2021-07-29 09:00:10,423 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://sso-neo4j.morgansenechal.com/redirect.html
2021-07-29 09:00:10,423 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:00:10,423 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:00:10,423 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://sso-neo4j.morgansenechal.com/mellon/postResponse"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_BEF1126D6F00026B98893BD5089BCEDE"
    IsPassive="false" IssueInstant="2021-07-29T09:00:09Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://sso-neo4j.morgansenechal.com</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:00:10,431 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sso-neo4j.morgansenechal.com' from origin source
2021-07-29 09:00:10,431 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:00:10,431 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:00:10,431 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:00:10,431 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:00:10,431 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:00:10,432 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:00:10,432 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:00:10,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sso-neo4j.morgansenechal.com
2021-07-29 09:00:10,432 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:00:10,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:00:10,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_BEF1126D6F00026B98893BD5089BCEDE', issue instant '2021-07-29T09:00:09.000Z', entityID 'https://sso-neo4j.morgansenechal.com'
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sso-neo4j.morgansenechal.com' does not require AuthnRequests to be signed
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:00:10,433 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:00:10,433 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:00:10,434 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sso-neo4j.morgansenechal.com/mellon/postResponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:00:10,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:00:10,434 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:00:10,434 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-07-29 09:00:10,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:00:10,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:00:10,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:00:10,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:00:10,435 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sso-neo4j.morgansenechal.com
2021-07-29 09:00:10,435 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-07-29 09:00:10,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-07-29 09:00:10,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-07-29 09:00:10,435 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-07-29 09:00:10,439 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:00:10,440 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:00:10.440Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:00:10,440 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:00:10,440 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:00:10,440 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 8fd47c2a622520d385fca2c04753e1a8baccfd28a18d18bd35fc271113218896
2021-07-29 09:00:10,440 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 8fd47c2a622520d385fca2c04753e1a8baccfd28a18d18bd35fc271113218896
2021-07-29 09:00:10,440 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:00:10,441 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:00:10,441 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:00:10,441 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:00:10,441 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:00:10,441 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:00:10,441 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:00:10,441 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:00:10,607 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'sso-neo4j.morgansenechal.com'
2021-07-29 09:00:10,607 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:00:10,607 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:00:18,865 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-07-29 09:00:18,865 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-07-29 09:00:18,865 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@35351585::identifier=morty, context=org.apache.velocity.VelocityContext@543f3c40]
2021-07-29 09:00:18,883 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@35351585::identifier=morty, context=org.apache.velocity.VelocityContext@543f3c40]
2021-07-29 09:00:18,884 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-07-29 09:00:18,884 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:00:18,885 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:00:18,886 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-07-29 09:00:18,887 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-07-29 09:00:18,887 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:00:18,887 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-07-29 09:00:18,890 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d8e6ecfc76a835aed34503035750cea6c0cb0acbee813e4ab28d407b1358fc19 for principal morty
2021-07-29 09:00:18,890 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d8e6ecfc76a835aed34503035750cea6c0cb0acbee813e4ab28d407b1358fc19
2021-07-29 09:00:18,892 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:00:18,893 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:00:18,894 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@556565bf'
2021-07-29 09:00:18,896 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:00:18,896 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://sso-neo4j.morgansenechal.com'
2021-07-29 09:00:18,896 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://sso-neo4j.morgansenechal.com'
2021-07-29 09:00:18,896 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://sso-neo4j.morgansenechal.com'
2021-07-29 09:00:18,896 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:00:18,896 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:00:18,896 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:00:18,897 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:00:18,897 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:00:19,069 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'sso-neo4j.morgansenechal.com'
2021-07-29 09:00:19,069 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:00:19,069 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:00:19,069 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:00:19,069 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:00:19,069 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:01:37,266 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: _ccb406cb-af30-41af-98a4-b3b53b5e9dc2
2021-07-29 09:01:37,266 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-07-29 09:01:37,266 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-07-29 09:01:37,266 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8080/SSO/assertion"
    AttributeConsumingServiceIndex="1"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_ccb406cb-af30-41af-98a4-b3b53b5e9dc2"
    IssueInstant="2021-07-29T09:01:26.444Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <samlp:Issuer xmlns:samlp="urn:oasis:names:tc:SAML:2.0:assertion">DTNISMobileApp</samlp:Issuer>
</samlp:AuthnRequest>

2021-07-29 09:01:37,273 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'DTNISMobileApp' from origin source
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:01:37,273 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:01:37,273 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer DTNISMobileApp
2021-07-29 09:01:37,274 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:01:37,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:01:37,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-07-29 09:01:37,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-07-29 09:01:37,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:01:37,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ccb406cb-af30-41af-98a4-b3b53b5e9dc2', issue instant '2021-07-29T09:01:26.444Z', entityID 'DTNISMobileApp'
2021-07-29 09:01:37,274 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'DTNISMobileApp' does not require AuthnRequests to be signed
