffce42ebaee3b5027f3ce2ad82|https://acornlmsdeployment.pursuittechnology.com.au/simplesaml/module.php/saml/sp/metadata.php/test-sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7ef72eeabe2aedf51fdfe7ff44bb736c|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxPKJZhQbQY0BncMYspQpK2V+ghvH9TBhW0M6mIetNmWbpyMiPBaoYKNReMFkYJNiLW5ibPDNvjZpASovgwHUHVwlTkJRY0R+gXCKfVdPlnKZyu2h2b/QZuYM7by4APcEkrg+whokayPU0ry8tlu0HIFRU0j0R8Qrl3Qhswn43o43VIZUP7S+OZCcLVP6RDUztatEBIg==|_39a37639530eb233f0324f38125a02bd|
2019-12-12 11:03:55,893 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10267-Bz1ord06IwORivGKhnLhRnWiTun8gOcm
2019-12-12 11:03:55,893 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:03:55,894 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:03:55,894 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj"
    IsPassive="false" IssueInstant="2019-12-12T11:03:54.856Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>ZOXiKhwXqQH0C44srwB7wD9qpXCKG0akp8y0QwBq5kc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
ae1MQf7JQ6Q9QDL4QE8iR1j8CKLur4iIu6KVp7BNRwGjlvJgdTk1g41OoqYHTz20uMTOVV5tL0Uc
x4bW4oO+VkQVJ+13WlvHrrtpqRe1l4OU0ZnIG7KMAIjsxt0AAmPd3tc9YN/SUMC8TaNXFpmJPZ89
YIkBWcKmg4ZTFCvRSAiwrBKqDjw/wBzS7klYT/S4pehsn/M2TYulRRAJLm64l0VEkAMqo6eqeWL/
eNF2N3y4IxMPygL1ErT3xWcY4g6d5y7n4OnsD/JskrbVDOG43qM3CRRKoUNDog3NHznBXTgWCZFb
e1hTWk37AZyV+DGJj9Lnf1H11C2xkfQCx70OVw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:03:55,905 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-12-12 11:03:55,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:03:55,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:03:55,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:03:55,905 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:03:55,905 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:03:55,905 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:03:55,905 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:03:55,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:03:55,906 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:55,906 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:03:55,906 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:03:55,906 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:03:55,906 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:03:55,906 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj', issue instant '2019-12-12T11:03:54.856Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj"
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj"
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj"
2019-12-12 11:03:55,907 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:03:55,907 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:03:55,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:03:55,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:03:55,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:03:55,908 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:03:55,908 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:03:55,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:03:55,908 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:03:55,908 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:03:55,909 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:03:55,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:03:55,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:03:55,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:03:55,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:03:55,909 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:03:55,909 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:03:55,909 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:03:55,909 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:03:55,909 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:03:55,925 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:03:55,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:03:55.926Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:03:55,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:03:55,926 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:03:55,926 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:03:55,927 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:03:55,927 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:03:55,927 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:55,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:03:55,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:03:55,927 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:03:55,927 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:03:56,089 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:03:56,089 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:03:56,089 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:03:59,252 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:03:59,252 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:03:59,252 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@11375438::identifier=rick, context=org.apache.velocity.VelocityContext@28332a7e]
2019-12-12 11:03:59,259 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@11375438::identifier=rick, context=org.apache.velocity.VelocityContext@28332a7e]
2019-12-12 11:03:59,261 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3828e769bf1b089b03668282fac8c1bd6b821bb86e4856326c8bdbdee73d0cef for principal rick
2019-12-12 11:03:59,261 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3828e769bf1b089b03668282fac8c1bd6b821bb86e4856326c8bdbdee73d0cef
2019-12-12 11:03:59,262 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2ea128ea'
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:59,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:59,264 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:59,264 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:03:59,264 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:03:59,264 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:03:59,264 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:03:59,264 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:03:59,264 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:03:59,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:03:59,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:03:59,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:03:59,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:03:59,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:03:59,492 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:04:00,215 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110400Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684640215}'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2ea128ea'
2019-12-12 11:04:00,215 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:04:00,216 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:04:00,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:04:00,217 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:04:00,217 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _fa808f33b7a307f128069207802af008
2019-12-12 11:04:00,217 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _fa808f33b7a307f128069207802af008 to Response _0cb7bc999cc0b21f112a753ce1b6dde3
2019-12-12 11:04:00,217 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _fa808f33b7a307f128069207802af008
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:04:00,218 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:04:00,218 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:04:00,218 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:04:00,218 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:04:00,219 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:04:00,219 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxWwH6nOiAdscH5+s4ORz0+8uzI/QisgWrhjAgXss1xtO67RNjj0eGBXcHVY0UjA6yFTcMEvEPul3ctHlG2CKMLCbzFw8wF6NPFvDWMgwsrvbV6NcqIjy5bq+0U2PB25gOfDprEKBoCbqgqPqk6nQpQQ/nt3pjziM= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _fa808f33b7a307f128069207802af008
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _fa808f33b7a307f128069207802af008 did not already contain Conditions, one was added
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:09:00.216Z, to Assertion _fa808f33b7a307f128069207802af008
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _fa808f33b7a307f128069207802af008 already contained Conditions, nothing was done
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:04:00,219 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _fa808f33b7a307f128069207802af008 already contained Conditions, nothing was done
2019-12-12 11:04:00,220 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:04:00,220 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:04:00,220 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _fa808f33b7a307f128069207802af008
2019-12-12 11:04:00,220 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 3828e769bf1b089b03668282fac8c1bd6b821bb86e4856326c8bdbdee73d0cef
2019-12-12 11:04:00,220 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 3828e769bf1b089b03668282fac8c1bd6b821bb86e4856326c8bdbdee73d0cef
2019-12-12 11:04:00,220 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:04:00,220 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxWwH6nOiAdscH5+s4ORz0+8uzI/QisgWrhjAgXss1xtO67RNjj0eGBXcHVY0UjA6yFTcMEvEPul3ctHlG2CKMLCbzFw8wF6NPFvDWMgwsrvbV6NcqIjy5bq+0U2PB25gOfDprEKBoCbqgqPqk6nQpQQ/nt3pjziM=
2019-12-12 11:04:00,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:04:00,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:04:00,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fa808f33b7a307f128069207802af008"
2019-12-12 11:04:00,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fa808f33b7a307f128069207802af008 and Element was [saml2:Assertion: null]
2019-12-12 11:04:00,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fa808f33b7a307f128069207802af008"
2019-12-12 11:04:00,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fa808f33b7a307f128069207802af008 and Element was [saml2:Assertion: null]
2019-12-12 11:04:00,223 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_0cb7bc999cc0b21f112a753ce1b6dde3"
    InResponseTo="_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj"
    IssueInstant="2019-12-12T11:04:00.216Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_fa808f33b7a307f128069207802af008"
        IssueInstant="2019-12-12T11:04:00.216Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_fa808f33b7a307f128069207802af008">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>hzNxeXUwEZTsiYkdO0o4OvvaXfWFchpoIdfxARoMXx2weXkbb1CZ5Yp2vpO6/cPhzvbRUuc1LA3AoB4U4t+I1A==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>A/hAzos6NQ5xHiPkrOC0to7H3GMhbW2LOcH+Xqfb3O01DHCvgg0KpsvBFal6Ip6vRbs9H7HoYCxBfzt4+RD/95kZgLOULTBwSo1YSLnt6s9E/Antzm3z595RPciAZ99MiaZD0H80ysQUO2uB4QrS+kqKVev46gOXHAD0JUVezdZgryfKYNbPHrpK62ffx1gZPa/xkKjkfQVAYRF3J1OiBEBYzNIBQg+VtykVnTUTDU76e59ByLkJhQ8mM6QZHwEErKGa0u06Lu2Q/u5btXcUozbW7WOjkJWD+c8T6L0JLgKOOpuWtH2l4ci1cJ3XtH/8lA6CAz4pmDSPA7DGusBJow==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxWwH6nOiAdscH5+s4ORz0+8uzI/QisgWrhjAgXss1xtO67RNjj0eGBXcHVY0UjA6yFTcMEvEPul3ctHlG2CKMLCbzFw8wF6NPFvDWMgwsrvbV6NcqIjy5bq+0U2PB25gOfDprEKBoCbqgqPqk6nQpQQ/nt3pjziM=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj"