2021-07-29 09:01:37,284 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:01:37,285 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:01:37,285 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:01:37,285 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:01:37,285 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:01:37,285 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:01:37,285 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:01:37,286 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:01:37,286 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:01:37,286 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:01:37,286 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'http://192.168.0.21:8080/SSO/assertion' nor response location 'null' matched 'http://localhost:8080/SSO/assertion' 
2021-07-29 09:01:37,286 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' did not match 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
2021-07-29 09:01:37,286 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No candidate endpoints met criteria
2021-07-29 09:01:37,286 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'DTNISMobileApp': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=http://localhost:8080/SSO/assertion, trusted=false]
2021-07-29 09:01:37,286 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: EndpointResolutionFailed
2021-07-29 09:01:37,287 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-07-29 09:02:21,320 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:02:21,320 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:02:21,320 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T090221Z|https://sso-neo4j.morgansenechal.com|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:02:21,320 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@556565bf'
2021-07-29 09:02:21,320 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:02:21,321 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:02:21,329 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:02:21,330 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _473be5b70cfcd8343c7969cf47a8e543
2021-07-29 09:02:21,330 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _473be5b70cfcd8343c7969cf47a8e543 to Response _d3ea5e553841c2df0491cf30216a5acd
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _473be5b70cfcd8343c7969cf47a8e543
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-07-29 09:02:21,330 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxfR9mMFrHOnro+h/4J5i9J9EiZy9Daj2oA/Y7GsAgVATgBgaGMH3xsxdYayr4bi1oYkUVyyefNY0Y1wPU2+3DlO8Cxw9JKcMwHUuHk7K3+kpYjslpwT3dV1wQQLiobKlEiRso8bRBLw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 86.16.255.231
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _BEF1126D6F00026B98893BD5089BCEDE
2021-07-29 09:02:21,331 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sso-neo4j.morgansenechal.com/mellon/postResponse
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _473be5b70cfcd8343c7969cf47a8e543
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _473be5b70cfcd8343c7969cf47a8e543 did not already contain Conditions, one was added
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:07:21.321Z, to Assertion _473be5b70cfcd8343c7969cf47a8e543
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _473be5b70cfcd8343c7969cf47a8e543 already contained Conditions, nothing was done
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _473be5b70cfcd8343c7969cf47a8e543 already contained Conditions, nothing was done
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sso-neo4j.morgansenechal.com as an Audience of the AudienceRestriction
2021-07-29 09:02:21,332 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _473be5b70cfcd8343c7969cf47a8e543
2021-07-29 09:02:21,333 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sso-neo4j.morgansenechal.com to existing session d8e6ecfc76a835aed34503035750cea6c0cb0acbee813e4ab28d407b1358fc19
2021-07-29 09:02:21,333 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sso-neo4j.morgansenechal.com in session d8e6ecfc76a835aed34503035750cea6c0cb0acbee813e4ab28d407b1358fc19
2021-07-29 09:02:21,333 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:02:21,334 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sso-neo4j.morgansenechal.com and key AAdzZWNyZXQxfR9mMFrHOnro+h/4J5i9J9EiZy9Daj2oA/Y7GsAgVATgBgaGMH3xsxdYayr4bi1oYkUVyyefNY0Y1wPU2+3DlO8Cxw9JKcMwHUuHk7K3+kpYjslpwT3dV1wQQLiobKlEiRso8bRBLw==
2021-07-29 09:02:21,334 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:02:21,334 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:02:21,334 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-07-29 09:02:21,334 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2021-07-29 09:02:21,336 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sso-neo4j.morgansenechal.com/mellon/postResponse
2021-07-29 09:02:21,336 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sso-neo4j.morgansenechal.com/mellon/postResponse
2021-07-29 09:02:21,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d3ea5e553841c2df0491cf30216a5acd"
2021-07-29 09:02:21,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d3ea5e553841c2df0491cf30216a5acd and Element was [saml2p:Response: null]
2021-07-29 09:02:21,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d3ea5e553841c2df0491cf30216a5acd"
2021-07-29 09:02:21,336 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d3ea5e553841c2df0491cf30216a5acd and Element was [saml2p:Response: null]
2021-07-29 09:02:21,339 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:02:21,339 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sso-neo4j.morgansenechal.com/mellon/postResponse' with encoded value 'https&#x3a;&#x2f;&#x2f;sso-neo4j.morgansenechal.com&#x2f;mellon&#x2f;postResponse'
2021-07-29 09:02:21,339 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:02:21,339 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://sso-neo4j.morgansenechal.com/redirect.html', encoded as 'https&#x3a;&#x2f;&#x2f;sso-neo4j.morgansenechal.com&#x2f;redirect.html'
2021-07-29 09:02:21,341 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sso-neo4j.morgansenechal.com/mellon/postResponse"
    ID="_d3ea5e553841c2df0491cf30216a5acd"
    InResponseTo="_BEF1126D6F00026B98893BD5089BCEDE"
    IssueInstant="2021-07-29T09:02:21.321Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d3ea5e553841c2df0491cf30216a5acd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>cxS1bwVwctY5DQ22Mx/ck73JomIbAnX8r7ecIYnCwqg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>PRzOQvaiwGvoZWYA//7XNIGLf79KbKIdSaD19Pa/NM/yDNjhWGfsCWcCPbvgTm9xY8JE84lqrTP674SIp5oVDOiNRreDjk0NbrI/evMw3cu+6R30GIi3urn0JXyOz5pQY07JPTGN/fSRx0DmgYZ6PfJym4BhBS+m1fpUbOdI5ITXfCUu7BSCyR7OQsWi9G96P1z1PWB0x5AGN8OAKKCOH7JOWyg8fUWwsYHGesarxNS5OOOrkVsGHmc+ZvSROZguNJ4hLkl3EHmYcOmvLTkPapaubYomnnyUY5Y4bAy9asKlGTmMgaR0uLLFmwFcMbVSc5AzkvOK4iT/26fvj0S4eQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_473be5b70cfcd8343c7969cf47a8e543"
        IssueInstant="2021-07-29T09:02:21.321Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sso-neo4j.morgansenechal.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxfR9mMFrHOnro+h/4J5i9J9EiZy9Daj2oA/Y7GsAgVATgBgaGMH3xsxdYayr4bi1oYkUVyyefNY0Y1wPU2+3DlO8Cxw9JKcMwHUuHk7K3+kpYjslpwT3dV1wQQLiobKlEiRso8bRBLw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="86.16.255.231"
                    InResponseTo="_BEF1126D6F00026B98893BD5089BCEDE"
                    NotOnOrAfter="2021-07-29T09:07:21.332Z" Recipient="https://sso-neo4j.morgansenechal.com/mellon/postResponse"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:02:21.321Z" NotOnOrAfter="2021-07-29T09:07:21.321Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sso-neo4j.morgansenechal.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:00:18.884Z" SessionIndex="_0265e9991b7654d8b928e79ff237d5c8">
            <saml2:SubjectLocality Address="86.16.255.231"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:02:21,341 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:02:21,341 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090221Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_BEF1126D6F00026B98893BD5089BCEDE|https://sso-neo4j.morgansenechal.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d3ea5e553841c2df0491cf30216a5acd|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxfR9mMFrHOnro+h/4J5i9J9EiZy9Daj2oA/Y7GsAgVATgBgaGMH3xsxdYayr4bi1oYkUVyyefNY0Y1wPU2+3DlO8Cxw9JKcMwHUuHk7K3+kpYjslpwT3dV1wQQLiobKlEiRso8bRBLw==|_473be5b70cfcd8343c7969cf47a8e543|
2021-07-29 09:02:42,388 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://sso-neo4j.morgansenechal.com/redirect.html
2021-07-29 09:02:42,388 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:02:42,388 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:02:42,388 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://sso-neo4j.morgansenechal.com/mellon/postResponse"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_D0D9066DA84039842C6A420D4BA63098"
    IsPassive="false" IssueInstant="2021-07-29T09:02:41Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://sso-neo4j.morgansenechal.com</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:02:42,394 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sso-neo4j.morgansenechal.com' from origin source
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:02:42,395 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sso-neo4j.morgansenechal.com
2021-07-29 09:02:42,395 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:02:42,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_D0D9066DA84039842C6A420D4BA63098', issue instant '2021-07-29T09:02:41.000Z', entityID 'https://sso-neo4j.morgansenechal.com'
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sso-neo4j.morgansenechal.com' does not require AuthnRequests to be signed
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:02:42,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:02:42,396 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:02:42,397 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sso-neo4j.morgansenechal.com/mellon/postResponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:02:42,397 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:02:42,397 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:02:42,397 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sso-neo4j.morgansenechal.com
2021-07-29 09:02:42,397 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-07-29 09:02:42,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-07-29 09:02:42,401 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:02:42,402 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:02:42.402Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:02:42,402 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:02:42,402 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:02:42,402 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:02:42,403 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:02:42,403 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:02:42,403 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:02:42,403 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:02:42,403 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:02:42,403 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:02:42,403 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:02:42,569 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'sso-neo4j.morgansenechal.com'
2021-07-29 09:02:42,569 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:02:42,569 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:03:47,609 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-07-29 09:03:47,610 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-07-29 09:03:47,610 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1529036191::identifier=morty, context=org.apache.velocity.VelocityContext@67340c2b]
2021-07-29 09:03:47,619 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1529036191::identifier=morty, context=org.apache.velocity.VelocityContext@67340c2b]
2021-07-29 09:03:47,620 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session e9bb520574ebdde2075b3a0e0c21b1ba360360757121011bf68313194a27b30a for principal morty
2021-07-29 09:03:47,620 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session e9bb520574ebdde2075b3a0e0c21b1ba360360757121011bf68313194a27b30a
2021-07-29 09:03:47,621 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:03:47,622 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@54ad9ad8'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://sso-neo4j.morgansenechal.com'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://sso-neo4j.morgansenechal.com'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://sso-neo4j.morgansenechal.com'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:03:47,623 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:03:47,790 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'sso-neo4j.morgansenechal.com'
2021-07-29 09:03:47,790 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:03:47,790 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:03:47,790 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:03:47,790 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:03:47,790 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:03:50,446 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:03:50,446 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:03:50,446 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T090350Z|https://sso-neo4j.morgansenechal.com|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:03:50,446 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@54ad9ad8'
2021-07-29 09:03:50,446 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:03:50,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:03:50,447 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:03:50,448 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:03:50,448 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _92485ee03d506644d2c888b1e44b24c1
2021-07-29 09:03:50,448 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _92485ee03d506644d2c888b1e44b24c1 to Response _9dd8b98cd7720b70b173d729a2cca1e0
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _92485ee03d506644d2c888b1e44b24c1
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-07-29 09:03:50,449 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-07-29 09:03:50,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:03:50,450 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:03:50,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:03:50,450 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:03:50,450 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxlmZQSWfRStY4QjBEcgzoJIbqfJCd3Y/aMy0gNomn5Q2pMpRXglkd4/cie2z19IGZXqLxPXA4mgV4mid73dneXRg6Fd5cnJHRrvbvrB+V59l44cS/7B6Vl7Hmx3unbGA6XN3jkM7Myw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 86.16.255.231
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _D0D9066DA84039842C6A420D4BA63098
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sso-neo4j.morgansenechal.com/mellon/postResponse
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _92485ee03d506644d2c888b1e44b24c1
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _92485ee03d506644d2c888b1e44b24c1 did not already contain Conditions, one was added
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:08:50.446Z, to Assertion _92485ee03d506644d2c888b1e44b24c1
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _92485ee03d506644d2c888b1e44b24c1 already contained Conditions, nothing was done
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _92485ee03d506644d2c888b1e44b24c1 already contained Conditions, nothing was done
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sso-neo4j.morgansenechal.com as an Audience of the AudienceRestriction
2021-07-29 09:03:50,451 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _92485ee03d506644d2c888b1e44b24c1
2021-07-29 09:03:50,452 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sso-neo4j.morgansenechal.com to existing session e9bb520574ebdde2075b3a0e0c21b1ba360360757121011bf68313194a27b30a
2021-07-29 09:03:50,452 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sso-neo4j.morgansenechal.com in session e9bb520574ebdde2075b3a0e0c21b1ba360360757121011bf68313194a27b30a
2021-07-29 09:03:50,452 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:03:50,453 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sso-neo4j.morgansenechal.com and key AAdzZWNyZXQxlmZQSWfRStY4QjBEcgzoJIbqfJCd3Y/aMy0gNomn5Q2pMpRXglkd4/cie2z19IGZXqLxPXA4mgV4mid73dneXRg6Fd5cnJHRrvbvrB+V59l44cS/7B6Vl7Hmx3unbGA6XN3jkM7Myw==
2021-07-29 09:03:50,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:03:50,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:03:50,453 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-07-29 09:03:50,453 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2021-07-29 09:03:50,454 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sso-neo4j.morgansenechal.com/mellon/postResponse
2021-07-29 09:03:50,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sso-neo4j.morgansenechal.com/mellon/postResponse
2021-07-29 09:03:50,455 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9dd8b98cd7720b70b173d729a2cca1e0"
2021-07-29 09:03:50,455 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9dd8b98cd7720b70b173d729a2cca1e0 and Element was [saml2p:Response: null]
2021-07-29 09:03:50,455 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9dd8b98cd7720b70b173d729a2cca1e0"
2021-07-29 09:03:50,455 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9dd8b98cd7720b70b173d729a2cca1e0 and Element was [saml2p:Response: null]
2021-07-29 09:03:50,464 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:03:50,464 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sso-neo4j.morgansenechal.com/mellon/postResponse' with encoded value 'https&#x3a;&#x2f;&#x2f;sso-neo4j.morgansenechal.com&#x2f;mellon&#x2f;postResponse'