                    NotOnOrAfter="2019-12-12T11:09:00.219Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:04:00.216Z" NotOnOrAfter="2019-12-12T11:09:00.216Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:03:59.261Z" SessionIndex="_b15035bbbc0e035be5126e70d033aa2d">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:04:00,225 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:04:00,225 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:04:00,225 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0cb7bc999cc0b21f112a753ce1b6dde3"
2019-12-12 11:04:00,225 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0cb7bc999cc0b21f112a753ce1b6dde3 and Element was [saml2p:Response: null]
2019-12-12 11:04:00,225 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0cb7bc999cc0b21f112a753ce1b6dde3"
2019-12-12 11:04:00,225 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0cb7bc999cc0b21f112a753ce1b6dde3 and Element was [saml2p:Response: null]
2019-12-12 11:04:00,226 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:04:00,226 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:04:00,226 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:04:00,227 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10267-Bz1ord06IwORivGKhnLhRnWiTun8gOcm', encoded as 'TST-10267-Bz1ord06IwORivGKhnLhRnWiTun8gOcm'
2019-12-12 11:04:00,228 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_0cb7bc999cc0b21f112a753ce1b6dde3"
    InResponseTo="_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj"
    IssueInstant="2019-12-12T11:04:00.216Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_0cb7bc999cc0b21f112a753ce1b6dde3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>zqsxF+hYYpg0LowWSPPx6bWSanV+lwMQn0pwFgn1uyrWGe+lmIa23npQa7xx/L8tiAJQGEaKpaeu5wO+Eng9ZQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Cc9FipdUKXJcCjU/QIeQ0a9xIE977C5r09MMUkBiUQGrc236t6wQai5gU+/YqYvRyh8wbx6OkhV6JB9+eoD7whfSYEDXwO/LnyWX6TVyU3pS+lz+Ro9igKjAZLXiqb2JIMDyxCyPZ9zXsaVMwy6KQe+XdYWbPegi8UUz1z73SyrW0DhgFdne5fETgSm/C9Gjd9N3Wpb89PpVn2Op8xFy7taxCo8A9W8FWXEnJyi9fSpO7bP1woOTv5ncMjn5ltuAtWIO/hKwSfqVKfwwc6+F4tE81N+N2GK/Yl7z05c73Z6JsxAUG2MmKt57pYc4GmMPBOfzVz7/gHVBRTo99LIuaQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_4015be36cc330014aa2730293d974215"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_669cfd8fa6ffb7530f19c64b6558b539"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>MN4RVxlveineoptCWlkyCiQlDOb9uJQ+CVi3bZqaEIihTifPBv6i5s6y0ZphGTwQo0K7e+kPa+xMbjhIdLk7hVttFhkulXN8zB2EzmWPQDGJMicfvEwLfJ7lcYiwUfe1pIrgAdRiPQu2oGoFQc5ZSvZM7SgISHS/CO7ogpD4FdzSUlkrotb4byMwIV8m5ctD2IgqqmUZXmrdMMfmBj6I0SrfZ2h266oeGjhJGBPArhsGOa/kAo2XxYVWqvYoLnxjjjMlYVLKN8aCy6u7HT5JU6oisC+GdduvPR67fyigtCyf86oTqH0IU5RCmm4DoefdhLU7qyzEe/21RQ5aThllkw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>hub7CEIKA2CvRBeLNVe/mCdT1gwZEyzItHIJIBI8ZsANQqcG1PKLVrvg9T2/cgNQuzrMXop5e3TPcXe6cvocFJZEMgutBpFMsuXyvkEPKHcGbrLTJ5r7LUR+mwxlruhr4oTOFn9mJ75YvfadTeBz7+COSDseoSrludE272hfmhtxoHg/Ev9M0ZeRUUr6PV3vG/v3Iot7fwEbGhtCmmZwwCy7r5T5tXkvqY/iuNeTkob0JA2jr5oVF6lDWfNqusbqLbM1Paoeg9TXX7E3TPhLEa70erfOZtYmCZulJAq/fYvQqKYRPgxbuL55xbb2/f4Q8/ZC+uFtf2xnOa26SLcdtPIrrVoU4edUwJd9HEAhAUJ+FqIfdoYvYtNGywIBZayCLxWsi9UI6lSq42ZxJhqEyLftky+UUD3AqGZ6WL3mu6teiwPH20uNlslLPSfqsVKQ7e2MoVHgomA3yPI9pilnC2u++dKXP6vmElrFDcVCsbHtxKZy60BMHgMMtu7qx+1xnO04yJb1hauDpX9CAEU4Jxaok8442HIAjzK+umJEfK712karknmgvo1wGc765F1EO0xU+ryF/3iOgce+GbzJEgNhkxEjpt2236lEukMX8dVM9LQXgClQ5+KTEneXfs2cHFQIDbpcO9Rqb9+HZkZcpA0U7w/D8tiToN/BbaoXLA7ASnGksjN/WiBA3/sl7k+an+WjiFYL4Xi2n9YfyPtZdttVbU9F4cBpMAK0uDPQP+dtlOOlU8HHaf5BFqDrNvfB+yFjKCyklAMJ8cjM2/x7gdCaecTeZbYsN/FNZmXLvwaXn2AwhA0xLXo477iZ9Fkv84iFev5eA2Fu2wUmo6w90yvVN0hfv+5DslCcUgYc84yFpwa2RsjICLXXkt9ePlwQ4Q0kttnUUpbKkj0Lh0i4m5mT2l/bHA+/sw7NZtXO94GCwuQjMvjpRWWxcTz82pcsPWNW57+Ff+2ctUPJbklzY6y8oN6uxwefDrkBcTjax6g+DeVPieOn2Xrk9g9H4TkDYw185W6UZ5yq9gc77n8D/j1LcsY55l0FAd9gfNopkgw98fbK2ljODaYFX4/dKjbykc3gi5vkcXDUD0Eiutshh8Vj84PP8+fb+FMRO1mW8rNgU1f4XE428+qEZAkWhtnU/NqpK5mUAsO33QuKZOUNn87zYtffraaiuDZglU8mVRTfSdOxLGayzZy0VmjvfzfTNTlkfjM5b1nv9j89zPeGc/JN/sfv9CDp4WDK+u7/iU2ry2+virAqSxj9oPBkcLK7A1K1XUsMWY0IMlAvlMrno7dqvO7bRGsaDmYRAr+WsZIVbMz6Tx7xL5SUMm9FCAtmXkU4t/LFI9HKKXn8rREND2JEi6Z8yD10Q/ZsYXywnA6c7hrhmfbox2GL2c/L2fkA2lkr0WWhHDWChvOspgYKmQRaIqoYC0qLw8LN40I5JO0p6dpy8PxcIIGl8sxoJiVgQeTTCiGW3Qyf5F0jpCPBjwtSTSQTrxN1nmnRxKWYAyrdRM3I84wTEWcyELjm0Am7bICwK7bp9o7VigXlldr+qsJTZR2UPTa3kYIEAbvcIWYvmdTdoJOOY+3v11Gyq3UOt+sKW/0eOKx8L4U+FAOod8LpLeFjycdKN5osAgrQ6w9Mgq55Lqlais71dE0q7hxB/sHh8g5lv8duHh+fn7A2W8D7lk6Pg66QUpb3/9jByCH4MtWRvexsppRBv6I6k8z4I8UP9rKHn8e8OvusJHbLGbb10K8GmeHbuP1KYXergSUKgB1OnSuFZQeBSjDdI5a0HsQOa5yCPc3V/16SxiQPYXLlyvTZMJBuksbcuikBOehmCOSI77Ni/F4e41CLHpHHcYbuy338t2oF0oHx8r2quIzSjNiti2MVJASpqvbWgwxT+a0U0646lTY4EMLtTapAr4H+H6h1h649dKp5ucigiYJfmS0WLHDqOqVDRGskS6s9mcQRCtN8LhiFuK0wY/mZizJO/ZFgnICcXB2bQmVSssT7y8JQxdfyrtFZiNGa4LHfJMYGGQKZELh5C8sF47tRxH2STIuaGzf0RtbgWUrsiTYUEg0C/eGmvPdJ1BmLtoBg79Cgo43NPwb8Pk2oPojLDPjNWDGEpXl+BlCeQMesLs2emCb0QMEDNN+fkKU58asYSkty5nwGsv/9Mvj4AUaE0ENqs1bTWt2hMIKOXwG8S7oGHK1M0HzgEZSTcizuH8Id4BYOfc9yhMPMthmS4x97y+I2HaQX1gr6GGc0yYIRR+h0kzicgiInHfQ6CVr09QPt+V3oyR4nLujWZgjTEENW5Vw3q8Jxx5PHdS4BXZGXDg9NXYD4Fq1vaqBsY9mSHcFZSHZKStBeFCSWowwi7yRQip2bBukZncxBScnaxVXQtJLnUSmqLeTHJX4GLaYrbNjADINkglk9TL4ixy8mpJJ+7lgDtRdDyu2+lA2gnKRUWZ+OZbxpgzuWXTyTIkQYa3+WK8IPYTkZBB55DKqZ3s0rweqzlbPNhpcMu0AYRQqag3qHhkkuUGymilWyoCN5aINRh8Hju8KJPwmvLFld3bWigv4PDNpRmR586gjj1IhM8KV8wu+guBVM6EFc2oPMAESx8pCOLAToLO8L1a2mvKyY7zMlALUNUlvOa/ojLPd3PNvgiXKcLTl35rbauH43NxpWW5pgnV4GBd1wqhsoWZb6xwK0WDWEBkPUZ2KKDrTGU0/fC9AjFyqzKV4EnVQJkgtdCNH555KqwDcHbXvPqtg6vbD1GCwtZiDr3tO1IsswnV88JgN+juZNe/XvxURS2ry8hazYQm4Tf8Rj4mMDPW/Sf/1tNEwndAiwirdIa7y7pxwhZrTHVbA1Pvi7ZKbPpVHT99+thdV0VbkRA2w3hY8DXpEJ9Uo5BrGO1NrodAD33zWA0gVdrBf/wHb4acUBGHdrBAC26Tor+sPJ9EUQfODRhxIl7YnO7LSvkzZBXn7qQf6ndczX6dXi26zURRioc6ad2i07seLVDNgyjoEwsD0LKS2dkBroolNA0MPDCyoClglJsuGhRrmH7cGQbxDSU49St/h40bRQeF6eVurgmXPaU5CvK0ixSoW7Ucw8N6iYA7YN18ySiHx/Zl/9BfsL6EM5iaXiXFvXjsbI9lmyU+K0V29bDosCTcCeeV3p4njqgDxukjaeKw3EIWUPAPMyQBZlybDpOvK2zw0y6TPPz7kJSEOwiitB3T6JtFmDKibUGtamyQles9Av4LSyU5Mlyv+Yny9yLO+e10sOAvkl2vDxWkKjKlHRZ218GKcSDUrM8XHrMxfW0qq/dMhUtWmnUbyzqRzEeld5quiV0h4bhufzsm5FSp4qc5PJK6JKPgYXGMFVdTvSXnIZl1S4lx/9YlLH44+MyfdlC1Y63++dBefxl/3ovWyUiggLKhykSfE8enJBhdznzbFWHb0pVQDZ34lb2SNSq9OcdePo+qPCsxs36wMY0d9NsclVmtatDFqYXn37mbYlTzF9JSpo7WiYkEl8bkuIl5tvdCetJnwC9UFwyxMzNAd9LECi8XZtyfcBif//gUp8johM26zhXBq+yc713Cnd1PsvbUHtQuVC00N0gFb8/6UN6nMdDiFP2AdJKhSzw/hDqeKCIZJ9VCMtbxjcavlJKPb9LJC8nJOccE55iDDn6HO0XYCF1rlgUXl/S7DPnm4h77nZwJ0kA6icvkYcS25fyKDlIzcnDNrwRFWKpGPJvzK6VXhsXL0qFLSeeYu6zBHxvyrp09iPaOsEp7WmXEmFo4I2FYvBEwxt7aaB40mcQpHAWFC+p3LMWsdKjfLRuh6VBjJrW8t7YIQ7jxDgmVp6K2Wm61VHn0D1kvGBWZFjkYgbOoAf0/cdTxGn2kQvW8pJj0m/yeRUswY183Pd4hztEPtlS2gOX/p0Oo0WmdVEq/D3r9BeJg2NPnArnadUAdmNZvY5scIDYuv0nxFQw3E+bX+m+11cNWBJ7gZeh+L/Kfe0ABs9B+9Ha7yEIMbEFFgPO9Sa1XLH/VklIvbB1vlcie99ftxztR0pZ6d1PZpiCedDekKNC6wGuXb1PmmR5IfE7DCTmMMsEjTXwlCg7YTIWz9+S/pPFVIykrd50m2oRmzoWmWn161/lmRQnzTSwjrEbMRGqJjxn38RWglqbJNYmg+PQxQeDGjFNONez+qdhoUSk2UnF37bQtNrcjAVvcKXK9jhNjKhO0J7SHcZ58qBQlrLqHKcBY4VzjTpOwJHp/cg0A+RuTOzM9MwcizDc2jO9+XuNMMYs2NTPCTAdHXKWtt0zjiUaMuXSp3d2GLNW+7A5XQPItQVLtwzLXi2ZKkBsURgMGugL7OJ0s9u6wyQqn2QwxB6Am7Zhl63tw7+sGWD8n/uNpCtuhSo35Z8nterzbPAkfPCrSv217vXNdBRyWlKRNZXlLninkDmE8UpXdW5g5HqxVxebNN8nghAqG6OQJXowN1vL5bMpHyDQCA5VTnyj2stDMZUhaSR6f3F/Foc3iQtMxxjz47btYbDeN2EGX3Kj9MgF+1EhCNKrPomKq1U65ywmOJ+ii/QbnDn9K/Wdh6utrEhXPIOmz5W5WfWvG/joJ6sdpPYJnA6QYhi9X/8Du+8VNDFnp/5lBriMzs1fDxS8cpFLq2B1MNMmau9pOrICa+8BGF3fG5WkgOp+HabKnhNRuArSiS3JQ7p1OfDQusPrOj8mwkGQJulLX4twIy1Hh18QkB46sN4GWnvZdXjJnxlIUBJ1b3qCyArxCZ/x1Zm2HYM04av2S8lO2cu/9OqcSvW3saQPMKVg4M4hrwg7LN6ypNbbCRhXxvVgnboVAQMlZGgNA1H9oFt6l+Lpbj+LyJ4rUfb6Lqv+rOVaH22/yEFog82EEte+VG1LLEmssQ5Tst3N4xlUIAlHJXmeTOQcz1q65kI14HBmuKE8l9uydXeNIIAV0a68lWvXFwB6ZlVDR9GQOfaUJCbRFeOPyEzt8TqDQS8UxLGdSZBvSeFxUhU0iMnNrDpFVaDbclpNtieH3of173na1dAhMyha0RWwHGaTicRvJ40UXGlNswqz6s0CNpJaYrVT+dZg3CZn7n/GjSfQIHo82fOr+x2dIj7mSy6I2bifMNgtFeg8xCz6DO6kwE+TEmFEqwB3cQ/Wc+RWmvab2pRhOB6eW1xcOuSjpLkNt+DouBENjojAnPSivBLfldsasg+J7QRtTy6C7Oj4BkFn+80r3uQj+xKB0wPLY7V1f/oHnjG/qEoMIkqAbvX0vPsKOZLluHgbWEyjcHiCkW+o8ijrvU/sh2PpxKeT3nao5U2MVeLZ1cIZYdYPi5hIls7ClK6Na6HRHqfocDALOykMV5Ex9ONiE7b1YxAmH1K+n2ZXKo1Q3zDpxMYWZz1niFwUzhaflTUEHXvSaNOEwkjLGVYz9imbz51dtptjr7DC7BtxXgASSyYYAhOLiU/Yk58u0voH6ZqBxeFRZOVb1Cs9BlCXiq8/rNKGdB03xqqRFwRLEHOfCASumD1LFnMIAyZgRxd/kY3m1ErZncvaRwCT2WYZH25GbCIhwbTOM4n2MTfxABx5NMLGha/KXpwvWyfYd7elJBW587rpL18+SAdl0V7WZ6RWZVAST4X0oEUmH60qL4PWcWlcdk2MGibXOhqLwcDyPpnnvDf7eJfwZud3L1YP6KkkC3fggi/95G1f+qCZJFfbYw4jHNbc84+dYS7jNulrQrEfbXwxfZfPoXrx2TMFjNk15R4ASIfYNAmMRzsjvvcKoeqFMH0ktZvaZ2FiCxWHK+4iE4WOxdwEBA9IV5Ii9ceP+0UVb8FZWdZQyZYKFJU+5hzmMFb7b+7bWL0Ps1dx4GhUgiIJd7D3AmawYv7ziraLtgRXelwK0V3MWfPyRAbBoM9mPmd/jUFHKU1YWlzcRAKKxdOzBS26OGkuerB0eanNEsC2D9LIke4Z78/tpZLq7oskhL99h65gXNDgrKEcUlDdnpVhqH/Agr6no8AAJfOrsP3wKvhiBuTaZQgDT9WtW3e4PlSBFnsK/e4EdA9zHuoXAbMciN4T7fXJA6lll3PBMwCxYZzgTa6WmiXL5SCpEq3IMOESdFtEj+iJXBFMdIfsmy5+iW5s1Ymni8wDIk0Mrp5Q9iSKFe0ZymQKQZOMtBwnyZEp+3wuv5KuhzlDfk1FF/nphyazDROgsQQZwtEgJ55o7w/BMIWcfhF4oAEbWctWJ4uxKKuztQVJiTM8zcqRaQUZtKZy9k2mgzAcaUduDLPsQsJ1Ow1JbmYhFjb7KFtyL6AjAf2oI7WhPkgn2DxHERGsoTZiDe+/BqJTmJend6dJrKHdn0AaUOeSUiU75LlrRdpKXhZhaKNIwDmOYu+49ZY14RGCs5RTBTJaHGtKsml5JA2jYn0A8coJ6xGdhAKSfnDcZzatwY1AbFqlhtoF0bJ/aI3RH42R+OYGpxVVzAKpiJ0+Km/PSLMPUryqBF5LXpUi4lzuu0V+6J8EaZ7RSoAuFjT1zbfblud8npptidpDtpTXt0HN82mL6uIe7OB46uelyDdKJmmzPM7LgCRjOrMzZEgp9MF1gjH0kwMRfGpkDDA0G7aV1Fxsv6VPSOPjDbnK/UG1lJCvnFXMtuVrz454xQbMfBihaaejLUDqqZ96SGdfl6ennDnD3wgtyUKj7ev5q8+iiRnKBCzfLxWZ5kkgK+2FEFtj6tuYbIkgh8ylbDQW7uQtffw6pPR30APa3DaYGyh4iRF1A8OJ92FZmMYzS13eNGQq5OxpPk6v/Diq8lwZxticOeNUwgF4nEoUFrECzA7O72F8TapkHuzcb1cKX+ziTgSx3ljg9o6axU8Nj9P+XL4ajIhTd1za6bSlmDRc5vDh5TB1MkOkkiummWs4H1oKLaaQz1FJa9ZlUy1TegHtgWcZhi6+rULwVjmujEbRQNStcFe6TK0BLMkZmaOCoz8dCfWaAckrxM1p6yLbJmQZlfhMBrXPUKF40RBUevv3LzOuxtOeXhbs3JPpF469tI4wGxPiIhQznGgpqthaI8kVUKLqpdSeuNtXEQAa20LWUy5X4IJMasHVcLxmLIJ30mg6KeO/fNbnGNsmJcoNGKeHPa8AZCzIsFisSq1Ok8T1ceV31crW3K1syx+wobpqViBdlKhWwkKK/SAEZ+kgaUsHrp0l8Nz2D1lHDzMlAIpBKwp/jOuMJKRW+Ryb8ptFZcKXhx0qY3XGCSqfCSp1xjYKQF0smEDiTW9HRbxzSi2gMOHa5A3p7ZiMcqYRFMkE55SKXZP/nqwdPg8qK2edceS3tvdAOk2wiuXPzWsWX8DIybARE85zRw9Lge5KkTc9dqOHR3pwtQFITqYdBcMbBDoNoxsgaCTFH6MZPS6Uw6koIsuc1zjdZDVa+oPJd1gN7LgzgFqKl47EA9AvR+jfsBz2BvzGXhxi5eTrqHL5kzcJK6jeyJjWCyQ1fUkyn5TpiaowbF9b7YwRGo0lDFIbesTrMdYaEG2N2jtCguT21hb684X15wsfyAKUQLCcSb0SdVPp8W4i4tzrNXInMW8VypwgSagaVaCeurERIMxEU8bB1pmfrCS25SnfDEm+vRGG12/04058y2uxi5x++grv7K9CqQ1M9tubOJ+8UIBZB6gjdu9Yndvy+Y2OdoAVUL379vNOGOvx3U4I1f0tF06EjS6jiDNaiO++ywSc9d+ENPaKspCYql7OcvysBoPdJZPqbOvu+Cd9H9HsokaYiBL5EaUurY75IjcNiiK9KgtShLrcPPxF1a6jUUqgf5/f5Vwf+hu8lm0fmG0DS2GNefkTlidSOpZZ5LRWnA5U0HD0LXkW+VD46XDi5A/rO64NCSaUuic79Ijf4YwUwT3Ra/IGDJnmnU8T2HQffh6bNB00oW0cF3iIXq4/tyrZtEYaeaSMiRbYpjU+1wj4OoQxRiNVAbv/SK67G8f3+bYXBjkLruj/pDVx0XDPzVW5GlJg9TMqlaZH+6fT6/NxUZqj7w+mE3Hnx3M43H0sOPPTgStTqLKuQGpC64NJg7iNaI/ftZJ02/DS06Fb+cJi1hnz/MoDMEr9cDUivnK4cQNRbwsdT0XL86u3SlgQIuh2538Xo/Dnmb6QZRjiO9oOQsEggUMlfNJueDOpWWuEbHmaVwHQRsPBi4caxwLasTk</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:04:00,228 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:04:00,228 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110400Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1szr1omopviq2hf96clubrc7l9pa0yj3uh9udbj|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_0cb7bc999cc0b21f112a753ce1b6dde3|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxWwH6nOiAdscH5+s4ORz0+8uzI/QisgWrhjAgXss1xtO67RNjj0eGBXcHVY0UjA6yFTcMEvEPul3ctHlG2CKMLCbzFw8wF6NPFvDWMgwsrvbV6NcqIjy5bq+0U2PB25gOfDprEKBoCbqgqPqk6nQpQQ/nt3pjziM=|_fa808f33b7a307f128069207802af008|
2019-12-12 11:04:22,697 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10269-V8hEHrjYQjKjsX3MiHsOB9Va76uTLJq5
2019-12-12 11:04:22,697 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:04:22,698 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:04:22,698 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r"
    IsPassive="false" IssueInstant="2019-12-12T11:04:21.641Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>jSiTOWzBfKoTtXwNyu0ym1dS8yK1GhLxjR+Zw0K9P0o=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
tNtq7qDguXOPWHhom2qY38m+B7UP9MlEPl/Wkd/A3fWjmHFeWf+yhdWbrJfPdQvgsiFwPFp6CzZz
7VYUOf/WuGFuxiVkwT/uIHp3TjImt5TBGmTpK07WFg/mgohrAQUhjnqYV1vxY1HlzgXgORMPQ82b
TyJ13lXd1F+M07YMixO+yRrt0cw8HpmzgkIdrhIC49bUJgbXXXTy94PRk7kvtsdHXw4WP46QoPOp
EQFMDlen8bhH9w+Szl9WT2/JuQi9dWOdaRPA7WsCETKenqQ3qOAHK0NQ4UUpYBoH2YN7j5PJvups
kcbnbOCm+CqOi1tfVfROC8aB5VgjMJpsnN/ymw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:04:22,703 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-12-12 11:04:22,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:04:22,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:04:22,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:04:22,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:04:22,703 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:04:22,703 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:04:22,703 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:04:22,703 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:04:22,704 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:04:22,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:04:22,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:04:22,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:04:22,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:04:22,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r', issue instant '2019-12-12T11:04:21.641Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r"
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r"
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r"
2019-12-12 11:04:22,705 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:04:22,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:04:22,705 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:04:22,706 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:04:22,706 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:04:22,706 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:04:22,706 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:04:22,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:04:22,706 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:04:22,706 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:04:22,707 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:04:22,707 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:04:22,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:04:22,710 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:04:22,710 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:04:22.710Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:04:22,710 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:04:22,710 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:04:22,710 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:04:22,711 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:04:22,711 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:04:22,711 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:04:22,711 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:04:22,711 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:04:22,711 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:04:22,711 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:04:22,913 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:04:22,914 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:04:22,914 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:04:25,173 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:04:25,173 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:04:25,173 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1460779781::identifier=rick, context=org.apache.velocity.VelocityContext@6add45f7]
2019-12-12 11:04:25,174 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1460779781::identifier=rick, context=org.apache.velocity.VelocityContext@6add45f7]
2019-12-12 11:04:25,176 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:04:25,176 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:04:25,176 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:04:25,176 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:04:25,176 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:04:25,176 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:04:25,176 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:04:25,177 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d59df0ab3fe04f2ca7cd0a227bc0965958a4d4f92c96aa0cb4068d0c62c196cf for principal rick
2019-12-12 11:04:25,177 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d59df0ab3fe04f2ca7cd0a227bc0965958a4d4f92c96aa0cb4068d0c62c196cf
2019-12-12 11:04:25,177 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:04:25,178 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2c37aff1'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:04:25,179 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:04:25,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:04:25,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:04:25,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:04:25,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:04:25,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:04:25,379 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:04:25,964 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:04:25,964 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:04:25,965 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110425Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684665965}'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2c37aff1'
2019-12-12 11:04:25,965 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:04:25,965 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:04:25,966 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:04:25,967 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:04:25,967 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9f7c2b61b86bcfbacb591e16552c2912
2019-12-12 11:04:25,967 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9f7c2b61b86bcfbacb591e16552c2912 to Response _9bb0a1874b57fe2903c9128227ef0648
2019-12-12 11:04:25,967 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9f7c2b61b86bcfbacb591e16552c2912
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:04:25,970 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:04:25,973 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:04:25,973 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:04:25,973 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:04:25,974 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:04:25,974 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxefYhJq4XLDkQSbCB6f3rPIfoIhM7BUkB0vWaFtM95y67mdjOG62IZBRfymUXv1Db5ourQkOLhIs4VJI5Hzw+B5un3hEanJvy0+gv2Re4dSDAXhDDHxMRuG3xpfwb0iyBMnw+mwZwv9kNEC6sQA+0gnSofgj8D/4= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9f7c2b61b86bcfbacb591e16552c2912
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9f7c2b61b86bcfbacb591e16552c2912 did not already contain Conditions, one was added
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:09:25.965Z, to Assertion _9f7c2b61b86bcfbacb591e16552c2912
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9f7c2b61b86bcfbacb591e16552c2912 already contained Conditions, nothing was done
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9f7c2b61b86bcfbacb591e16552c2912 already contained Conditions, nothing was done
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:04:25,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9f7c2b61b86bcfbacb591e16552c2912
2019-12-12 11:04:25,975 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session d59df0ab3fe04f2ca7cd0a227bc0965958a4d4f92c96aa0cb4068d0c62c196cf
2019-12-12 11:04:25,975 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session d59df0ab3fe04f2ca7cd0a227bc0965958a4d4f92c96aa0cb4068d0c62c196cf
2019-12-12 11:04:25,975 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:04:25,975 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxefYhJq4XLDkQSbCB6f3rPIfoIhM7BUkB0vWaFtM95y67mdjOG62IZBRfymUXv1Db5ourQkOLhIs4VJI5Hzw+B5un3hEanJvy0+gv2Re4dSDAXhDDHxMRuG3xpfwb0iyBMnw+mwZwv9kNEC6sQA+0gnSofgj8D/4=
2019-12-12 11:04:25,976 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:04:25,976 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:04:25,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9f7c2b61b86bcfbacb591e16552c2912"
2019-12-12 11:04:25,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9f7c2b61b86bcfbacb591e16552c2912 and Element was [saml2:Assertion: null]
2019-12-12 11:04:25,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9f7c2b61b86bcfbacb591e16552c2912"
2019-12-12 11:04:25,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9f7c2b61b86bcfbacb591e16552c2912 and Element was [saml2:Assertion: null]
2019-12-12 11:04:25,984 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_9bb0a1874b57fe2903c9128227ef0648"
    InResponseTo="_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r"
    IssueInstant="2019-12-12T11:04:25.965Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9f7c2b61b86bcfbacb591e16552c2912"
        IssueInstant="2019-12-12T11:04:25.965Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_9f7c2b61b86bcfbacb591e16552c2912">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>7B3Nhoj6vzviOWxYui4JDRB08DOHJAvZOfUm5uatuPNu5qmsfBbNUaN8qVworGuidpuU/hkg/bMCsZgjYZzgkQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>mFYlUgDKsWBumcYfuwC6epc4BTQ34ZIBFTxl9xgUXHqvMfPKVFJWy46ssEyh7C4g8yz+CSTh2FtQdmewvSO/AvYLRByKiuQs4G6lNFuJQkHaTGXciuU5F+j0zO+J/+vfizIs17WudHUSg8OGaE4WrzCILnXj1c/30U5WtAUiaBXmZjXW4f0DApC+Gc4E9O+Wk0y7M0ato+FIZ/baNXfuuWXhCICWyeesW1HS6fCC1NkHBJDCUjwtgwYcI+lYouNXcklPhaJo26AnzMS5XvqUG46yiArVY3/6FE5xVCwMB6uRC0ZXaundSwJwiwA+XvoaYf/ZsO4ON4FcwLl30KYecQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxefYhJq4XLDkQSbCB6f3rPIfoIhM7BUkB0vWaFtM95y67mdjOG62IZBRfymUXv1Db5ourQkOLhIs4VJI5Hzw+B5un3hEanJvy0+gv2Re4dSDAXhDDHxMRuG3xpfwb0iyBMnw+mwZwv9kNEC6sQA+0gnSofgj8D/4=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r"