2021-07-29 09:03:50,464 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:03:50,464 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://sso-neo4j.morgansenechal.com/redirect.html', encoded as 'https&#x3a;&#x2f;&#x2f;sso-neo4j.morgansenechal.com&#x2f;redirect.html'
2021-07-29 09:03:50,466 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sso-neo4j.morgansenechal.com/mellon/postResponse"
    ID="_9dd8b98cd7720b70b173d729a2cca1e0"
    InResponseTo="_D0D9066DA84039842C6A420D4BA63098"
    IssueInstant="2021-07-29T09:03:50.446Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_9dd8b98cd7720b70b173d729a2cca1e0">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>Ebqr1ZHvq60Mu7qiZGM6ZjtmVyVFseEorAtf+dBFYoY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>oOID8ToEQttb9QFTTOTjG61fYLWyI1namSxL4QT42IA9Eb+LUJ2dEbls0qChsNu01T07MZRcO9yXvd5uv6WBu4eg8ghiyJFsX7B2jMe+t3eGRhhQK29IfS+o+nMBcbm/unL5TbnjmVZ9FRnzKIedybxGwO4I63GUADM4ZMJkByoSYQJVXwlyAZ4EyyNdn5dsdjWtF18oagHnFXPuZHjgI2dR7BcjkbdsoqITmwmDh0kQkwpDdwWjbOSs9YKsTOUbFWlYTmsmq5+CU8sMWrck0b96aN4SLIuddcqopqg4lq8P8qRQckrO3Eo5V0HU8hs6wqLjVVjrzBPwMZpT6QlaDw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_92485ee03d506644d2c888b1e44b24c1"
        IssueInstant="2021-07-29T09:03:50.446Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sso-neo4j.morgansenechal.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxlmZQSWfRStY4QjBEcgzoJIbqfJCd3Y/aMy0gNomn5Q2pMpRXglkd4/cie2z19IGZXqLxPXA4mgV4mid73dneXRg6Fd5cnJHRrvbvrB+V59l44cS/7B6Vl7Hmx3unbGA6XN3jkM7Myw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="86.16.255.231"
                    InResponseTo="_D0D9066DA84039842C6A420D4BA63098"
                    NotOnOrAfter="2021-07-29T09:08:50.451Z" Recipient="https://sso-neo4j.morgansenechal.com/mellon/postResponse"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:03:50.446Z" NotOnOrAfter="2021-07-29T09:08:50.446Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sso-neo4j.morgansenechal.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:03:47.620Z" SessionIndex="_1c3203e5fd5661fbe5e0961ac63cdac3">
            <saml2:SubjectLocality Address="86.16.255.231"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:03:50,466 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:03:50,466 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090350Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_D0D9066DA84039842C6A420D4BA63098|https://sso-neo4j.morgansenechal.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9dd8b98cd7720b70b173d729a2cca1e0|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxlmZQSWfRStY4QjBEcgzoJIbqfJCd3Y/aMy0gNomn5Q2pMpRXglkd4/cie2z19IGZXqLxPXA4mgV4mid73dneXRg6Fd5cnJHRrvbvrB+V59l44cS/7B6Vl7Hmx3unbGA6XN3jkM7Myw==|_92485ee03d506644d2c888b1e44b24c1|
2021-07-29 09:03:56,506 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 0mU2eK626ruJyhfCK4ztWoKMnQ8qYFfsJSv8Kn9VfeuaAy4knfQHZmn_
2021-07-29 09:03:56,507 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:03:56,507 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:03:56,507 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-7ead64ef60633c991d7ef05ea8e07a06b3ba7f13"
    IssueInstant="2021-07-29T09:03:56.447Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:03:56,513 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' from origin source
2021-07-29 09:03:56,513 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:03:56,513 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:03:56,513 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:03:56,513 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:03:56,513 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:03:56,513 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:03:56,513 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:03:56,513 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:03:56,514 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:03:56,514 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:03:56,514 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:03:56,514 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:03:56,514 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:03:56,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-7ead64ef60633c991d7ef05ea8e07a06b3ba7f13', issue instant '2021-07-29T09:03:56.447Z', entityID 'http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:03:56,515 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:03:56,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:03:56,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:03:56,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:03:56,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:03:56,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:03:56,515 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:03:56,515 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:03:56,516 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:03:56,516 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:03:56,516 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:03:56,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:03:56,516 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:03:56,516 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:03:56,517 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:03:56,517 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:03:56,517 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:03:56,521 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:03:56,521 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:03:56.521Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:03:56,521 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:03:56,521 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:03:56,521 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:03:56,522 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:03:56,522 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:03:56,522 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:03:56,522 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:03:56,522 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:03:56,522 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:03:56,522 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:03:56,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:03:56,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:03:56,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:00,133 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: nfZAS4VIuE4PucOn5FIA9i0oMhOfYLo_z4Sa_Mz6EI9PIr0Q6A3PehWY
2021-07-29 09:04:00,133 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:04:00,133 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:04:00,134 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-b746376be963d650fa8d75b31c04203f68d1cb7e"
    IssueInstant="2021-07-29T09:03:56.841Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:04:00,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:04:00,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:04:00,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:04:00,135 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:04:00,135 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:04:00,135 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:04:00,135 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:04:00,135 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:04:00,136 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:00,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:04:00,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:00,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:00,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:04:00,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-b746376be963d650fa8d75b31c04203f68d1cb7e', issue instant '2021-07-29T09:03:56.841Z', entityID 'http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:04:00,137 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:04:00,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:04:00,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:04:00,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:04:00,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:04:00,137 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:04:00,140 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:00,140 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:04:00,140 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:04:00,140 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:04:00,141 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:04:00,141 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:00,141 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:04:00,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:04:00,141 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:04:00,141 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:04:00,141 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:04:00,142 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:04:00,142 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:04:00,142 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:04:00.143Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:04:00,144 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:04:00,145 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:04:00,240 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:00,240 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:00,240 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:03,587 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-07-29 09:04:03,587 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:04:03,587 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1080510239::identifier=rick, context=org.apache.velocity.VelocityContext@25966804]