                    NotOnOrAfter="2019-12-12T11:09:25.974Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:04:25.965Z" NotOnOrAfter="2019-12-12T11:09:25.965Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:04:25.176Z" SessionIndex="_8244b87a871eb4a6743e8bbda0b836a5">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:04:25,993 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:04:25,993 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:04:25,993 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9bb0a1874b57fe2903c9128227ef0648"
2019-12-12 11:04:25,993 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9bb0a1874b57fe2903c9128227ef0648 and Element was [saml2p:Response: null]
2019-12-12 11:04:25,993 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9bb0a1874b57fe2903c9128227ef0648"
2019-12-12 11:04:25,993 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9bb0a1874b57fe2903c9128227ef0648 and Element was [saml2p:Response: null]
2019-12-12 11:04:25,996 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:04:25,996 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:04:25,996 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:04:25,996 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10269-V8hEHrjYQjKjsX3MiHsOB9Va76uTLJq5', encoded as 'TST-10269-V8hEHrjYQjKjsX3MiHsOB9Va76uTLJq5'
2019-12-12 11:04:26,007 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_9bb0a1874b57fe2903c9128227ef0648"
    InResponseTo="_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r"
    IssueInstant="2019-12-12T11:04:25.965Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_9bb0a1874b57fe2903c9128227ef0648">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>AvcY/EnFfDBppl3SH5ePNBUGm/kpy1tOfNPjC4UN/BAeUNFX0YnTb6Y31ZAxAoHcCDrYyMAATb26ENuxhGkbQg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>smha7M9gF85sGV6KomFlRmfvP39ZaxECLOrUVYmBsaNy+tqfvc0LgtwHPSh2afJ7cLYgK3pHwVfqdwZYv7jHarRnKsBSjx43rWZrj/DMBeRIlc9ZZa0gZfkXGdq2R9/mbMI70xtr1BbItJqlwm5BsXVii2G4hvGnxdJNdFNQt+uFTh8EQ+stJwc/V5fhw3FNRM1SDcKVpZc6L4elT+X/oyK88aZjcjp9JMCc052i1Oil2sRocZ8rZy24tDgErbAdxHNLhbWuMeUejVYHM5qXQJPSuQQvvDMdFHI4kfv3MsDR2D2+6UNK+sgzOafyd8VF87J+HShU0WMl/xzlxeqGQA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_5794491988493e15ea2e9d3a2a5c5abe"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_019d3220a7bbb05b3c78bcc073c556fc"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>J2t0Vsyjfec735G1zELUt2W+uDHOdTOAp+4EIZ586ukQbMoLNIkK9MUBiaXdeDDOuawQ28LQB/0RT2lrGd5yTz37FKhbw/kgnP+h2tkTlw/plRkZ9rcPNBRLo4InkiXNe9ziulNrq86yATLVbTyEGnPLOqk9tHwbVjpxK9kc3MKxFCQLB6r4pg0V5vtZS1dwBPD++ANvJa9NyyB+RXVnsR1YJ5fkpsG2kP0lqniHSRYSK3/i2aZIcKSykCkr6qF3Z4GTB/6xdJxVvnioQINWZh587dzj3KhKfO6qD+IUkh6aGY0U4L6Mgqz8VPWVXf4g4zFN+DyDE9KGplJ2guj23w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>nfI4ex8GOPnaMPohPjfU4bKCnyf/3gUyf4dmzTDm0kejx3TxqRUi0mmDKzvDvWfUlSakpj7qmPFmnwFQn+RxYZEh4lvA/7sTMBzfnQC2Y6nzz7EzYNkjzDyZLQpU5ks2gHgq/R5t62cuzo9wqPvJcWJo3WEm7vOaqrZyxq9NPUdg6tRLYnyb7Md/wv7PEqcS2+nJy3cr9XtI9RyGY5ruTwrBuZO2qZCylHuSwpcJmazT8l4JNbEMktzSePEkVRTuSx3FASaxM8aRRI6A81M1ZhRh6jAjVn56nEyyOq/byMPfnidUqwzWQSuy8+QlhCK7u/HVWJIqNgIS8fgokN2iLob0W3tJxVv0DnTe/P6pRQaYIvH5pB9WdabuwIevv0W8DvDc6L3lNwbIyN2vMy8OHyMSuU1/hwP/6p+fk0rgkkq43yKiycH6iVCYQTIfVvEKq8DF0AYukBRC6gQQioDGG8XxVlJDhVQReXr5/SttnpMKkaXILkXckNQ8Iiz7SqXH2x+wQGFSWAhH6hHUTKMob4LAXfBKRuSAgJhKSP75RORhk4cX3SKMmFIKC2HW/7cyqNMknXBm8oeZGkQEsKh+iXwcvaxUEP/tOYReniMY15r1QKnWSlJJRMdPEiOkJTQK5fRX76Qrkp3h/2OeLBOmpL7Bn21wwDSGla0X6f5oY/shskJW3nhT9xLcy9hQelUPvW0xkzgNh5/nLgHIPL2iTWbO+Hfw/oShBCtO98go4xgDuQTCpL3fOEqMw6ooS2uVp/+OxGwak58ozDiLqYh7fyBEZR3wK0emtUWlbqDReOqD+MCGo/Y/p85z+2WT8VsGzr72AujkuZbiqxkrnhHqADjpnrkzpTwrkmqruwX2PVBgR+yz6BfVVeJ2awFLU2/5bqXVw2WaFLmV7VqRRJDf4BaHrbxQArA8T9ZF0adhJ/hpHN0xL7a5wtg7w/Spa3wkAjPaM/5dr0N4/LHh7cSJ2gjyZ8PDZCGuG9FPzunh1hHRiR1XbY+Z2fV6QdkJhEdxM8DpZdueQ3DMaOobyqBrIYiyVtXgrtXFHp9wB13efxJi3318/dj6wDqe7hLfBRKyPayxt1i90zDQp7dCqzJx2mJ48+/1XP7xMIX/4U6qFj7Hl1ip5a47UPQOijXYB49nSza8KwVsz+cAx8mR8PJ0gR2TWZRPRKjJGEoYg7BDSdPVkyfhLXllp6b+tOybhw92LXaISd5ycJIqFHVRQWlXZ3bw+2jgdPm2ZEEX0AKMdwz8AdZ80VU1O+s3FnpjLOD7uh/H/QsqpUt0e2MII9UJYzgtmgZfOBFWPhmyME+t3eVA527UrR2oQJPKEnWwtZ9xoHsQWVJdFsHZ2DwJor6MzKUsYMVDE9rIJYkVIUEu2ZCPm/MN+KOXNOs4Ctprwc8u242Da+KxEg2ESCRxJTzk/TcEQUCnxjvihLfMKOl05NVmhQ3O8EItXgOTkziGdNX+QzMLaUXho+F3UXQe3+waR5wAIRgAf6USMMV9oXOVE3sDebOhOFXdbAMQbXYOdoksSPjAHHATM/xa2ijroEQlGPuJFB3tiY/6vixW95kxuW5cRFzj6vP+6PgBhsDDHcBXnYA6iGG8LZo/gAqmjrnD6j53WoTQ1wyJGYdH8sykaTuUDaWHdnCh/rOjHiVHq4pIPx7XTs0Ie41K5vejRu1V1y/l+l/YupzXV656r7VqxNgiJy3PXjTdASgUiE2cgIE3FQfg3lnc9ejuAqVhKiJNTtm1GsMDRbta0TqYHxF+6iAa4Pg/UjpJ9pfy8iyeP6XmyVybhd5oJOVn+49IZxrL+M0yBBUijJrEnsoriz2SrmlcTgD3KMgvEzzdM3A/h9TRd2x9vmw9/TCgqwbL6vvVImBRwDvdTpDUFg/AeCM8PEmkhaXvZMlorn0KqEzLByul9it4gj3UKch37f63wZJPRY24aUgIQEGobdTVd17+9xTg+r2E3GkGw4ASGx7VtOz5Oibo8+U76ZRvSSafVL0NI9ri8uJAzl3aptguTXK8NnCOBuW+iklIzPpwzCdO83bIP2MZvzDtgHClrdyv0OytfAGlhFWG2xmrYECzvVNbSkOrpBGD25k4KwElXkiGi8Q0m9m7cBtZ+SMol+U0f+4MUoZ8he6gn8JDeH4BSgwPaf1TTm9AxyrUfNVcUhdOkeyRf2cjMpkpVzSQt3DWXHYovMqyeKpH+48TTkQXldSeBUh8DI/5k4v1CtMykNY6JO59jcbj6qSRWzkGbLivTu1SiBt/wzRI8HgoFsVbKQf21te2Pzxn962+F7eNLiAQMH2+SDCLUavauYKCaVpMz3HotBCryooiXLoSJnhfDutCWrWNv7Uw7Te45Eb+KQZ4f/UtZdga81XSrbVx4TCPsz0t+LoU6np+2gX7Q4qoyCduJtGWRbqRoAtqq2gVOOhvrrXdGRQino9mT6Sp+A3miIc8vbjrBOTqxo2aopyjUdy91GnXaTklq2JUPbXEpkw0887Jj3ZwT5FnhX8vU6Ei+5K3U7xaOKn1sE60kcgHDodBft18AIKZEoPOmq6Rt9u7dz0RCWcKNR7bbxnqYWsvpn6FhhFRA5c2vuqQxe4mbV0M8unfbg2dGN0V97UEk70Xg04KbB4jXYsGe7eblWKM/guByqwc62kro6HoKYSUCBX0bZlopsJCDrU2ThOVMRKHfRYEa14aFbsCJoAfYVXk1N2jbwgNSTC2R9GUknmNbp9i/PzGv0v7HNCjT+vQ/7+XtwSjeqX24ChsE1yykMtp/hw2SpQN7mTIitiCL59M9hX4NgbOj6dCasN28xXM6GvdChwWUpJOjZwUjq0u1NWUwaj3Sdav98cbpqVT4taPjOGsGobXNCn0dp0V0apU4FtwUvPHnEVearjCOBlbXaHtDzuqx3upVZhHskKhBv+3EKLUJ4h0ewYiVS44fnCwHj798jIV0aQXtOObcbZO4CWqylWCfg2IiZKplLhfep/i0p9UJaeceI/LAJxd8aC2EUaoQPrfSc98Cv0siJhFdDkkE+RzFYmHlQmxVqh5G8oeuAC4uM5Fgq2+sZLDf1LIGLKBrIeIIUof1qWXnAYa347s79okboFPeUOKOspmBf5O4OgaFumHrj7syF1uNbILyb66G4U3tMVYwkjwYp1QlT/vTDtbHHRFn/qtfbROJ6dIRVFcR85bvmw1Wi0v3FLkAG+FsMt9HflY6MPgVKe2KHXklBnsZyFXCqiqdO0mNEpXnddHTZ7fzixpDWFCc7Mc6T7GtH2ogZSt6Vuwe8tR8QwYfDXGdK7wPiHTbW3lvPz2KxvyJTIKEwnIiHHBUXY/fHi6RfxrpqlDaf4M1ughNlIQTcNoHlvjBf4z+zkkxAJNBubdFNvZ3swbfwLzxRj3RWZn27re8d/CbOGZdkp3lYEl5DXdr2sCPQAAMvyTPDJI/aQJDwi/pyCGFAJ8yzs8C6Y9fCtCUFK5J6hlHqg0F5AItv2X0H/u7tJVTr8IsFb0jcqPBCuHcwS+MjH2x/dE7AkCudRdkFX1qqAfLr/j+iGnmxkkmxQ66C9ZSI6oj4nMAM9chyl7llZtxaYsp4sCcSYQfyHYDx1hisD9YJIpEDUzFoyRjMepwNFXggWkqv3Qh4mYOPrgPrIpuV0b41nsm8GmC5YWYTIuf8ReU1/x/NOqeX065rpnoc21sRrQVvPYpo0H0eIvJVpdkt3e1ZcNuJn5WUQk37huBbAZuczsiWp7oeoLMAbuzS1stmBoIgb7pB5KyIijgCyRF0QXVaZ8PhinzonaZ00xWpFZYg7FMbePskBalH4AC6xWxhpNQCebqSW0fdTm/kRIKtQbEq+nKIhjrXC9aYQksikBJATBapkmDoqMa4IZaGN4DVk/zQhmvsHN3VV+ocLeA3/YSn60OcvXOTMTHOCeT5e9/smTrx6DYJbQmQY+RFFkN7W+l3jZMdvnEaFCLMGygp3zBtu1Qt5lQJAbAAwWe/yk6BmU4X8cn+Md8HKOB3bQ6EkRQYb2LGXzWqmDaGCgBnpAjwGBrzaRPHcLvhJQbmzCUPWkwcXMvyAIWmtvN6CsWbe/ah2sc1wVN9tMCJSW2+QFZIOVHmLOGjD4QQB7iBJUnH8KR3ISjbSYEosfJ53h4Oov67d254W4/xVwI02QvLbeGX4vnWqiFCz7TK3/wyWP05+XKFw9bjnmI3Pt13FhInvlfM06l4DPvrE82z125LRSBy0euXlJQIm709jCqcUSrB+1KJlj2xueOQqDS2kXjtzpmBbBNq21iKdczATzrlYY43pVIknj94KctuqIUO/mBKe1ByaxfJL/tlE+8Rdv20yLKHnrsCNLZzvPLqKdY6GM59AloV5jlpFKlYFjJ3Spln6vCAWHu2JWrgMR/TnjNyYzzw16gEmiCRetj1RM0ZIGDZpqXPHG6s1MpeVTREEnS/1tqEn+gZmafEZNfhm4aXx9CqW92+5ICz1Xj3tdOYyIZnUyIKcGdQKM/2uuzObyptn/pa4xpu94BIV0UgyqgkAX+vsdK0XW09Mg0F5iNwjoIXNuwUG8dBRnr6C1XAWcrfSV54uIaFVtM4eaM/F0z9HbRKfHcmlSh+HP0ENq/Kg0l4cEGTgX1+WWGrTYyUBKdE1GGrZTtbNhBlRsu/FnGFIGuPt9ND3cD66kOoRRJJLe7G6QsfPY4q1vEoeDhWIVcH4KjMXZy3GKBi0TxvRdx0lTS23DBIEx2QYH77BKIEcXJP/HwUZQ6jLhCm+GjMN18TAFLUW5ButdJRP/pLH9U8Pvgo9OaVpcAYDjujLmSaT6U2xyKQ/5Et2ktp7LQlPcYItwoxxQaTi2L2gZ+yySqaEHJfAYJEATnSMDUkFmBLid3eSc/2Nf0mPQCrB8eIXLr3SxEIaaoGi2UsrqoW1mEA7pje5BwzDEPH9DbsC/vCQVE9u1gw8iIkn1t4vostfdDKBRU/bNL6KVWtyj6HJZaj6RrBYbZY5y/cAkSPC7toz7p6jV6BGDSJNEm+e/wQXYUfgppBthL57G4swLc9aXhuKn4HsnjfSk5N5YYNm3zx5rqHcQF3XADHwXzOw920VE74guXrsdwAOX2apuV23wt2dQNm33ysV2xVnEcTkCWbsNds1zF5blI0lTbCyx1VX1rrJ3X6BTv8iNnhKP0Ru7MEIVLTZnJC6UO0b51wxCmB1GXEhG1YmIdKqsgPjdvHIZRDUZ/e3QKk0krjogJgvLrKIXUD11HcQuInufGxdQhN+aBVlmV3zjeUu9aOzvWuYgQR9tSdLUd6T8x6NKyEIoGDHS35MrhuEwF/GJk5Bihi9wdnHFSR7f0D2h6cObj4pN+NzpRxb3TCc+GMZB7/9b+q0nQ4WrrC1gkWh1xXx9wwNPGF53lBVpLXHHVy7av6rbbvNUBpOC+UhekBx1QFQ2118HK3qmayEZC/xDq02dHsesX8dtTJiBhISgMYipBvYBd9LJBeriZ4Ku75vZB0oH8E1FZticzERLPfcK3t2odaHoxyq7O1K4yXP83roCNzjCqT8ZuUdy3PVU6OFALRO3UUPv92C7L4w6ttqYTj0V3glttPAcjuLnvcSFkGIQRZaSXVan7qOR2/g6AUoNK/XjZfV3ZQV69aWh18M8BpllOewZ/oI5rL/BLzx+4yCM3gIhXvSjxHoOlkmUpY4I/ENJPrpX5kLmko+ptTC8vg4P0Bl0AYc4V9gnGbAWMsJQvu4ZBoubcKsuHo/6DtF1hfUyxXEfui+Xw5kqrF1uToYHAH03CdhI4hcY0dw3LUwIryUlEcVb2NoPcmnLnGNfC6DiANzRNjI5k8ERXh05KGB4JiVqxw1Lj0U/6KyIifoxyIJ6uQFYtMXsplLB+xgmdey5a9ZCkZCGp3wpJzJzmh6RbKW9QfpHFvS1SZAJkTGiSIw67arzteeCxgSRNZgFEC0jXpVmyslR/ztnj9VxhFABn/ouNba33c1t6f24jc3XoYYQ2JnHKiq9EuAtJ030X8mg19nuuO7OcjgTQLUuVZ26lUvMnA1YlsfsX5rUZaCkRXT2daPLess9xJWcd9sMyXfw9YMIqY8vvFEtjJzaAB9WC4KbtTaiUHE96fp0148Sbxkh8h5xVHr56Zrjk/PxE/kPnlE1TWtmKn8+wS7MMQc30o3QfJEcBllG6lcXdtoBL0EUopDthPSzUfD7kWbbQz3/VUKHIfI5vEpkr2HvCo59USGo4kzpi9DeJe3vv/r8DlZwVYjt5bXdg3p7Vw1NbTcKDxbzYSvCw+5f5eZjVxbML0Cq5NIFn+a+EMjqYsbD/lefo79xpNmd/pXVN0XP2XcUK4jzummjGqfJHyvu3nXZzk6cm6yldP1PTY00pEKqVJUtdTzAg9K5QIjyXElTTWRcUKPMFUUoWxk4fCQ2YInhxT9GUa1L0P4K+3YSl5IsBD4oFjMEHxOqeU1VHcZRaDSH51O1jxL2Og04ULX7qK0erdpNsnf/DnTQnggav1kAdEPWamJ6iyeJBDmPMZLfMr+08oZbM64nr/w5sZ7m+CIZrZLx6enGFvSftqjYsvBABHz0MOBUC80I/zyhI/i3rVEBlP00QMODWoCa8n3w5iZZXK/s8fmoI4Y4iuVjHsp0J7DB9Q6ByxFkF0Y8rKas0JUUgXaGdhX4QjS0mRwzg6mJbQMCcYyC3f5sZuwaKiRrvFiqOiptc3V1QQB/VqTOphpZA8u6thNj8PqBSrC4CudiVdhAeYXaMidNJbIhFRIyqSzk9FxH2uV0vVNV+fZym5ufqrCktKXnglWjF6yZUEgtvbKdUv/o9+jAAM9SstmbhfqSLXp/WQBhaViR1j2wUjeZrwwWNz9RbF5SKYUKqUOF3gIshcyNZkJq9xWzfD5p2dalGD0dlZ3fn6xNA8gDxHxhvB/+L8QB8M7tX0DTZa3t0NhU55ivLBpO81wSA4yTtEWhRwxC9gFcYRwP2cha4bp2d/EBhwtOeDk3NAynFGK4tTb3KqOkn2qkFCIS/sYi2gaU/HXMzEuucjKkJdSIbOizRQAlWtnr3sqW5wjEl8FXRw/Y9ynDOsduKfyHhQam8P233Zut0ZqsrLcxicwuR5kk2dHUBqswhUaWKkX9XLvVMkkYfOXkJMKS/q5dDVj9bj4hmEDjG3+l36YbXaC3uL0hbgnkTwMgttEosl3//fIt58RfAB4Q2mNIty9cl9xKEp8pA/TKxT+wFbOJFS7arIaQtJnzO72RDEzkiDTa+7NMFgxNRbUuzA65xoi4SBiB5nwMwYwu7mGnIg/f9Jbde48gwvinA1L4h8cDkGYGocyGAs88I0EnlXoNStEPxRmGX4wP4xNl4BCH01681wuHh5WkpATmQWH74lcGOLXB6V/U6EWRXO8WdStfn3ZpWUYJg61ds8CiyZOKUstCaHa3FqUIblZOiEe8GPkSLd6Dh4p9cKegrI3Cc5P9Im2vu66qR3sRECV/M87t53PcwQWNrhSorafwRHcZjuYY37QRgGS0tWiL7OsxKNtgWCG4YV/Sp8dqZrthXiSTSfVs1IlC+Zh/Z1PU/mGO8zdhqUXyL+erQOLf3VwnA9j9qVlrftEohGTaq6wumYQfNvLfwgO7r5R95qelNjki7d5BFJWr6T5AXf1OBvrJaXd5y5uLUXc+puHaMfuoRGCStkB7sKxE+ogj5zocxV9A6kvM2GtICrdYfy4xN4QgxDxXAFyRf5AWu1cYu+E2HVYihh+Ijo0HcvHxOp6U7cjSFMHX/TusdVCwNKPV6PzR0aVk3JpqKGPpQtwnxLEusmo98F5Kepuvvv9K5XgFOFZQE4PRFDoPHtH7Y9gKop3QjATh06wxH+ZC/vazPuISV5DVrv9YxynlQx8Jb49CHWfj1qAMBptmYGaCPDEYfq7amAFLDd4l8/8C3ltgmJo0otffR+dQaZx1pYznDkaZEDccBuJ0rX1ZJi08ApvEdlMeyQa2e3qfCHstHuhs1Vu3Uo/q7agrhhaB3rL6bfO5IckZ/IYTCOgzg0jtWZLTiSYaqgXqr6uNjF/stdtsaX1DoHvU2ay9NwNU1/57g82a/+HGI8VkEkP7b6E7nrFPQZiP/kYxSrqe7eS0o+zL1yxRgKjUptjfLsBJVYGohnLsW+304OSjo7KInM/w7n7kldUaYEmkd9Z4</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:04:26,007 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:04:26,008 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110426Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_xvpk6a3d8feqxw3pmrefunatilacpzdigrllc7r|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9bb0a1874b57fe2903c9128227ef0648|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxefYhJq4XLDkQSbCB6f3rPIfoIhM7BUkB0vWaFtM95y67mdjOG62IZBRfymUXv1Db5ourQkOLhIs4VJI5Hzw+B5un3hEanJvy0+gv2Re4dSDAXhDDHxMRuG3xpfwb0iyBMnw+mwZwv9kNEC6sQA+0gnSofgj8D/4=|_9f7c2b61b86bcfbacb591e16552c2912|
2019-12-12 11:05:17,130 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ZXlKMWMyVnlVRzl2YkVsa0lqb2laWFV0ZDJWemRDMHhYemxZVFdoa04wVmxjaUlzSW5CeWIzWnBaR1Z5VG1GdFpTSTZJbE5CVFV3dFZHVnpkQ0lzSW1Oc2FXVnVkRWxrSWpvaU5qQTBiREp1YWpSek9Ua3lZemxrYURWMlptTmxiMjFsWkdZaUxDSnlaV1JwY21WamRGVlNTU0k2SW1oMGRIQnpPaTh2ZDNkM0xtZHZiMmRzWlM1amIyMGlMQ0p5WlhOd2IyNXpaVlI1Y0dVaU9pSjBiMnRsYmlJc0luQnliM1pwWkdWeVZIbHdaU0k2SWxOQlRVd2lMQ0p6WTI5d1pYTWlPbHNpWlcxaGFXd2lMQ0p2Y0dWdWFXUWlYU3dpYzNSaGRHVWlPbTUxYkd3c0ltTnZaR1ZEYUdGc2JHVnVaMlVpT201MWJHd3NJbU52WkdWRGFHRnNiR1Z1WjJWTlpYUm9iMlFpT201MWJHd3NJbTV2Ym1ObElqb2lRak5mTUU1RVlsTjJOM0pzYW5nM1VVSk1TelYxYlhWZmFFb3dRVUpqZHpkTmRXcG1SWGxLUkV0bmRHZ3djakY1TlZJNVIydDZlblZFT0ZOM1ZEbFpWMHBrTTJWeVRETktkWGR6VUdsak16aHBka2RqUjJKSFVERm1jVkF4Y0V4SlZVbHpOMEptUm5NMFVuSnZVRXB5UkRKck5HOHdZMXBUWDFsblZGUmtMVVZ0Um1zeVNFNWhRMmhUVlhsU1JVRm9NMGx2U0Zvd09GSnBRWEZHWldSTFQxazJkMnRvUmtseVpVZDNJaXdpYzJWeWRtVnlTRzl6ZEZCdmNuUWlPaUpwWkhSbGJtRnVkRFl0YVdSbGJuUnBkSGt1WVhWMGFDNWxkUzEzWlhOMExURXVZVzFoZW05dVkyOW5ibWwwYnk1amIyMGlMQ0pqY21WaGRHbHZibFJwYldWVFpXTnZibVJ6SWpveE5UYzJNVFE0TnpFM0xDSnpaWE56YVc5dUlqcHVkV3hzTENKMWMyVnlRWFIwY21saWRYUmxjeUk2Ym5Wc2JDd2lhWE5UZEdGMFpVWnZja3hwYm10cGJtZFRaWE56YVc5dUlqcG1ZV3h6WlgwPTpMYVNGTitBM0RSS0hhRUVFeEd6TFBsS3ZGTTNqcmRuRkptYk81MU52WTZrPQ==
2019-12-12 11:05:17,131 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-12-12 11:05:17,131 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-12-12 11:05:17,131 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://idtenant6-identity.auth.eu-west-1.amazoncognito.com/saml2/idpresponse"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_4bf61613-5ad8-46d1-900b-8cd6460be10e"
    IssueInstant="2019-12-12T11:05:17.022Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer</saml2:Issuer>
</saml2p:AuthnRequest>

2019-12-12 11:05:17,136 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer' from origin source
2019-12-12 11:05:17,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:05:17,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:05:17,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:05:17,136 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:05:17,136 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:05:17,136 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:05:17,136 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:05:17,136 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer
2019-12-12 11:05:17,136 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:17,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:05:17,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:05:17,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-12-12 11:05:17,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:05:17,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4bf61613-5ad8-46d1-900b-8cd6460be10e', issue instant '2019-12-12T11:05:17.022Z', entityID 'urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer'
2019-12-12 11:05:17,137 - ERROR [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'urn:amazon:cognito:sp:eu-west-1_9XMhd7Eer' indicates AuthnRequests must be signed, but inbound message was not signed
2019-12-12 11:05:17,137 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2019-12-12 11:05:17,138 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-12-12 11:05:18,549 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10271-6ryrljudc7E1cpqrZeUBU5gKuWmzAenw
2019-12-12 11:05:18,549 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:05:18,550 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:05:18,550 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh"
    IsPassive="false" IssueInstant="2019-12-12T11:05:17.687Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>gXoQQ44k5zxJImdt0QPvXCJMhYq6ZQ22n4V01oLDffg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
m58MHXWV1qbJyRWntWOSYH6ON6RwtTJDUOUq+T/CsQfedX3RMVamRRZSo3o2SKG8ECeABO71z63r
e2Nddc8GnJxtmqkxtElyk/BXA2Y82zj46n7vKJ3bIzJp0qzAV/r/hdamAeqy4pwSGW1n5HC0uZlC
LGe5vMxUZx930aH26rkZA/uvTaqfegYmY2E2CuyxqVowlk5r9rHhVigKI2zk3juTq1x9Ysh4BWFq
t/f6aok9vYXXF7bqzepz+JXLoa8eOfNGCpT/9eSuLWWMEmzOaPYacZdvC/2X1HrKo6mFvi47l/tz
BR1TL6qXbsqAPcRIX5mJY4S1iRS5LyaA6qWRUg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:05:18,551 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2019-12-12 11:05:18,551 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:05:18,551 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:05:18,551 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:05:18,551 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:05:18,551 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:05:18,551 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:05:18,551 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:05:18,551 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:05:18,552 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh', issue instant '2019-12-12T11:05:17.687Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:05:18,552 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh"
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh"
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh"
2019-12-12 11:05:18,553 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:05:18,553 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:05:18,553 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:05:18,553 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:05:18,553 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:05:18,553 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:05:18,553 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:05:18,553 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:05:18,554 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:05:18,554 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:05:18,561 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:05:18,561 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:05:18.561Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:05:18,561 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:05:18,561 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:05:18,561 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:05:18,562 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:05:18,562 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:05:18,562 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:18,562 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:05:18,562 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:05:18,562 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:05:18,562 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:05:18,729 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:05:18,729 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:05:18,729 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:05:20,758 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:05:20,758 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:05:20,758 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1376196768::identifier=rick, context=org.apache.velocity.VelocityContext@3ce6e1a4]
2019-12-12 11:05:20,759 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1376196768::identifier=rick, context=org.apache.velocity.VelocityContext@3ce6e1a4]
2019-12-12 11:05:20,761 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 760180878565d49aa6a2e29257fe1ee39fe8f96869397ec15aabd20e1bfebaf1 for principal rick
2019-12-12 11:05:20,761 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 760180878565d49aa6a2e29257fe1ee39fe8f96869397ec15aabd20e1bfebaf1
2019-12-12 11:05:20,762 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:05:20,763 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2c2fed2b'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:05:20,764 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:05:20,930 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:05:20,930 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:05:20,930 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:05:20,930 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:05:20,930 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:05:20,930 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:05:21,445 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110521Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684721445}'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2c2fed2b'
2019-12-12 11:05:21,445 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:21,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:05:21,446 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:05:21,447 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:05:21,447 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _59e7daaa615c427edded6905184f31ad
2019-12-12 11:05:21,447 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _59e7daaa615c427edded6905184f31ad to Response _58ab4f8f45cd700e7b89fecb39ed9054
2019-12-12 11:05:21,447 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _59e7daaa615c427edded6905184f31ad
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:05:21,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:05:21,450 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:05:21,450 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:05:21,450 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxFbHyazRFwY6n1UqFrA1of22Ce7KTyzX7j7YsWQXHB/4kCYDh/sXzxmr76F8e/aYLNXo08K09R4l2+1gEKno05l7lOehCKyDoKPQMMdCuOlTAWexvY+bpguoWI593j8FBzXMXFr496ok8KY/Xxkf/HD+KzK5N4Nw= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.1.206
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _59e7daaa615c427edded6905184f31ad
2019-12-12 11:05:21,450 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _59e7daaa615c427edded6905184f31ad did not already contain Conditions, one was added
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:10:21.446Z, to Assertion _59e7daaa615c427edded6905184f31ad
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _59e7daaa615c427edded6905184f31ad already contained Conditions, nothing was done
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _59e7daaa615c427edded6905184f31ad already contained Conditions, nothing was done
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:05:21,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _59e7daaa615c427edded6905184f31ad
2019-12-12 11:05:21,451 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 760180878565d49aa6a2e29257fe1ee39fe8f96869397ec15aabd20e1bfebaf1
2019-12-12 11:05:21,451 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 760180878565d49aa6a2e29257fe1ee39fe8f96869397ec15aabd20e1bfebaf1
2019-12-12 11:05:21,451 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:05:21,452 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxFbHyazRFwY6n1UqFrA1of22Ce7KTyzX7j7YsWQXHB/4kCYDh/sXzxmr76F8e/aYLNXo08K09R4l2+1gEKno05l7lOehCKyDoKPQMMdCuOlTAWexvY+bpguoWI593j8FBzXMXFr496ok8KY/Xxkf/HD+KzK5N4Nw=