2021-07-29 09:04:03,596 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1080510239::identifier=rick, context=org.apache.velocity.VelocityContext@25966804]
2021-07-29 09:04:03,598 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2da54f8efe4bf36048553da1897f75ac70cfe06e5b3dc96dee1574e2d6004f2b for principal rick
2021-07-29 09:04:03,598 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2da54f8efe4bf36048553da1897f75ac70cfe06e5b3dc96dee1574e2d6004f2b
2021-07-29 09:04:03,599 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:03,600 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@550f0e30'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:04:03,601 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:04:03,693 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:03,693 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:03,693 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:04:03,693 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:04:03,693 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:03,693 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:04:05,631 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:04:05,631 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:04:05,631 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T090405Z|http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659085445632}'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata]' as '["rick:http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata"]'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@550f0e30'
2021-07-29 09:04:05,632 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:05,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:04:05,633 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:04:05,634 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:04:05,634 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9215cf74593a662c64749c8e22e25fba
2021-07-29 09:04:05,634 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9215cf74593a662c64749c8e22e25fba to Response _e56b499eea52ed044371eb689330d8d5
2021-07-29 09:04:05,634 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9215cf74593a662c64749c8e22e25fba
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:04:05,635 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxAs21j44n6f+kWr/O9hiQr0W1Gpj9Id20u82JYDUCpmVhiqUrm9UOSXjjbXNmdhp8GtPjbjthsM5/9vlYFgj3AFWhIqjaiO3RnucQVvOvES1Tg+L72LOiDUOygLvdHvE3NKXX74y4SZFYWiQO451MTcemV/nKrubAAgWLqJu1Hr1bjrC8qJl3lA1unA== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-b746376be963d650fa8d75b31c04203f68d1cb7e
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9215cf74593a662c64749c8e22e25fba
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9215cf74593a662c64749c8e22e25fba did not already contain Conditions, one was added
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:09:05.632Z, to Assertion _9215cf74593a662c64749c8e22e25fba
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9215cf74593a662c64749c8e22e25fba already contained Conditions, nothing was done
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9215cf74593a662c64749c8e22e25fba already contained Conditions, nothing was done
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata as an Audience of the AudienceRestriction
2021-07-29 09:04:05,636 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9215cf74593a662c64749c8e22e25fba
2021-07-29 09:04:05,637 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata to existing session 2da54f8efe4bf36048553da1897f75ac70cfe06e5b3dc96dee1574e2d6004f2b
2021-07-29 09:04:05,637 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata in session 2da54f8efe4bf36048553da1897f75ac70cfe06e5b3dc96dee1574e2d6004f2b
2021-07-29 09:04:05,637 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:04:05,637 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata and key AAdzZWNyZXQxAs21j44n6f+kWr/O9hiQr0W1Gpj9Id20u82JYDUCpmVhiqUrm9UOSXjjbXNmdhp8GtPjbjthsM5/9vlYFgj3AFWhIqjaiO3RnucQVvOvES1Tg+L72LOiDUOygLvdHvE3NKXX74y4SZFYWiQO451MTcemV/nKrubAAgWLqJu1Hr1bjrC8qJl3lA1unA==
2021-07-29 09:04:05,638 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:04:05,638 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:04:05,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9215cf74593a662c64749c8e22e25fba"
2021-07-29 09:04:05,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9215cf74593a662c64749c8e22e25fba and Element was [saml2:Assertion: null]
2021-07-29 09:04:05,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9215cf74593a662c64749c8e22e25fba"
2021-07-29 09:04:05,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9215cf74593a662c64749c8e22e25fba and Element was [saml2:Assertion: null]
2021-07-29 09:04:05,642 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e56b499eea52ed044371eb689330d8d5"
    InResponseTo="id-b746376be963d650fa8d75b31c04203f68d1cb7e"
    IssueInstant="2021-07-29T09:04:05.632Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9215cf74593a662c64749c8e22e25fba"
        IssueInstant="2021-07-29T09:04:05.632Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_9215cf74593a662c64749c8e22e25fba">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>yWFIxAnLYe9j+Qu90/28QliZmK2fLFFeym/YHcAnU3I=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>K1VymMbDALR6j72wJrtSSbe523Hzr7leD935P6hey/nQiU89Z7kPjaXsaTOLdM8nd4eqz2lxCyHusz16X/cYuvrx2O3HE3dc6nKCWzO2yDMXnIQAHnXrrD1rIdqonYtn1eDHFlo+u/kjtlrKk/TAq7MM3p8ZXBJ1ByP/6XbN7DnLWKRTSuoyRuS0K2f25/kv/VTb34L+f2AkZ6fOMyxn3lr6AlIHIgrj79ULdxHl66xN5ftkt/ifE7IE2T5hjX0aRGYvJZrtNcm5cUUak9GiUDAPIckl/QeHg24aM/eGqyfLunair/SWYi27Hq4NMDEtvzqCfkfLCuwlqy2iD0ohVA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxAs21j44n6f+kWr/O9hiQr0W1Gpj9Id20u82JYDUCpmVhiqUrm9UOSXjjbXNmdhp8GtPjbjthsM5/9vlYFgj3AFWhIqjaiO3RnucQVvOvES1Tg+L72LOiDUOygLvdHvE3NKXX74y4SZFYWiQO451MTcemV/nKrubAAgWLqJu1Hr1bjrC8qJl3lA1unA==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-b746376be963d650fa8d75b31c04203f68d1cb7e"
                    NotOnOrAfter="2021-07-29T09:09:05.636Z" Recipient="http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:04:05.632Z" NotOnOrAfter="2021-07-29T09:09:05.632Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:04:03.598Z" SessionIndex="_b156c7ec1790afd32dcfbdc8c73ab896">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:04:05,645 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-07-29 09:04:05,645 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-07-29 09:04:05,646 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e56b499eea52ed044371eb689330d8d5"
2021-07-29 09:04:05,646 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e56b499eea52ed044371eb689330d8d5 and Element was [saml2p:Response: null]
2021-07-29 09:04:05,646 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e56b499eea52ed044371eb689330d8d5"
2021-07-29 09:04:05,646 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e56b499eea52ed044371eb689330d8d5 and Element was [saml2p:Response: null]
2021-07-29 09:04:05,649 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:04:05,649 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.102.87.106&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;TestIdentityProvidersCRUD1&#x2f;saml&#x2f;acs'
2021-07-29 09:04:05,649 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:04:05,649 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'nfZAS4VIuE4PucOn5FIA9i0oMhOfYLo_z4Sa_Mz6EI9PIr0Q6A3PehWY', encoded as 'nfZAS4VIuE4PucOn5FIA9i0oMhOfYLo_z4Sa_Mz6EI9PIr0Q6A3PehWY'
2021-07-29 09:04:05,651 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    ID="_e56b499eea52ed044371eb689330d8d5"
    InResponseTo="id-b746376be963d650fa8d75b31c04203f68d1cb7e"