2019-12-12 11:05:21,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:05:21,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:05:21,452 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_59e7daaa615c427edded6905184f31ad"
2019-12-12 11:05:21,452 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _59e7daaa615c427edded6905184f31ad and Element was [saml2:Assertion: null]
2019-12-12 11:05:21,452 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_59e7daaa615c427edded6905184f31ad"
2019-12-12 11:05:21,452 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _59e7daaa615c427edded6905184f31ad and Element was [saml2:Assertion: null]
2019-12-12 11:05:21,454 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_58ab4f8f45cd700e7b89fecb39ed9054"
    InResponseTo="_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh"
    IssueInstant="2019-12-12T11:05:21.446Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_59e7daaa615c427edded6905184f31ad"
        IssueInstant="2019-12-12T11:05:21.446Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_59e7daaa615c427edded6905184f31ad">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>qq+WpNOg7VVQppBFubQrh596ULqVePji6Z32+ESgjJ6bba47JeUKj54QK66XZ9jNguto9zB2HpcQl1tJUhqL0A==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>GWdaMY8ADjTz8qWSRnfVZ/3HPlIVxcOsBMRJLfoQ9voiMuOlhMWuJSaSIB+aaxY4fFqEZZgSJw1daMLrp54wc/Nmaj5xk1ZLhhoQAp7Mqi2YjNcPiagPD6uOFLqkxBVaslg91kI5E6twnr+Ul+ZeS40djniRXuDUNKRrd1XPXvaC23GEDXYpyi7T09s/xojMKaWbS9u/Ql2GwI9sjqu037Clv4lEsUzOMWRA22rmtr0wg/NyxwJUaQMtVnCNE/9HKFJkXSkaChqoKpNSUXkdT8xs7nBsBa9vSaivhbhiXf3ENNS0WVZpjp1mlUvQRnbI4ZxuqW0dYvOQwo6u/mRPAw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxFbHyazRFwY6n1UqFrA1of22Ce7KTyzX7j7YsWQXHB/4kCYDh/sXzxmr76F8e/aYLNXo08K09R4l2+1gEKno05l7lOehCKyDoKPQMMdCuOlTAWexvY+bpguoWI593j8FBzXMXFr496ok8KY/Xxkf/HD+KzK5N4Nw=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.1.206"
                    InResponseTo="_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh"
                    NotOnOrAfter="2019-12-12T11:10:21.450Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:05:21.446Z" NotOnOrAfter="2019-12-12T11:10:21.446Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:05:20.761Z" SessionIndex="_14b811b236a5b4683f8ef6e6a79ac779">
            <saml2:SubjectLocality Address="172.31.1.206"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:05:21,456 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:05:21,456 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:05:21,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_58ab4f8f45cd700e7b89fecb39ed9054"
2019-12-12 11:05:21,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _58ab4f8f45cd700e7b89fecb39ed9054 and Element was [saml2p:Response: null]
2019-12-12 11:05:21,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_58ab4f8f45cd700e7b89fecb39ed9054"
2019-12-12 11:05:21,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _58ab4f8f45cd700e7b89fecb39ed9054 and Element was [saml2p:Response: null]
2019-12-12 11:05:21,458 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:05:21,458 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:05:21,458 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:05:21,458 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10271-6ryrljudc7E1cpqrZeUBU5gKuWmzAenw', encoded as 'TST-10271-6ryrljudc7E1cpqrZeUBU5gKuWmzAenw'
2019-12-12 11:05:21,460 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_58ab4f8f45cd700e7b89fecb39ed9054"
    InResponseTo="_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh"
    IssueInstant="2019-12-12T11:05:21.446Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_58ab4f8f45cd700e7b89fecb39ed9054">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>GD50/ig27XC622mHI+zDV1fKvb6TUg9bbzWROc71bgmZkCsc3Q57WblUAaxeC82QxTatsLwmWobZb38Yx7LHrQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>BoFxfbVexF9d1KjcbhAWWzgUG59zb9RDTak0sTwmFll8m4c0iZfFTntqleHq5SHAtwocjtJabxP6QGG64wU8VGlWHo7R8uQ+DqXIeyTolu28bZOdrWrKwqEz4HSHuw/Q0S96lysnEcc5QeU4fa1WEYfCRrjtpHRG+i96n15StFvPHtaqpY1xGP9uZNlef6FImZb2cFedog5RfZ69BJxGrqC3URzYUO4OOQpKUCMT4ciAUERzE0R9Kld5tg+zn5UH63tSgEJQioeuTvGL2KUHDA5lNMakM4ObFmM2lJVNHT99H7lw2KY6eIPGV7VFWQcy3RTI/KBqd6mYGHVysKqSNg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_142a8b6b9790ede6a84d48d71a773772"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_e14b91da74e797fa7f52e15c851562f9"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>wzHXPKxiG9sM1l2QnLchFZxZs+0Pxvz6IKPcgu7PzSP3r41mOQC7qLUuYM0r/8UJdrxIWb7vGCZwwecBtskehyLZgY44gScuMDbkh0hzv+ApDZNWpTFLaaL1DagLGtooxrLeYuHpEcOh7r2aCYlfR3GODTeCSdMX7Sdh5XsZaoszQnF7HH86wawW3Bao6wW9nIKEKfgUlSCKGWFObeJf6jYh9CHa7vjBGctyxInIop3pJVCwNVPp8I13Q+IaBUMkobcSsh5r5JLmItK24yBBSNIT4us1qh+GgziFb/XPbYUozsR/OjRLtS5B6A+fiWeYThpn0AJj1im00XW5VSR41Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>JBy1QC3oPVkdKB+9Ff0T6C5t+dfNATrVRbkCr8xoWuUqw+PlOadvKreK8M5U+u6Cr45SYSf22JUFKOhqi8wruGIqsx7paYWhvZV0g2P0frmJw7GL0cX2/hWxJ4wGHctsHDGHJOJZaVhvEAoAnhH/TLp79rTU1M7rcAcSh4UGJn0EK34UxHoOtXgqAtFX1lIszacyM1ZRWW8xUUTpR5R9bgBH5hRumkIQMf6JMAcUS3GMvvZKpO28yhlIgcxNMrC44qlTuZL+smxqi6FWzOgbwEHfr7ADgDaG9Wj3bti+eROZKRI2/y04yv+KeimKU9L1qGtN6A4NtAvb9GpQmdj7AtDvuw56aQT7CdHVNZnIw3TVf2HwJEdC5joUe6sD9OGyi+79+cBqqI/bDfyy0qfWbEI6yEcxtLFvVLh+ALLCkjs9WJnCapARAr7Pcn4PhzZsErlBDVU8q6u9hnSCw8clU6DYMojugIFPJHAxlRTbv0gPCiZamz0iPsDSU3CTJ0UDQUII983c4dBWxtn1b93wHX0H5perxOdHs1KPW8dk8duQ/iKmfeLXu8UJpPvhKqMcpNwL6w6dsxkf6gWZgH9THS2FYvHJhKBpUFTnOZ/jGBDRhT0ra9kV3uIbrc6T7nulOvHaOoBNM13smiLTPnNzoBSd3BDAX6n/S/yGgM0YBXtJG5t4hYxY0CZZKc6AcvacT9rqEIOD5+bBrMx7/Bin85UMi2GtmhR+DF2X7t7wXFdiaDGyeXlWBytqAOmwx61kyRSAeaJEjaIj/3TX4AekQvXZPRbt36GAFb5NWk49qPFfIqRelHHD8sFjSj0F3LfhrEP3MPNfeDU2FBHkq1obs/aAF8o0gGXvAS3Mh1N9mNWH+XkKsd/EeUsvjnTOOTeKRASE7NljqgkDMYY+OXpbFRlobQvG9dYV28o/Zqyfs3e0+asti4SW4wdrEtRxDg4kToDX1hBbzNsYhAYBdi5Ynd1vNg+D5+vf40mY4IQq/qC0x53ZoxrewVIqEYRLfVxmEe41SKSeZou4EHSnBXg2jtx9GSdgqBwsSzbvMUg/dmFSRXO/RLufdaJXlx+tp9z7CXRapjzAnTf9JkFDf3iDF5pKH3a3DHvVzHsE2EV+BNfGBxd8xL4iXIjlwAWrmaZjfLLdQVySrvfQhKFZEfEWOWh1dJ80Ga/nNIqIvtYMh4liEE8Di0t6hOx0tI7v+8E21QxSbkJHvzAXUs9WvxvRD/UEwqf4oE8A2terkUDtaXw8fMFKKxemWMfRUUGzF2PPKujRbtSLPUHb1gxLQojhKf6inTjDkuiYm0ljOEnmoNrJfhCF8nsHI9+ZURXOtFUSv7dzCwv8AG7ohkBRLxGvUv5xkVToZeyjYHNl+desVrADsWS43mU7b27TDzrLEYUbUkqCgeqsCQeGUXo6dntpooojeB+hdf99W3wV7O/V+SB5VLIJLcX0DDaGIkr2BLFdkgy3ATrlzx6uEvP0w984C02OznGHI/11O8FYFtui1VG1aUes99838L89Nse54gEfH5Z6tc8VE979SmLdTocmm4uGH/vx4KJoHyFjSD97MJHclLDXuXBjHd/eKnUNcSwAscLfUftqLx2KiM6LnEl8LbKGWyGtKu1Iq5+598ftTyO0n/7S2j+gFxz33hF+x9evFIGjqRFgqDsm1SXs7bmlQB4nYp6qqWhx073m44H3yTQI+mc2cAjcdG1oD6jNeruZqaO5HIXkAiHj36YqIH1SshnAJgbPmKg/Fpjn8ZMMz468dj12WexxzXhO2d7ocY/SdhKshv7fn4GlknrdetVMz96YRTGdD4qn4YTSFMJ4Wd4khmd5ufgHgd60huQ7l6r6XiFPvwrQG9ewQau6PNzsbsWmSMsVftuHDu/yMC6rHC3DfX0Uk8tuXnxEnQXq1wu9HJRPC4lpkmQBYNReFZxjZanb3oqpvWiaFziDb7Ae28krOtOEhW+O7DZx2kCtiBzGbcNuEWKJrOiXz9pLiC58NE2VgVDp56tnQT1L4c/eZlv8U39F6/xw3BMGBgG8Oadu3k0eIkgKB1sZE4iIfzPEkSa/lWBXmITQLiv4h3t2/olUXj4U95k9OvrpPlUNwXFdIiXwXjfzdbfQirbyTV3zowja+yH6Kz3RAcR3/H7xNNEiwKy1/w0jkBtGNKuNmPTEPtIxE9zr2vs0itGwfrUoOesFmhVIqKk+JSxERNYEMC5+x2Xy7J2jK6jRvWCa3wVPAjuLCSP+fEWhx3WphIeIEdq6TDGTjcdtBdA/3MXl5tJFZ04rUxdt3xvRuUsglgTKmRFL2E/UM1RgsvklJAH7ZxSOmi+xpUT5NmJsSsK4dWZLzv4B6NpFd0jc9JRPgrqUgZ8qbCRHH3eMQXjWJrvZGGkZeh+tnQOIX3K/gVL7EEUYxDIX6BWLFmBDXPGGSF1N1yJHGUZcKesAdCOMYRI6REaGs4JUrrYxKf+dZPsKTxnRPC//uY7VEAL9fGUKF02o6k+3YQzUoVwO4lN2+ISgnr8+r5zbs3D6y0h13cs1+78dmNOW3m3SXNUQXJC3o/Dn1f1wt7RYANTZl1zkXCZplj1BD5dOyfAwpCjuF58CzMXNEhk4VSrp7bXvGNgdfffwOyM3Tl4mDm47WXVI/fJyDV9A8FOJTyoHZ4OO72B8cqC8SH/CSfz/0iEuXbI2WyGXCdGSNkuGovFMPy4VZVgBBgr8CeH0BGkB9woefaSBL9VFJ68+5ZJHjhhlYDaCc8iXJZDUqlS9mplsmgeCoxaJksz+M0q1t64vr9WJQ4mnjWpY6SpYYD37XfLqnwqR67mCTRVQO7pBKNU8LguUzaitSK3tFcvU5HapWb5x7GL3RDK7LQIp8MWbsr1BDEvVViMoSRQqliiq2lH8yKAUcK6q++wD4f6QKXir9Kcv1PRlJ6YFvbEnYNwxvSfSGlsKeX8I6fbVFHcZuu4+yDW2oW7/IeZxN2Dm1YdWeO+0I+y8VtlnfVD4IxfMotvxxDoWFjk2ovx/6jsPE6RKU47fZctWOYZsxyDzkMhYtOtCy24XWdiv1hohWGVFSP9maPrpQvPed6BZpR9JYdr0J1iTfQA5ebCEpFwjdvtM5VQQIx8Jxw5oM+cF2/QUq7bEr0gHgg/Tqjccledb10/eiLfA350cD1NGNHl035Lr/RLXg3SRjgHtPxywR13BOYBTpJJ0EK3Zv0fJMjeoqaisUTAtO4h2nMEblL1zYNV2kz2Kt5rgunCXeOW9chTlzdloCqNv7vCKm5wEo9fG44oe+jSJp6j7kmjmZNYYreycE9cWfKsG3QzsnRjjAjR6tg6bv4e6u4NAwirXdjqTbH9hpcSzCD59ElsFt/D4rBFvAKttXGYprKjNOBPAgBdzl+ltHD4z9O3vbMa0XD0tTCAPlnDeHBBZmC5hVaXCEzyT8s6V8F6wnQaSFfBVTVxlFq+YdNJ9/R+QQEPzyeC2pPrd8fBMQA/iwWjkmbMKlbvAi/jafoQrH2CO/89h8abyob4DnvavnsoXcxX0hZH6ISG9Jh31H3M4ohgnbSVjvZnZbCONe5FdcZRwwxeICjmNTEbtuxvujNx4W3gk9mjKHCtnViaQWzXPzTwXuNIreOL1ucugnpNrPgi45mQuNGysgkxCxy3tLLw+cyGRwHouHny3mRSUcQpQN8QvIUoT0/mtKidz/TAyFwL1C72s5XtHawUc5wUpWtPNK6IhY3lfHN60z7Jn0oc6B+6KvZbDTfbxStCmnCcvDWLq2dRCzSeewKq0F2vIpj5xx6+xjvwIM4tOb3BgmeSggOJKxPdAq/3E1bxOua0Tpghz+mKPgVhvDyZwKkG/7dNf5bvrBtw8tkm6U8sgRNU7gmLnklUrbj2AIwnt6gExPSsIroakQ22uYLxBiA3JNMd0YjLxyT9m5v+Ey+eL+dNsqxMXotbi98IKNCAYKWglXRS4m5vEQLpmpKqfzoGVWCQ66HA5mGMpOnNrTImJuI1NDWFoTfauyVpPjUZaVV2bh4LJEVTuoiSt520EdG91cb/8cARNP50NhwZCCyvSZpL0ficap9+K43hSMNAzgFtFbeUGgGGG8Ne/PuJuHX8ND0OSiVngwOilYtWDljdV68EHZFAiMBvo13mZy5rBium8mnSGaCV7ew0S5aVeiTuQKHQgM1kSLPvmtKXTs7J2hix/HJB7pHPh6q5e9VusutXi6deKK5oCJ6yjmNVJ8BbNSbJLm7qisBCMteZA/3J/sd3sDHW2V8Ac233Qcqvl0tMnd/X8sOcPSGX6wac3HkC3i4Q5Nod5VTGzSs/apUAktbLrzkYFdZaf2OIvmuuMRDM4w/CpKVAyr8DGoH04dPRmrjWp58WhR0lUh4n69Bj8fHBLUoZlNs5skVm3ALL2sJlSSpCNUhKaSeo0SgAbwksH7apFumVIZvzS8FxR6M7sO5Em0dDTmE93kxb3gMdOOkYjtWaR9TSTpOjBxRAVlLxGoMTlukE90KZwvbvgjnJm7a0OVUFXNzVE25185IvlcovRJSojU+tLrzupO4xR5GWd1ZmIT/OvYQtozd+Mlz4/GFR0InbR/V3/otwBbflnzyppa/L6TUeEOxLeenIx5iFBO+iq2zcM66mQc3Q5HDpO3r8v+G5tY0y4M7PG7sYTKyz/UCn1N+rFK8Qa3DXEONVmMrjOBDIn883lpFUSQBV98TJz1mHksJ2z4uXGQtNhrsXhuc4CyXBMGoeMlS9Na0cmQ9xBtZ4WvmInzF3xQdvH8Ba4H28ECg32iAGl7nipOCYGxiqS2SDNB3F6mMtHBeyEqpsLGaaSHzSgMddX5r5Bzo8vo5evmC0EGv6+N+5am4ij4bMAPlsiApmLViMm2Ya96vvmxa0Po351xgfNo3E2oqlAnpXIOU4Q825OoDObdkpdDcuzn+h7ta8cwmXWadEDu5yxZ3aVWpdkg3yQjt0hpspPPR1NnbzZ/+9POjFeoaFDea2pNuYO+2p6OGl1NMRp1xTMMJveZqNwAGVgB1mR5wxOFFZtYWdTHD0aGwml65wlloqmafBmpRVYzmAO5yGwKW7xLEO1PZiP3lYS82V7j8Wjfq7WcKOjT+DidmJfLMIQP2xvtNDkdHUr59dVTcJKDcaraHOfgF82iJjB57RU5DxjzXY14i44p9aQ3mxNyUh0kzW1z7daM0POa8v7gQhG3VPYX5k/GZ4eJLRYxyS1lYEO1I6w+E3vaHfKK5sf2hNbGU0I9XsQcuzTQpcbnohRi81gkchd8HMpq5D068A0WW8HHn6GbDah0eYrdDbwr1k7RUkG/E1vP+6esMAeoE6VVsBTyLtrqrhIZ0xJmGCOk0Kwqzke3kXK/iYiJgZatmaLxfDL7mAvUkE2GCdgrQDzl9Xlj+IHuH6M+9gIui1HvOkizHzMlXXzCqWHFZdj7wsZJYjZUmDyOINWoKu86CnmHPRmTfAPBLJvlBiADfDGlU/ZcwQzelK4s0qK/7hczyNeapKCeCcUEusaBBbihtkxA9fGlI4isWRWGBWSLSTPq6LbEN8EmRsM6WuX83uSVNzr+YC5hFAcFBIzRdvd2x5mA2AmoXGRSubN7iJWIcoDCxGC0udgeKr36dzuUu0JHkcZPmBmNWYq9mU1LcTUV2gHVq/Fd5O3FR7nwFxSIkQkiPftymqyTuCXn4PAkDo9/lvOD3bjUTncStWDGk4S9/h5edABGjN+TEg9TbTbuT46b80Ky+Bn1+j3Y6709I7KEY2wruJblmNS7vFj4JQTTgkSkveGoKXTz50+LVESPFjXT3UmaZxTDqdpzbA8viYgCNP/edKKSqfT3Kll9CF5Egzm0t8S95HdqR+zhMa+F6FzgCpTRJpdc+TlBXMDnqEA4QKBBrxea8+UCUScSZb3gyDiZ2tpdvOZAZkWbV8QFShmBHe4YW3Unez3uwiwoErNE8VPVuUy976nWVCm+mMvq5kWAS9lF1FDx31h6dZCQTFgm31M8BikDGpY1pagRHkMC4AQlZqzv3eDDfTeGxdBLkKQkwz1mR0qCOpbs8qZYtJHE9DYdvoDBNwZXL4F+uYbgafsXSZ/GiRLPDkNa0bZb8Zq5DDZw0VBjFE0SAlqDrISBImh+64t4Soqj0BdrJsZYn4LoDiH7s3kJIi5wwIjCbrxJ2s66p3Grhbgk0dNG/dc6B1ry4eSQYgRrv0/lpPMGCVq3Z1+JI9uZmbvRQM0tv/w/nxGRiLAd2Q+VXvZAo6bAi/GyNH//R+NBoU0tk5JU7XP7a5yh4aYzGOhk/oTICVDRF7jpcx31ICtlDmgelnj6Pcjo0jDRyAFrMbDSPF3vN79szF2Xm/TmaW3DczShm8AP5xu+yQvO0k1aMByAibJerzon+tEfSX1q9H37xqhVbfjpem3ZyjonvQJJqnzZaH23a2W4v3gvdQHgDIclZVN9I184sQAP3zcL1woI+iMLRKa930PGQzUUHVHrbh3TFJb5RZIZttyyoIhby3QguyTjpGbILmOsjeda257GdjvzqMFvxRZO8Lb93qhm9zAJgOdTR3r0CENBimThkZ0eGz3CiuDK3yDoDly44HhubWOaA4iCgJGdPDtZvhS/ioVL+fZ3L63zKchKd4d9y1ey7bDgO6rei9z/xSIDKLFf/P+edNlHYEJFZQbOYFofA9fF5ChkOAtloKFxtUYn3j+w7AMAZZW09374P/svRqRNbvR1lH9cAl/r0PqfqZZKTRbUzBEqdgdXfs+PZ1q43qjNDhZXJLLqfvvKv7JzxBKuwlnlUGN3KNz7BbNR5+VtoGevZOB6ljMd3XTMOQjDKouIXiIBQK6d3BJbaby/SPWcp00QA+mOIOEbO3EIP4ME0qDWdZSm3fCEjpC2Lm3OKnhqulKmpst75Pi+w09S/Fheyop5AM+1oclDsKyqr9OGbXBCMgyUd0T4mp7hISOnn+ePLcFeWCfRGISFK8x13tHNZOohsMrEGMfOesiudVyltSlbJIEYGk/jKsxCCwxpIm228gGOAvpODQyobAABV9nPSCazWoijZwVISoMNR9nhl8/DXoLJQ0apbYFGizAiNKBKrfT7uUwE4BZ2bu8tvpRvrqAiELkqLh2MWGYpJiaqee6JhtfRyMQrOYQyqgS7YBcoEXsk7Htq3isi+weJ73/vd4X8M/HZlQ1nO7HpW9sUg5Xw1lZB12Bd2oVgj9S9UvEG6k+nY4zfvivPxyWigq1iY/xMTA9jcjJ3ju9c1R3X1GaaGyGC69Qu7YutISncpIDYmTHR6NPqv33LXzpFjgUYxYY02WgvCh+YagQtOhJ6KyPsOkgk7lxOC+hjBABSNzQoLgQ0ciBl9b1oCogpp4cNQxtt4bcGrgRGqrc4UcLl27/mCp+w9uoN4pYBDIO7lAgXW983xexL4AsNkXzs8WdFcWRtPg/iZLU9ff4y9Ia++I48QmwqufqICXdBj7adLq5jHpDH21GKL4gzFGwSGfRuiDI8WJh+xkilpImE0rJOsMj4tKE7aPWaNO1y7kjktdLP5Hgj1Hm/iUtVG450jSyklowBlHRLffdHCQqoLDZfZwnspwUP+zQ+uZcFXNNrYj5JENXFEBK6If7P50JDx5v++RD7rV0wzlNb76Si6/4U67ic1qALDwIYQQTKXasDGfS/PCuy6EADbgnncfzUfb8+Tk3+q+ppfeEsQtZoN7LaG3tkm3BR/eZG2RXmZtzeC+ZOmKTA3Fya1En8+hCi4oLdozlAPkXd9bcIMdZ+oNFmCmldGimuNG5qRDG8S94tPYemiY3nWgn3yiHTypYYpz/fft+SxFeX8oOCqJCGaylZ6PPMvFrT1SWqoX5ZKgK2CMTT3LhQh7L2WJ27uyyDpDIbM3Q/mQhjHv1naX8FgGpIIUMAB20cjIEFKgLjj1wSH4bSz/9ihjRW4gfs96P09BCYs65KeEoLR66fva7/9Odc+ie4A7FEIHGbrlE/2DIdeWS9ESJgs0HDXwMOlEujoV9uk9rKF7KrE1/JkcmxSey4w1/PCJcxjbS4H5S5v+FKhCazpr8tMznuYgm+odnMPdcpdy0JGjl8H1ziTK3iXoiweTqqQr2oP705X+4CywIZh49N7ZMLVAjS/LGNtMa1KLKAc4v2bL1BSOqOYZWIaSghHhFu2EMYfcJ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-12-12 11:05:21,460 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-12-12 11:05:21,460 - INFO [Shibboleth-Audit.SSO:?] - 20191212T110521Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_irf3wo3hzk9guaflucsxhpaxsddtjtvjrq6hbuh|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_58ab4f8f45cd700e7b89fecb39ed9054|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxFbHyazRFwY6n1UqFrA1of22Ce7KTyzX7j7YsWQXHB/4kCYDh/sXzxmr76F8e/aYLNXo08K09R4l2+1gEKno05l7lOehCKyDoKPQMMdCuOlTAWexvY+bpguoWI593j8FBzXMXFr496ok8KY/Xxkf/HD+KzK5N4Nw=|_59e7daaa615c427edded6905184f31ad|
2019-12-12 11:05:40,015 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-10273-gmT3z1eUnR52l5NiiFkFSkD-Mh6EHMKr
2019-12-12 11:05:40,015 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-12-12 11:05:40,016 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-12-12 11:05:40,016 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero"
    IsPassive="false" IssueInstant="2019-12-12T11:05:38.504Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>6XXOzXfFcWF/fmSLooKUDLOllYZf0sC30iklAV+NnQI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
L2PV7kfKHJgZCUlymQeBE1OpnqhmTjuAlKgO+rn0WeErQ7XP/rdVe1Dpn/UnqrZCrlU5J7I+bmk0
xsaQ/G5U9JK2kBJLfjJF9j9r1HEaHER9AmM5uOsc5LVliYHdbiQ1L5Ze4j+ZQky9uBvga52pzaLK
hk2R687ebmK8cyHXGUzk0n7FR6izMo7SprDu8trCDI1cZNHdllH2sZlllyD4nzWZCSlaQNPgps9/
OeyR1sHDIRVYWJGlMHNsZc4alfQTnsTbk0qmnH8/J3p8INFiwAymlEYnayTkEnP08VpEAmZlIzCz
gaRTHEJAnQC1Zfvg6tTTYHVCseH4htqUbn5mhQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2019-12-12 11:05:40,020 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:05:40,020 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:05:40,020 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:05:40,020 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:05:40,020 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-12-12 11:05:40,020 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-12-12 11:05:40,020 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-12-12 11:05:40,020 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:05:40,021 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:40,021 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-12-12 11:05:40,021 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:05:40,021 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-12-12 11:05:40,021 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-12-12 11:05:40,021 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero', issue instant '2019-12-12T11:05:38.504Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero"
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _hsaj5e82l8wwkrgxkosounneynppwpumbuvwero and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero"
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _hsaj5e82l8wwkrgxkosounneynppwpumbuvwero and Element was [saml2p:AuthnRequest: null]
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero"
2019-12-12 11:05:40,022 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-12-12 11:05:40,022 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:05:40,023 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-12-12 11:05:40,023 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-12-12 11:05:40,023 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-12-12 11:05:40,023 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-12-12 11:05:40,023 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-12-12 11:05:40,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-12-12 11:05:40,024 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:05:40,024 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-12-12 11:05:40,024 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-12-12 11:05:40,024 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-12-12 11:05:40,024 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-12-12 11:05:40,024 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-12-12 11:05:40,024 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-12-12 11:05:40,024 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2019-12-12 11:05:40,024 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-12-12 11:05:40,024 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:05:40,024 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-12-12 11:05:40,024 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-12-12 11:05:40,027 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-12-12 11:05:40,027 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-12-12T11:05:40.027Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-12-12 11:05:40,028 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-12-12 11:05:40,191 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:05:40,191 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:05:40,191 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:05:43,206 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-12-12 11:05:43,207 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-12-12 11:05:43,207 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1504379707::identifier=rick, context=org.apache.velocity.VelocityContext@1ef78756]
2019-12-12 11:05:43,211 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1504379707::identifier=rick, context=org.apache.velocity.VelocityContext@1ef78756]
2019-12-12 11:05:43,219 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d049cd65a2769bcf7e84c3c8592efc0b943333a1e6af2a5bb195b1a8288bb4c6 for principal rick
2019-12-12 11:05:43,220 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d049cd65a2769bcf7e84c3c8592efc0b943333a1e6af2a5bb195b1a8288bb4c6
2019-12-12 11:05:43,221 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-12-12 11:05:43,224 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5344e49a'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-12-12 11:05:43,225 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-12-12 11:05:43,402 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2019-12-12 11:05:43,402 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-12-12 11:05:43,402 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-12-12 11:05:43,402 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-12-12 11:05:43,402 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-12-12 11:05:43,402 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-12-12 11:05:44,573 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-12-12 11:05:44,573 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-12-12 11:05:44,574 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20191212T110544Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1607684744574}'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5344e49a'
2019-12-12 11:05:44,574 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-12-12 11:05:44,574 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-12-12 11:05:44,575 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-12-12 11:05:44,576 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1e9c045b8e601feb51c0a9f3187e4d66
2019-12-12 11:05:44,576 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1e9c045b8e601feb51c0a9f3187e4d66 to Response _bb71f6ebf1200da5e3fe1a37d810e33b
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1e9c045b8e601feb51c0a9f3187e4d66
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-12-12 11:05:44,576 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-12-12 11:05:44,577 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-12-12 11:05:44,577 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2019-12-12 11:05:44,577 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2019-12-12 11:05:44,577 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-12-12 11:05:44,577 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-12-12 11:05:44,577 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-12-12 11:05:44,577 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:44,577 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxTmx+G1TmfF5b5oSVKk8jun6oLIYQYAPqRQYMDQXoQ/shXhDW0D5aTtwSAxd2helRbCCEEv5jlubvvHDMRHUNptEXyS8T2uDE2Qt5K67C2PpAPqTKoW8VK+suCDOaCb9UshTAaCh0lyeIvRJIG1pSkFXuIYqAE7g= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.34.32
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _hsaj5e82l8wwkrgxkosounneynppwpumbuvwero
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1e9c045b8e601feb51c0a9f3187e4d66
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1e9c045b8e601feb51c0a9f3187e4d66 did not already contain Conditions, one was added
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-12-12T11:10:44.574Z, to Assertion _1e9c045b8e601feb51c0a9f3187e4d66
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1e9c045b8e601feb51c0a9f3187e4d66 already contained Conditions, nothing was done
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1e9c045b8e601feb51c0a9f3187e4d66 already contained Conditions, nothing was done
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2019-12-12 11:05:44,578 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1e9c045b8e601feb51c0a9f3187e4d66
2019-12-12 11:05:44,579 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session d049cd65a2769bcf7e84c3c8592efc0b943333a1e6af2a5bb195b1a8288bb4c6