    IssueInstant="2021-07-29T09:04:05.632Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_e56b499eea52ed044371eb689330d8d5">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>HX/MDld0/DEUAWMdNTWBv97rL05T/PRsvyIGsBltA4w=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MrzNNT6YITKdKBlsQfPOq8OBxHQSd+nEIq/SPguR3HFO6xd87kjOHtUlAosFg2qdn2F8IFvLixb95/VX6WUl1PzRuLEvO9DQvt/o1+urPHsMuU6ECwM3kjub57TNIMFWBAUaaY5grJeqVcxGVDBRp5oHr/daKOveBxhIzeDdp/hQFgsJUzXm0s0y/AVA9cpMWRnXRXQ+ijqPwU3FRV4ZXaCujo7Rruo5pXv4tfgLYxmM5ajeTDvjej7Zr7gBG7kJJJ9jocVfIC6G/Q9wdi9NUPG0xA8E8o9jNtJICudQxZBS1ApB21OdFsMCG/VNGsSVyg5L6dwBI8uTiv7ZzOR7lQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b86721168f14dbd0a5b5e334e5f5b9af"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2d0e9afc81abc4a92f6572f166e44903"
                    Recipient="http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUay8Y/lqzyNHVGdG8jeH7iOjlv+4wDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA3MjkwODU3MTBaFw0yMjA3MjkwODU3MTBaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMWFPXTBz/te58RBleUcYaTFMHZs2K1TB4qEGHEp9bX8iKq4KAqiH23hAAdep7DyW/ESPwydW9
qhL1iqdK0ZXn5gh+ABYmrirkGWOWXbSes1SsXgBd2WyQbjDXlu3oFfWzj4QuK2unE9xMhREVuKG/
wB74z9MefBTg5ofoDntLfM4BT7KqJL89Hk1S9kI3PaS8685JE7pNaPQ/pQ5Dgp9kM9S4TlnYA5kn
b6xC3jtnQLrLljJgan972hnlrY3fRCq/IG0G2ysLMndsNHlxOn4ky3CaL7DpS+vu72E0Kavvo29I
6jk5Ezl/zL4kFLOnZhyW3Nv2oRIR8eFqu5dsupenAgMBAAGjUzBRMB0GA1UdDgQWBBS6pHwz+M46
OdHN3IeT/UqayqtiOTAfBgNVHSMEGDAWgBS6pHwz+M46OdHN3IeT/UqayqtiOTAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB8FM1xHIpsVM9c9++Ou+SvrQ9Op4U21YABgYYIDQkN
if9xh2/MUlHXso1LLyXbpTP4ws/Sm3gFuAxiMYbrt5SsXzKUqcTx8fOHRHyYqQCIJZuvUAfJZkNI
ENK0u+lErCybK8Qf0B/CfjqRdgA+GtoACiVs6fpQn+58EANU0OKiyq6Q9fm9F50+Ts5rlAcpccCA
RtviysLw8hZDMAFQXAvZjIn1279svOzDkNo0O5cmqMmF7Z1CGjoRVYJvTm3WHp97TUwAIUjn3th2
t2rpJD6O11A2EJejifLbHZkKQs6bt8TKLPsXcH4TXHGLqRf1UDX0zNyYSviIPSOvL/9MhqgT</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>VBPrRwsmVkuewwBQvLOsj/H0OxdHlzvhjgXtbYS629HvopajKDZfAYS/3IM2VLvYVok18spuM7V1w6lHfOwZhlhgcOt0gytC0mXYl4GadgxHww6gFKHHdc4Ouh6F4PepqBWmFVPTLd2QoQtAcbq0WOqKg5F+qUYviQrRiYp8h+i72hhnQdpWRhe6/99xlUVkyTfc0nhU9gO4Bi074NAaokMZLJTWD36a6m6fwoCFnlfVD14Mkb0E9jtESnxJCnR5TDW7JZf8xcTB/pFWsAZmo3DrzvauBEYRkSN4nY20K/0y8ussc+iwOrHnRrHSnjyRWxx4UJiQeDEhDVHgzDZeTg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>lo1rQTu5NjryOe/f8sxFFhtOPqCdgt6pVRQIjQfBKABpqQPzvorIZt1tAZ++0rE7NF7Lo3UnodA36QtSqSmJJcgI03DnEHmVEiJyYAyNsPC9thwleqhFhWHjpGApVhoNcdeGj/5+qTYHTyE3XCErI1PcuxDXPPszK7Q/tFrJNuseIvGGsnHzkk7ZxHT2bKH47LzuzilKz+V/PeX51adnWDZkj7xJQ91REnmH8wSr7Qkd8KU8KuFdC1s3RHQF8aSvMiAjLlwtcOGs1X9FUou2v9LimH2B6pXirbubkcx9qYXM4ZJhEnn04eOaMUnm31GYPZlmQ172kRLewUwizLxx4BfwyQzBxwQxqkyAklOKJFNdFDyZZUzy8HATi0TwZXQvj0GANT2m2WV/E5oiNvfjqCuF0t4mGZ/MRmCM1S6Y3Mphihjfww8HMhFHGOvz7M2BzNcKXGjd+3wIxhG+eu+Uq+kK166ynzatXJ983/g6av/QMsZqr+AY5yABlOQh2rEE2omYmLq6VE6shqIqoCY6IjCHLMaQliApY56SsSCyFPw3XgThUC8xJTgi/8dxCDGWrZnpiCZtU2XWl9l+v1CYUtZPlvVuQuMAfy1h86hOvqn5rAKtFj3cyue1VEaRryFnD67VmhAZhRbTLOHYXYZIa/RE0jln4YNiEXnZy1n00Gj/qSrcPtqM72OtrFktHXTVrdQfIVs02Ycf8weyBq8AemvY2wM532A2VI6TubQOcnRvnbPyTSAzY/oPe4+nHPhkQKYqzX1N5+CcLzl3+KBgEygu79LOAxQQQ56AyY6b7WxM2g8oc8wEX4Vp6keteJjACOCRi2Ck0VbehX9VGWrgPDSfNPwJ/nRxZEQDFi6HysYSjel8pSaLANhsOHBKy4ScuyG1aHzJGvnn7AgpllcRBRWDvGh64wTnzJ8Vo/BHByxYKLVPYnWT4BpAE9p6lbzjbCvNnFP44lr8Gls321aTv+0qykSOxt2chQqCfBc4LPM661x5cxUnEy6nyMmLZj0XeT6vaeo5nrcK+jhyyQzHlVm7sYi0OeILO7tYpR13w3WWh/+7CJCjQWZR9jMUZqmfJdX5WHpCiMHAvqW22/8SIg9AAv5aLY2tanyQFnDLVptzkRvjEA6VCqh/URkWqNn4hDrttS1Az7XYlOpUp/08kraEjAw6BtNFFPuBvH/9E+Zog/WtE+icKFxFhTdA/dMKZQF26YKHvu/vlBKx2Ph/FNEs/+g3CCmXUnH9fHgp9yJ4+dXFbtcgh+b2wvAIncdWzYkIsPletRqt1nW+9hmtVjhjrqpi7UhHdGVYtqDtKm7LyhEv5j1ZL9gaA/vhNAqzLlpsanDxMagxC1YXcVQVk2vmtkM4FSeRKl4NKR/gIz0J8k+7FRHZMjdOQRzWaTobrdvLVz6SZCTOmPh4MwOwLh+wZVEh0gmyn+FfVFLLXjdWbG7g+oTjW/k9m25q28QNCbB1YpBGOQ+KFgViG8MqTzqc5QN2JKXqZ4GEpgZSNWQWfbzRISiz9rbdUYd/oz4etoQKWDd6wo6p1uiFCVlAvbRYMZzQ0eYsX1Y6BtmTcdyWbhlI3ct6q0YGlL9hrk9uA6xs4nssE4dKj8PlEgy60w5uxBSRZwnJsvtJKU3W1YIIhqH3AwuTMNokc9WdpWfx/wZSNYXguIk0a9s5r+IxThqYjuphf4kw63Ty5KVKZzbPWbBcOAzvkdKKL7dXnwJaZDeu/laaJLYS4ORgLB48/z0pniYbmFLC8x1WFqg3cGuPBoDtH2zHE3Jk0cT+9iNW7h7rKxxN6QDvoPcCxNU6gYLoqvppCL+TNU/NTsU/+ovyjI6ArunuJB17wt8hK34U3FrBmxi2eXqDyUuh5U5+6K50F75OxNVPcPKDUcSQbwb6quPCCJxAPVYKLRoPdjZR2M4Ph5uVI7vzWdqhCVPTpf/Swdm3uiqF3/pKKLt+7ZyOY7s0nVpvG3oqrCijLlIkDN3J5PuTE2UXVq8y5fGlDOWnvfHqd1Nt6DqzYzEUvMiT+6WshgvF0YISRh0ZcFWNuwaUbWrLvS1Xugr1P5Z6dg1ppkw9+24/r8+6gBp6c4sgPChje6pKhLaNyNLoXuT/Yd00nk09qkM8pc0uL74Ksgm1ZykJI7GnfzNUoAKLtS53YkeCNaM64T9325Q2zrva6PQtEN1VskpFtMNp3ulWXgbCDuckt7v3uv4jjklHsll55Am1KQA4QeCLaW8kDMmNpYC35bUvPtZIzr7WSgHGi+ukjsap5ISl1F+1cKYdEqe7vTfKycEaaqkXtzTB/PhSv/D9kRBtGRcH6nkdVh68bn7s+5bTAyOvqc7nx71FDLSLp0PPtVb6GYw8nWYdEzwj7yNlc+PkORGTmmHKYds9xzwBE82mZITDPCAwfCGJ6PbTyOJ8lJRk7DB+R4zg350BUUwPl2NO3Z0VVhDdQBY3BNNStNVr5H34kNsdD6cHfpmIOytHo8VBuDFy8MRHoFzfE2SXpVp3k15dX/+nDJkiAc2nNbbbRyZLT0ErR+EDNYT7/fANQdODGxTIlTXlEDDNs1po0+gmCrZ7/v09xZJbgylmiYyymmd8ZA+jpgP20c/Yd+xl43R4NA/mKpNRYgemVbgdZBcNnpYpmCFkLxbQwSbhSVeko00Bb7/et6abKifKasaRYQd01y1/AxIuPzGnSw30Fs9FBgr0D3bDyj35AO6DPE2GrTuMVzKouA+j/yx1kUwqyU2/PzzXBIi2jx21YUghLh6SeWaJr7PnLgLhN3vHKZRbm+am44czEfJL//aA0EClDE2bE4AJt9YUJxQs9XlhKKX+JiFxt9kO/mUcb9Sxez+vug+hrxYuMV/ZOlpVLoLvGznxQPrivITM9iQ7NlxjLwMcbndK80aK/ygs5xUujS0sNdLn6Y7boDxyVFfvskWdBt2YR8qo39Hwq16XJ38ULquGJEpOzFWNnvP6k7RUmUTulMVMR67Ki64NoBijtmp8yJLoivAZjgHMxzqyjMmgNVZNjbKRMcZS1qMR10Kbja5OZwJizIre1sxN1rOTqXjh4vHQLCrRrJlVyn+Zd37B0LSMA3K6MPySWPLT+b20fS1A4wXDJt8AqVx1TyQV6fg8L/LfaQ8PWIZm1EnWqKRLrNbYOlAAjEuU1xiQVm/9i5q2J1drHdHhXehNU3/ZTZERoJE/BkpEPTx79dSXTtP1qZtFU/CLmZTccOBHcWSx7KOmf9AhsS1yPDebqMO+8hmBh1BS743Uly0p2P+D7ljE8mG50ZSjp9RYKpwGpYNh5jc6bA2Jsnw6lZauHMrvKfjRqUCEHQKjt0LUrC3IrQdP6qRwKKdiklVb9Kab+/8gQYeHZFRTfZrXeSgV+eBakweFKE/nlKAwBWQJZEb20DMjimW4gikv1O/Wf0TSIQs6nmYJm0AZqpbCqJkJd6WjFf+URBvvO4iRuWy1ZBhx/DLqFwitMVYkZ3W+F1irUTE6zXfRf/kSIIBGW0jQgh+SjbpM/5Rfcz1uKj06GT3eQ74dMUJ0p8bBYMSDBM4I1ecYvYXdjZAWYDZLmBiYJaS70ci/M5Lqy9l5bKRNGV0/jUCEwA4w9MIQM93Wcl0PVfiHAtWDBhgS8ty+xIvXmgT5BbG2IAfufXo3oUJpIrmKwnkLo9d9NRdu8K74PsCMM9OB/eAW/8UEbS/GMEQnWoI6hQA37MPrDlpkexVTWXgv9sWywQHUq13wPzYfxMzWorywzV+ZG+C+yB0GvdBSOwQ4ePHX2dtxM52d24kbeSlNRIx29bdy6XsrkXllJPKs2hh57cB8zWRfVrViCIiTkt7E+M5dlyzBXd2zebE+YknObd+B1cPgIkdKSLIjWTyj9VyY9Yw0Q9Oz4PmP6pyVjU2JIfUl3kHybPXmrYM0M2k08lzo6Dq+MZPgKYY5W13NvNpik9Sj7TpGg7aOLNBSGIPixTQlINeX6PpeBhzwwjDZQ4LmMukMJF4c/jQcLFXAevbOr8lpYmqtHZR5P40ZgwgP8gVLuv6BZ3EumsgBTGY0UKRYl3M5SvcNYH64ry4D8j7m+pjA5Qy8UK8mLQ/mmWalGFVrQ3HIpXlK+p7/Wp+SYczP8k/VVsafrUwf+42isnNYMVW8cFtIh1WSD8w4LOR/Nsa4cZv5ynaAE411lp2oxqDud07p4efC1p8lSIsCjKn1XP3VhmH3WjWxQcxxeAWKOqXNVanQKmQrWlmPO4a6Ur4adbPmLsPzlYPs0XUdMyaiLLDNWZC4m0juIKBiWqe/LcsK1aQ2rAE9Il84YQl5vdpoKNkbOgsxupfpzzKj3NT0RUf7tGAFazms/12ykSj4LanYnzrZu5EH/ue7lKeCiVVVPBK5/EkStYYp4SAieJA1/PI5e2nnhzOQOBiVHBWxfvjmwggmnpVUJ4KWkCDrdTR95h+pV+NsxQxWNHVFIdj0pSgK6bx+9x8RpgwBDhs/mqYQJ2Z627dLyHQwZnUf4yQB/O+xJiweKQ88ZvdyCl7iaheBRjuR+DCXGvc9LrdheWm4QnM7GYxn43+diFoSRoGsNHGNku7u+uGII6yyJbL1HQkV+6BnPkFVniO4GsJ0NtJ9OtOhxCxoTbyS9xZveq/nwv3SRcRI/ke7w132Nb9Z+3ceFuANcbnBzfPTyj+4K2s0P6mi1MC5tq6jvL+7AIxgp3rPjFFG/kR0wAC0YW3TBmrRcB7h5lNbuS39zVseGOU1HQ/rSNJ0Rok1058E4ydEsTvIejfOAPSqnAQvJJRBmkV7EDYu99yGzx6gFu3t8rqtytzXibCyiiBFeaGioXZU/VrMP83TWZ7QQLFYweCs+d0rfJyd9ITU9yNJM0InP4U71wQ7I0YIO4tVhwAtFBkp2BPlwH1EJJcQqjQ0/1rVtFYgsrQ0TEI182YKLsQz7Ccg273xoRQPhDqq4c6mr7dLxie8NU2Gj2rvK04kPvO+DXSiv1r9P9qGK+N9/by3Pfuo5wBS+KE9xa5cpCFEfREZzxE1QCoR4IjqyL6wvqyR/f8pGyE55XMIt555WY9frH2NS/tByGZHdCc+gAVZBSKnAGRo4T7pRB8NEMZtxGgMaSX8bVPSovEC2tmxI6ZOio3rnL6bbVXHBa5HOlLGGnxny+ODXIP2PkuvFc+IbjNIOYRecAcaDW15tAJqMxx6V9o7NiIpXJUxf8sJE39KtR3R3xpTKxhv9ovVKpGQAsG7VoSKvgnJZNpR38bqr34ZzQMVXRLK4rAel76DbtS/NWQ2+JOHezmWVdJledFUavD5xPSH0jCxb4S60I+kUJl9auVSONQixTCRAyYwwAY0daHeUYyPg6aEj5J5xXEfXdP47VnqqzJjBLh0wPjMXiTLQFSpadq/rsnA5axYk+7uaysDOQXixVnrD4TTgMQkNezxGq1NyKlgoYpy/0SwvftWCYzh3lYcX1ovxEodn+FVLZBZN+EaRckBjXJ0wmgbjk92X9g3wtrtaCT/AfXFRl31afOUAiWYSlG2kPQQOqLdJPv/YPSufLSM3R8f7gLyHHZRj5O3oXcBheWosUoMAxWh7axQCvwgO+MQRJniAMkDzuiKr/Jj2oSjTIxUnCwXgy0YYhPaggnc07kU/E0JNJPwAen5TW2L8o52Q/Mi4xaimAVHbyek78Z4lDbkrplFlrlvAuSYHeLsdAXnoJKIiHBIU1IM1Lty5qkAGNmKEVimERsnbWjgpYFIwsioMh5QchrdNDXjx2L7PEx9WKHiuBFzt3nGhOFow5Cu07NzwmVgwNRYhyOrWFaW4xz1gx0LMSCa84QNmiDpsV4edBX9oLkBpwi3rz4//TK+frNsCktjE2Ih8/khIcKzSaW9RzwhDbMxkm+g+ubzIxENHCGD9w/cpUUaHZoAdmqrtHwirUG7GhWdGGdYkc/C6W1mrzMqz5KA/Wdr+ZWEhGj//BvKD/SqHkebXLI2Io39fSYtQs0BrkXYwolFirb+tLR414aplxW3yn1/UAZtRv3ED5tcmIsW7SZiDAO6jOumbVCq1KigbZ8AvZiJBucpSmBClmh+XCSGBtC3/FBdilJk9sBCgWhkPwNxXmkGVomh44znAoC6EOer3jK3Ln0G/mXa9Ce2uKUBT4dSKVeoawE5XrTB5lFCxYSXqXDR8Hy2Ca9U6bF8ucKtWB6k6hFU5PgY1Tu8f5mhZbL1HR6JG3e1sGDNY2KuzYbaOLK6NBaMkOPMQs3PaNCyW1Q3cDbOaS3o1moLLUiK69PvjtSWCJaE7Mg3aj0jOAZD1/KEnjcEHC8UrKfHIB36KBWhXUABn6vlT/cvppQRabLLwbBPFsJYv8KgtM9wF8o2616icUO53TbUXRwxlFNTjbymjenGmcM/DlQ4KpzuglCjdtNxXbd9dms9W108cJU5a60FyBkukOrhi8ujRRJTLifAuHaJbtEPtXLwOcT1y7F+Ir7qoZRpf9383y5w61qEWNzXLE8Pd01NrLI0z8m/BGf6Lw7SvRpCduYUC+JiOj48FrGJ8E5p6zBKuhIynD6Zm4wpqfwPm8P3n+sBVBX8gmWgI4JvAfS6fWCI8b2W0dP9zPoRGypPf4gjNULGEmgfJC6kPKAMXE7kyvE4pbLi8+fB29NEK2uzEysrrL/oGuqQjk3h/4sv17/Tbx80GnG7LxI4i19d3edGzvEfVQPwbHgYxlmTmPNOu3ylSlfNo/SoFQbvXH2zyhp6i/e5SWYTYvgbwxQOiAZG418gJIw4T1P05zCnqCBs3OaMH+cWkAVS69DDdYFHL50HqEEtR6j1xJwpVh54uyRSU2bL1jhXR3FIspsZ7Rs2ll6YYDEty2de57CMKL9yX/XBTu/s49Zfwrljx2ISMNKY01mGSfoEW0PsYw/P9B7JGHKp4xNsraGPpQwVNYaC7m7GJpR6KaF7Ed+RQS9BfgpNT3LLO5ArXBPW+sCluyhE/YpNQ0tU9QMo6sudksGrP/7KJD5Gv2xHrNC0HTWmrgXn8SVIoHUDxyoUl7Qhs0MdDC8zRjDQG+EDB0QAoMFiq2bpqNYPRkxt3Dv9ogXs+ty49iExRJ8ETfwqNK+YkevrKGdoyaoyAZl9nZ0tFqQAtIKPDbEU3GoXQ+UQHS4wh6K7yU4021UwvKrBSz3bBKMGHVJ6rBfgVYgXxwfJVXTC4vOUNaHN7w5I0CqQaD6J7AdOHWUpuKtxq8VycHwwEg0xiORxFt0vvjEN7HpODPm6m8Za8deHI+nTQURZTNJv4bzoMxj+QcAn7IP7hk/WelGxl1c2Ly/4GpPTb/JjUzZWdZl86d/k62MxAXhLRGtok776yOji6aSxVk05lvkphZJu6FJLIjqrMBMFg+wIgm1HzTRkEFvcUkXu1j1UjaPoJ1Tb3kDtbvgYNO3Kou7H0C37pRwgT1QPMgOfTrDSqRbJCwzr9nxOjbRnzqae/8gnpzGYnUCxtUUveR800OQ9THdvSX9Po2UphDoHLz2/hyMDo/6yn99RbTZ21/NytDLkBsHenmubnsdEihyv4bgbTVyqFuDn7OVapGix1j9XezThSa6VmQaYVkIAxi1PlomRXxaPp6SQsCDAnXdrJcHNrJA7HmXHtluebcupHIj7j9gpIr/FK3oMs9R+u6i1aTGcEvLZxFmlQ5RNODk6yTK2Zh9t7Hj/hrxIkzcJRE7WhzK06of7zvn79ivzMkKzg3FJbaVT7KiF5NdrBUV4zcW78q782wMmK1RAVAhU9KENQ7keD9aUhent9tkto+Jc86HKRuu/YyN6F8aRqUXLg/pEOWp/s3+GjbbOjPjdc+DZx21UqyG2OMW/bAQjZcpSpZ1ML1yDg2fSU070K0A7mGz5T1LbRs8DvHrSTsZ5xosSsIT9YWG3NtBmkfxP0/tRIfAPZLmDh5TO6cZqnsy/F0QDC2rkMoM3t1FUHq3pTz80aEaAfKBByYiw98+yqtd4oY0yNcX+spWooUieO4cg8DXZlU0clg8aVdWeFsJ0Bjz/RebP8ebnm/yI4oY2yiU1KGeM3STHXIK44xaRaerOwI69SRGWfjwYZSM/DXnZ3DKdTJhbC01wVWBjoQPEhPqnPzI2MbWOTI3i8yEBre8U0qLxiG+OmwRdqjyaVz6pHGNv6wxhVWQLJwTyMVKrPLB1VAranBTCk35rKsJnEzrmVc3GWO7y35hjkpgIXJRhDqVHPak5+CYNbZPhokLne186kkneHfXAaP9lSamVrfCBKBrrD/OLFHJEwppsRdN6eZ2ZPGy5qGnh9uT6C7vSPVs+0Y2d6yiPFOHe4dPLbL9HeLNkxIYPz0ts2vFQ0vdBiK9TEi82QFsS5kzILMSMBGlRw87Iydx3eTGnunT6sQXNYzD+eZK9z7zmqb+uvCbq7ULXPpBU/GwXjEAx+rfq8Aef6r6i5IJNZqVUQL7PYFwfVqtuc42p3xTgrowNvUGBLGjOyu/Tt7oNXXhxo/TJCx0GBgJj1+9SjdavHC9d6AZ2g1iHbVB+7q2b3Nk9DoNOYm4VTXuMC5zBv7JXbv145IqWXEjufKJd9okQnjbPLn/sfJ+ZrgY/2l5W6g==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-07-29 09:04:05,651 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:04:05,651 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090405Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-b746376be963d650fa8d75b31c04203f68d1cb7e|http://10.102.87.106:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e56b499eea52ed044371eb689330d8d5|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxAs21j44n6f+kWr/O9hiQr0W1Gpj9Id20u82JYDUCpmVhiqUrm9UOSXjjbXNmdhp8GtPjbjthsM5/9vlYFgj3AFWhIqjaiO3RnucQVvOvES1Tg+L72LOiDUOygLvdHvE3NKXX74y4SZFYWiQO451MTcemV/nKrubAAgWLqJu1Hr1bjrC8qJl3lA1unA==|_9215cf74593a662c64749c8e22e25fba|
2021-07-29 09:04:27,988 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: A5rKIUfrOvgAngIW-jaZrRwgkebbBhAnWJ2Kw7gP55uIPWTyFNfgemw3
2021-07-29 09:04:27,988 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:04:27,989 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:04:27,989 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-ab2878bb3ab3398e0cf4deb013e396ba5200843b"
    IssueInstant="2021-07-29T09:04:27.933Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:04:27,996 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata' from origin source
2021-07-29 09:04:27,996 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:04:27,996 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:04:27,996 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:04:27,996 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:04:27,996 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:04:27,996 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:04:27,996 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:04:27,996 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:27,997 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-ab2878bb3ab3398e0cf4deb013e396ba5200843b', issue instant '2021-07-29T09:04:27.933Z', entityID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:04:27,997 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:04:27,998 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:04:27,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:04:27,998 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:27,999 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:27,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:04:27,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:04:27,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:04:27,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:04:27,999 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:27,999 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:04:27,999 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:04:27,999 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:04:27,999 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:04:28,002 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:04:28,003 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:04:28.003Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:04:28,003 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:04:28,004 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:04:28,093 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:28,094 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:28,094 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:28,418 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: WrSiCIHmdE08gssr_75D-1ejngcPI6DCFfaS0jccfD6HHYQR9wUP9Chc
2021-07-29 09:04:28,418 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:04:28,418 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:04:28,418 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-f680e9a037b0e2169eaf6301dde2fb2fee51ab04"
    IssueInstant="2021-07-29T09:04:28.356Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:04:28,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:04:28,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:04:28,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:04:28,419 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:04:28,419 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:04:28,419 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:04:28,419 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:04:28,419 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:28,420 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:28,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:04:28,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:28,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:28,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:04:28,420 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-f680e9a037b0e2169eaf6301dde2fb2fee51ab04', issue instant '2021-07-29T09:04:28.356Z', entityID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:28,420 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:04:28,427 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:04:28,427 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:04:28,427 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:04:28,427 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:04:28,427 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:04:28,427 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:04:28,427 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:04:28,428 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:28,428 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:28,428 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:04:28,428 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:04:28,428 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:04:28,428 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:04:28,428 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:28,428 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:04:28,428 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:04:28,428 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:04:28,428 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:04:28,429 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:04:28,430 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:04:28.430Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:04:28,430 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:04:28,430 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:04:28,430 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:04:28,431 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:04:28,431 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:04:28,431 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:28,431 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:04:28,431 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:04:28,431 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:04:28,431 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:04:28,529 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:28,529 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:28,529 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:32,570 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-07-29 09:04:32,571 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:04:32,571 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1005437032::identifier=rick, context=org.apache.velocity.VelocityContext@1412ec16]