2019-12-12 11:05:44,579 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session d049cd65a2769bcf7e84c3c8592efc0b943333a1e6af2a5bb195b1a8288bb4c6
2019-12-12 11:05:44,579 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-12-12 11:05:44,579 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxTmx+G1TmfF5b5oSVKk8jun6oLIYQYAPqRQYMDQXoQ/shXhDW0D5aTtwSAxd2helRbCCEEv5jlubvvHDMRHUNptEXyS8T2uDE2Qt5K67C2PpAPqTKoW8VK+suCDOaCb9UshTAaCh0lyeIvRJIG1pSkFXuIYqAE7g=
2019-12-12 11:05:44,579 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-12-12 11:05:44,579 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-12-12 11:05:44,580 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1e9c045b8e601feb51c0a9f3187e4d66"
2019-12-12 11:05:44,580 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1e9c045b8e601feb51c0a9f3187e4d66 and Element was [saml2:Assertion: null]
2019-12-12 11:05:44,580 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1e9c045b8e601feb51c0a9f3187e4d66"
2019-12-12 11:05:44,580 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1e9c045b8e601feb51c0a9f3187e4d66 and Element was [saml2:Assertion: null]
2019-12-12 11:05:44,582 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_bb71f6ebf1200da5e3fe1a37d810e33b"
    InResponseTo="_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero"
    IssueInstant="2019-12-12T11:05:44.574Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1e9c045b8e601feb51c0a9f3187e4d66"
        IssueInstant="2019-12-12T11:05:44.574Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_1e9c045b8e601feb51c0a9f3187e4d66">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>fnTz8seC2wOibSqz9IDjxP6gLcGOvYG9unuwj7Lemi9P9ahv1PaJVxu+D1AUcMGrigdYHtpg8r1hgqRF8wQC+w==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>LrNTJjUu9FGVijIGQctiK0fLFWenhn4WWlsi9iqVxmQy/A6hJy4Ec6pEJBcWXezNVBBPNZV+YiC4bHiXiOpPETPZ87nuNERlyzcKlXh8cp9hy4WRnD0S7qdq55DtsMiC7mdgpOdSsR4IZZoQQO2HK4MsKJDpKGHZTmiEkIJzPO3U/vQXCrBjQCbt/oVY9PJgOwgNngJZe6kbIil/Nf8HoXfY6sFZ9Qcx8BVcD1hYYNseytKByZGcJd3a7YCzo/bXsKBd7Inqa7buWJ+s3TmTAxbXo1Pkb2Sh1i1iD1bGgbJMnbcnQ3cadGVZ5HgiT6zFGCP/Ng5Qc2JXs7EJ2dtjXg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxTmx+G1TmfF5b5oSVKk8jun6oLIYQYAPqRQYMDQXoQ/shXhDW0D5aTtwSAxd2helRbCCEEv5jlubvvHDMRHUNptEXyS8T2uDE2Qt5K67C2PpAPqTKoW8VK+suCDOaCb9UshTAaCh0lyeIvRJIG1pSkFXuIYqAE7g=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.34.32"
                    InResponseTo="_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero"
                    NotOnOrAfter="2019-12-12T11:10:44.578Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-12-12T11:05:44.574Z" NotOnOrAfter="2019-12-12T11:10:44.574Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-12-12T11:05:43.220Z" SessionIndex="_1c535f7ae027f2668c17b76f4dd62516">
            <saml2:SubjectLocality Address="172.31.34.32"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-12-12 11:05:44,583 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:05:44,583 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2019-12-12 11:05:44,584 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bb71f6ebf1200da5e3fe1a37d810e33b"
2019-12-12 11:05:44,584 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bb71f6ebf1200da5e3fe1a37d810e33b and Element was [saml2p:Response: null]
2019-12-12 11:05:44,584 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bb71f6ebf1200da5e3fe1a37d810e33b"
2019-12-12 11:05:44,584 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bb71f6ebf1200da5e3fe1a37d810e33b and Element was [saml2p:Response: null]
2019-12-12 11:05:44,585 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-12-12 11:05:44,585 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2019-12-12 11:05:44,585 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-12-12 11:05:44,586 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-10273-gmT3z1eUnR52l5NiiFkFSkD-Mh6EHMKr', encoded as 'TST-10273-gmT3z1eUnR52l5NiiFkFSkD-Mh6EHMKr'
2019-12-12 11:05:44,587 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_bb71f6ebf1200da5e3fe1a37d810e33b"
    InResponseTo="_hsaj5e82l8wwkrgxkosounneynppwpumbuvwero"
    IssueInstant="2019-12-12T11:05:44.574Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_bb71f6ebf1200da5e3fe1a37d810e33b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>IQsgUggyMHzTmImo78i3CLQkt/FZxemC97iaHz9mfDnhTLoilto2aMAR5/uguAEAB2PUMEFIAE3vodQvVS2N+Q==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>sje4o/ufio4Ky6JkXu1zBUpiSLMzek+8RSD2qYd3bE1Hax2S+gD81Wi+x3J0XAu5e7wdY/OBd0Iv83QLI6YXg8qtEyLCfGW5BKhlN9a+vNir3iYPrpGO7cc/MqEWRqofgRdpkpmgtM8EdeVCEKmAm4qNm90fx36G5H95qYI7d17FDPsdXUd5bMUswaBjwuG3TZ2cg+ShedhuI8NPGEKzU4cU99684V6CG5xK1rDCC7Yq7I6BOaE0BvffXqz1VyrkrH4irKPMcHBfH3UFe6eLA/Cm/ofOt5I2zS6lXRMjC24UaXWP0GxkhX/THcSgiwnNZjXW0OdYEpO18F8J2Is5HA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_c602dd9abd9c499fa87a5bc55c74d775"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_d246069b1adc4ccd334646d03fd02c3a"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>QQOZ0lhEwSrHvlyzipDmYzkfS7n4/zGuHZvzF9+nosFhHeBPM+b+uIoY1RuppwBbFfhuyQlwojTETh03fyqDukbh/i0G6UfyydwRWIh6PbVQrhyuPCT3jbyuDeK+KpVhk/KlB6mSCu40MrrZzLeFDxnr3THUxW22LVOBlPWXsiCFZC7Hdxte3iXLcVJ3bBdAJ2HGtNBOEuFNRTJPK5z4A7pAeVSIQRUWN+Et/Emj3zX5SEqUNG+I1mY7Ay4lmNHSFfT1zTX2RsAr9zdwHEYlczMIs/Y+Bc8xZhbPTsxX0QajX3+WZce2dvEhUfmy23PW0Yk9Fo0gyKoypk3vQTJ3Ww==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ePBEujLCZTdVFxzllH6g18FobW3LkmVsshN2MI1561PJO7S+eFzcR+jhWHKziPVNFWycDJuRiW58xf3Z9t0Xqiw9bNwEXPRWppxFmLdrYHNgtL0DIugutWxHltteb3s8I0nMrSJo0Mx/lH0Qv/LIVsJLTzRgwOU14sZsUZYUXi5c23w0EOl95lzuNwCPFJN4nqRw5Vf4P2BGVZQdUKJ11f7f8qpl+ohzLysdYGphmvG44FaLK/31wqJJD4UcV8H0IQjoD59G1yysPrG18B+zeTnSgRV4Q9L2Vh50e7A0tQLyEeqinyJgjEKbePmgmulb9mbhIVKJZBvc0lZJQtqrTfRaMnPesYhmvd47rQ/QX4+2ATaW20q6wPD4FfKrYAh7BmJvfInKWtRCbTfgxODk/pfXnTFU9L1Rb9vvkNFqIkNw9E1WrmwaMvYdu/Ww6JZzkhYFerny1NUem6E4nC2Jy5jQqY8HZX0uKqwkoyfhTcwJ9wTdzpSfQl5vhia9wb9qRs7+Fvp+vm59WGDlioFML/TkeiAXaA6VtnMxr0cfkW1/L5JRMNUCKA3Fq6BFmP06XY8CRGX5RkDVBrxvS1lbLFEj5i0xqq+LGsdMbLRBxoEkFUM56W/mOpPTT1k/IZLpBK5obG18RN4LhqrU2dfkImfoUCAh9kLPKzCRFMQsKYAvX1fjUr8AWCvbUpKG0C3tKfK8vBJQo4HyimG4kcYaWgA/UGKn1UlPqjrC94is6vUIAiGp/nNNamUAyq1pSrlfKfJKK7jtp+zyAp2UX97GIU73bLF8s23xHbTqNf1uIkDgEpnx5dztdCDLu38K926JVcu4aeOjD6O2iuT3z+l2Qi412Q0/g0+2IhVcxddDpDSJpowFQUb0bLZGjOrd1zl2v1mKoG2PPzndQXGIpbIGgUe42J9Z2ikJ0vEmFe6OzyHaxtaAwDPPRL7JoutkrbMY7vAgHvfcqsTpHTZznG4LOwY/Bnv/DkLE9ke+jydi86nZZnqJI1HUxrebTUgHSg/gjjuZM012802HEuodur9F4H9d+861EvEDspAhZ+YWz7E3yJK2nY9BARdRMcpF3/w/uOzMScc6IauRj2ipl0weFebbmJ8LCHrfWHCdXC3mSgu3Pp36w9mCgIMxPTUZ1Jx6ayASjH7T1lafl3JgQsKSNr5f0fW+SHlt4GS2UUvv8GVpYB3bd1X480ubuz+tcKZHjsMajxutNZkNxUWegxK904VEkRhg7kT0tLu+GV4dDm90jaGACTBsczrp+NhXDi7G36QXPWNxouMtsKVstWJLF8vlwMauyrPhaXJ4nh1gC9HaW1eB4rjheia7Qp/5e9TS3OP/6n027Gaj7kSg9r07biMMnH04hrYyz1+ac8uMz/I53IEpoJzropDDrDlSIicNe1LGb2nmlzlvQgVv9J8kljG6fInjBnA9v1wg9NLg6TkQrJ3TppRoUjqY3tsFytULyk0+YhdivvgDrKLl8z2aNE861nLDH/aKJpFjJADTR8TFmhghxlap3PO5NJ78P2uWHiopfiloQBQLx/ky6pjHTwftqPdfaaI2WQQxR6BWfv3umXjc9+gu/YllyhNZkgnpl/yZmQSr5XprwSwWTBa50vzFDgcj5CG6aNnrdP/Y23GLadFNmhI6TKWXiC7/fFallhXzUSkexCkmifF13YFIQlCm1tEO/e/L54bGyE9PJCNJ0bnmxuCL7bk3S2Xw/qb0YedJbZcS3jhGbVPeJJT+dtl7KqNv5Sg3diTxmlYk+BZhWQ5O4f1PCDR0eyTV66XArGbS3MyaGkYnbQN+naF1i1YogkS/aWW5qojWZy80hNx7j/ZqTZXXXkiPUYZOAVJAbzZPOkz/dyFjcNVImBYc/rL1679usHhWKnRaLnu2ZqcFEyhxgBWzgfA3wqLj7JclvQ5M3JxmYCIPFb+tQhP/HXKejPcFHn3keV4zxVKPn7d9JgOCRunTKBf2er+qXgRPi8Y5Hg6tdSpt/f1yp2twpeMA35WCAkfiPrB5qxVHxHbaytQpJlaVxhpXOhxFHJwf8u+Zeli0e+4Wvoj+RVvtA3GIPshjRPdj5sIHTJOg8n4Q7I11DNjtqkVlqd5FdHdMn7hi+zLTaIDoW1aSJboF0kwaucEjBhmEmDXLMmrA55RqWX3m2n1KwwxutTpWZzOgUwkg4dWU92nrC3+C5N2y5jCgtryrZi8r9uMJ7LGa7yPsKdPCb3IJZ+LbNJJSIxk9Zu/Pu7MFNIdZPlo2/c6OI8k0bArSz2ncB5ZW7WXa9Wo9uxowv/G9JsMqY6dRienhQWS8X6CtazQ7rmkFW/AIxwuoSnP6blKqJAuagZdMbXhYOLvWVY6wJFt37F9OInRCmdx26aT18QUqtDNZbET/LAl1CHeWeOXgaoJTa76/URKB7IO8PbkljvZ9uQiQ3ASp2Rp7jezc6yN04G0mSXunHXMnMsgDT9UaPosQHf2C70xoNQfpTDVOwYbZagyFQRyT+hZcq+k7UUWe46xYixvrvRF/ay5DNGFgiDyHWsIbuDKE5oNeEezsyiW04ZzTtHiuQIN9w21LMx1pbpAUVbx07TIK67s404NaiTNRUnQOG7nc4jisKI3LVNBHzDM0mb0DtbOLq48xmeGsRmsXpIYqheokNQD/G15zdKsvsIkJlwNk9vSs9QPc8bYoSeQlVHcbPIzLZrVJXa+OfPqRCotToAaF74P6KvBeaWtIWLztKvue6Dli93bcnvygVXweKE4rlZ3JFirJ67yk72krWVB1AXNvAk1olrf9a+MOCoZtpI0B/voZ+a8q1ajMwx7M/wTSwYXBIVkbfcaL05YTGtGPNm15LvOIOap/C1paGKSjShj1ia6LjXz4cUiEmMsOTOVTTauBDAQtiCt/S/arhxmTZjieN6nLsaB/PJihM86hTSXbquXkLdHb03D9PAB/eJWa10ObUT4Wdjr2/JAsCogQ3L4FpbnGkwj3Dc1jp6nAtwjGSwstE4AkyCB7ZJowBfRLe4pHg0W4V/+xueQHquJNtv8RaB68CXQsI1ZHL2hq3Wet4+kFoVuxceB76Ft4mageHobUxGuCIykmBRpCVZZZYB9D0GhFjWlTBYf9Agx/aMQD0Yp0zyP+bnDJ5ClirfUcopQyFUdZty1gJ8qq/lmyH2Z0jcp0v07dXkGvVIJK6NORGI6C4DpiBNBDD1FqCW6eZh4xqxx5LFZ/7nbN8lKRIDikR2Rq8Z4KI/4vMjLkcgdisxY9KJpSzuiV8Xt+Ok5clF/MnrIJ9DWJOeZ3g3vy6AD3G4adiJh180YItAsHKi2Xfv/A9bdIRbZCTf4d58zWIckGDAmKUDjV/usxP+G6cLn5yAdjUN9IeSQBDGeQcV50TIDSYKjf7h5LsPeLpO/m/Bchiz+ERwTkfwxk8yLACxehI5xuKzvmDaea/6gxAYNSQmLsxWmL8UHq9j7FFRXHCJRKoBwtpXYI+Ht0k7uVP8jUyZDmYU5n6GpVJYMQO6pUdsW8q3VuoLq9OFx1ap+Qp2xA4w/73ITIsuEFDWWI5ni6QJhtiSHa3wjveU/I0db6S9rSGDoTLvGoO+TLh+fAD3CDa62lFuWhqoV/waIkHyIcSgby/SvegEoJ1wIOFbroedlsUNCnMypuIsPrNFIHcnTHZ6jLeWq9rxJkXQt7/tArmGcTSN5n3k5oVdj2LNNw4X23TJgjf6OrCRfBmAMGlufEN3gxeQlpPNSGYX3hUm/N8EttUhjyB3EGzAAIkXPArea10BuTY1v4hTKG8QoHkdHMvk8PGz/hFBQ53+TIO1TH1jepaKctGxZ3mHjKN23hPVP3sLEIur0EQfufVP0DMiWujy4xa2wW/lYQPTSTp5ErFx0X72SAvXP/1/3SepyxQZhnE+nTgh9K4kv9GmxP6x26b9TS6QIJypya2e4lb4N6I3xIojp4dwzNWw4OQBSWPoU2YkIgK7EohLcC/pGkKeii3AV1B04QKWHEffsaJH7/kDEZ2bh9mQrawMgNKtLoqrYETcyzaZcKTkYToxDynINFbWWWWhGe1vpDH7nllsb3B0H1kEOSk14gtt1Xx6IhDeIl4MGaB9O0s30hJg1BLZCEZ8pP9CDZn4TUGU/GpU/7zvN5iDrh0CHc/aIqPjDqWtUvO2Gk+4zg725SOdpOBtp+pTXrnupgaCbzR+3g++C3YlaHFSW2gIi1UZVdXJznqbZgmze9pIZ8Ct3lMUYEXZ1Lb2uVT0HxrKXUwvrlqo0HWLJS9DKQlWGSFd1w7SU1fYX9JeTKXSB5AgCrG65SKMsrYbWil4TATa4aGxP6GGnMTtsac837HjAqyUMNa8HLnnsX6N4ozBRu6B9MW2NPM9m15KwNZDeJV2NP8Pc4Ww+qA36GK2cBU90pkIy7HRNA/16MFgFRC4VCg+tA/tiif/6fFiPGqmeeg1ancw2UKN8o991wYpkWMwyofWeX8+o0mHrGRqBbMfkcb+8QRkw5voArBf+gAKzx2kWsVM5f/ksEw78OXcX8zTk39J92/frJqAFRgLNePayDc75nOoQ+t5is6o1YYByNFmvKc8VNDVQXz/w63z7vH03GgVdJP+SkFYlaH+FZt7SP6/epkiS6lJcRTY+VPjy0Nh7Ee7Fk5Ic+xUtVCU1AaMi41I3Tmj/4kPIP39kaDdJXQ0pnqt1rXwWZmcdX2hDUAxD0TnDhodpIXvXH3seQR1MLKbBWWbmncOwtLmuGLiCngD3AIit2JJoZMy7lm47Wkk/kelsdUNtOyjCqOJPkGmaiG2YbV0S92v7hOJ9Au8ml4yD9qDuvJxQONBvJOEZ5KYYCt1G+yqXXa4cZaFsz42Z+2JUcgbKzvmlSID7ZfeaeAeZrPzvsMhqozqfIwkkPk9m49t/2hdy5G61YxfLqIjZMZ7DJvui0WcvMu8eW90o7IET1iELiKZIvv+uE2IYoryYT12QEVap68N9pygc2TtdX22mSdnDiFAZEIJY4wbiqP/js6RWAqkn3x9z6Mqbltj9H8E9fgv7ea/SJ0fk35iJ3ZUEldDENEyrJvTmjyw8EGy0hwZfoZhBjg+1X7xxjbRcvz1ohQSG24FmSYUvVhyirBDtNeIYU+FAVu7XoQe/MMZ79uTLolu8fD4GZ/KN3eSZqXwGH6lPj+NrqsA8ou8YbDhGMgxKDzKe7n4ro5TXzKbqmC98+ZIr2ivM/26CSws2Bje51N1TcG/mfbU7COOjn8VXEAkywqhP25KMVe8Girl+u1WOT1ZB4IH/AvNm95nHSIlaQ/VTdA2kVwEQDnQD+7rYng6onPB4qNnwL+/GSCtsUa3LoVpIUbjxxnKLlRfIaRVrn3AvSMsMOPPKM8gdzMDlgnu41SOZuwO9xQ5SC1gtoxyBN2ZIzkH/OVyJY3rj/y2YRfP32+RK0qRWIgvIbo58g2W2oPhmG9E5KAMjkuI2sqjsOCR0aPwBT6oVXpo5ukG37Il7NoaMeX3N2NjJMnR39X7NB84s10H1Pqj+rfKu8YbFCm5drBkcNZ/lEVoh8z3sfU8/WQZ1U6m9bfPOkewcD6XHSyTWZUIav1Sz9T2hWBs5Aosj2lPvhvggcxCyDq/yb1kz4Z9tCT7Jv1m3ga4OCi5pl0vDpvZw2OvM1RadG4/c5K2z08rSSTmrAuX3QsXMKQTWeWlG5ZokN/3nOJmW+jUIBCpBDxN5FpvLq7tfD5AI/8yy1r8aIQfGZ+L+GxIFOkvrUCV58qAbaDrO4WWhfKZpjNXQ9XRV7dYFUQv6R72yzRx9sqWu0cM/cBbbBjzWGC3iAf2RbkAN