2021-07-29 09:04:32,585 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1005437032::identifier=rick, context=org.apache.velocity.VelocityContext@1412ec16]
2021-07-29 09:04:32,587 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:04:32,587 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:04:32,588 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:04:32,588 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:04:32,588 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:04:32,588 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:04:32,588 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:04:32,588 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 30eed90be22dbc369dad4d7c3d4aa05dd2297d9c23d692ce8b60b5de566ebf50 for principal rick
2021-07-29 09:04:32,588 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 30eed90be22dbc369dad4d7c3d4aa05dd2297d9c23d692ce8b60b5de566ebf50
2021-07-29 09:04:32,589 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:04:32,589 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:04:32,590 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5b2e2124'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:04:32,591 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:04:32,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:32,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:32,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:04:32,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:04:32,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:32,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:04:34,613 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:04:34,614 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T090434Z|http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659085474614}'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata]' as '["rick:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata"]'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5b2e2124'
2021-07-29 09:04:34,614 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:34,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:04:34,615 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:04:34,616 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:04:34,616 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _eac66b34d262baed99b4e3ec9140870d
2021-07-29 09:04:34,616 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _eac66b34d262baed99b4e3ec9140870d to Response _c0f4499b838c77d1f85bf639df4c262f
2021-07-29 09:04:34,616 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _eac66b34d262baed99b4e3ec9140870d
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:04:34,617 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx17f4FOprecxoeLdU4z1l+t3RbxmVx2thYx+xfpiL37e5rwTEm4yvIe56bxg0m+mEChFYcJ60xlK1kpBblQ+VpFnuTO6chDHhIf5mwf8vNetqOUxxNmhjiZwVDGThRIhE1nt3i5U0UQpnQXqEFKCK7Csgv7HiXQrMmD3f7ObA/feR0rVVLrttVMf2MNWj with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-f680e9a037b0e2169eaf6301dde2fb2fee51ab04
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _eac66b34d262baed99b4e3ec9140870d
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _eac66b34d262baed99b4e3ec9140870d did not already contain Conditions, one was added
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:09:34.615Z, to Assertion _eac66b34d262baed99b4e3ec9140870d
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _eac66b34d262baed99b4e3ec9140870d already contained Conditions, nothing was done
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _eac66b34d262baed99b4e3ec9140870d already contained Conditions, nothing was done
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata as an Audience of the AudienceRestriction
2021-07-29 09:04:34,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _eac66b34d262baed99b4e3ec9140870d
2021-07-29 09:04:34,619 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata to existing session 30eed90be22dbc369dad4d7c3d4aa05dd2297d9c23d692ce8b60b5de566ebf50
2021-07-29 09:04:34,619 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata in session 30eed90be22dbc369dad4d7c3d4aa05dd2297d9c23d692ce8b60b5de566ebf50
2021-07-29 09:04:34,619 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:04:34,619 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata and key AAdzZWNyZXQx17f4FOprecxoeLdU4z1l+t3RbxmVx2thYx+xfpiL37e5rwTEm4yvIe56bxg0m+mEChFYcJ60xlK1kpBblQ+VpFnuTO6chDHhIf5mwf8vNetqOUxxNmhjiZwVDGThRIhE1nt3i5U0UQpnQXqEFKCK7Csgv7HiXQrMmD3f7ObA/feR0rVVLrttVMf2MNWj
2021-07-29 09:04:34,619 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:04:34,620 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:04:34,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_eac66b34d262baed99b4e3ec9140870d"
2021-07-29 09:04:34,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _eac66b34d262baed99b4e3ec9140870d and Element was [saml2:Assertion: null]
2021-07-29 09:04:34,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_eac66b34d262baed99b4e3ec9140870d"
2021-07-29 09:04:34,620 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _eac66b34d262baed99b4e3ec9140870d and Element was [saml2:Assertion: null]
2021-07-29 09:04:34,622 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c0f4499b838c77d1f85bf639df4c262f"
    InResponseTo="id-f680e9a037b0e2169eaf6301dde2fb2fee51ab04"
    IssueInstant="2021-07-29T09:04:34.615Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_eac66b34d262baed99b4e3ec9140870d"
        IssueInstant="2021-07-29T09:04:34.615Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_eac66b34d262baed99b4e3ec9140870d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>Li9uXSuUfNimYCAyhqLd0kVFmXPCau1gntFePZ9umjo=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>SdSoGa7mF+lJJlvG0zeOubGVBXeEt7T0fk3IL6EWJs1DfTSDXKx2gGHjUsv6P6B5xubjyvYfsdGW/8Ym/USt02y+zPLcN51FFZEBe8AKzjAqaBpJG6YKSR5B12LCHwkCKoTi5+EjjyA7hgKhY/PPrSB1fXTqVfH+VyCObyLqTmOH2JOQE3Slnnfs+82pOe0obOHYMvlSF6K/cAxKSYJU3W/HAF8EiIQAdwfaj3CBtjyR2khQRV+eybwLLfjKRXiVOXer9+fy+e/nx5lX4e+ytpDeuZer2EFFg89SGFpikN7jztDLxfHHDzFJLL+qvNL8WtlRDgbBG0ouTRX9ZP+p3g==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx17f4FOprecxoeLdU4z1l+t3RbxmVx2thYx+xfpiL37e5rwTEm4yvIe56bxg0m+mEChFYcJ60xlK1kpBblQ+VpFnuTO6chDHhIf5mwf8vNetqOUxxNmhjiZwVDGThRIhE1nt3i5U0UQpnQXqEFKCK7Csgv7HiXQrMmD3f7ObA/feR0rVVLrttVMf2MNWj</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-f680e9a037b0e2169eaf6301dde2fb2fee51ab04"
                    NotOnOrAfter="2021-07-29T09:09:34.618Z" Recipient="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:04:34.615Z" NotOnOrAfter="2021-07-29T09:09:34.615Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:04:32.587Z" SessionIndex="_459e744711bf0e54a8804aaf8a5d79af">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:04:34,624 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs
2021-07-29 09:04:34,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs
2021-07-29 09:04:34,624 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c0f4499b838c77d1f85bf639df4c262f"
2021-07-29 09:04:34,624 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c0f4499b838c77d1f85bf639df4c262f and Element was [saml2p:Response: null]
2021-07-29 09:04:34,624 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c0f4499b838c77d1f85bf639df4c262f"
2021-07-29 09:04:34,624 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c0f4499b838c77d1f85bf639df4c262f and Element was [saml2p:Response: null]
2021-07-29 09:04:34,626 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:04:34,626 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.102.87.106&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;cdpidp-85eukn2dlgpljhwgzdvq&#x2f;saml&#x2f;acs'
2021-07-29 09:04:34,626 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:04:34,627 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'WrSiCIHmdE08gssr_75D-1ejngcPI6DCFfaS0jccfD6HHYQR9wUP9Chc', encoded as 'WrSiCIHmdE08gssr_75D-1ejngcPI6DCFfaS0jccfD6HHYQR9wUP9Chc'
2021-07-29 09:04:34,628 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"
    ID="_c0f4499b838c77d1f85bf639df4c262f"
    InResponseTo="id-f680e9a037b0e2169eaf6301dde2fb2fee51ab04"
    IssueInstant="2021-07-29T09:04:34.615Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c0f4499b838c77d1f85bf639df4c262f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>tqFpwIbHRxmIECfWS1bWTCfU56brJQzPzrjaYCmYBD0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>rLFdHJKlV2UQouAZqG2ug/LPQchvIFuDdvaJWcxb8ovPUSyMySwJwuBU+nlEnU/jA36rIySo3M0IhuKhR8Z1y5iTHE+1430TCvzI5V3Mpp046X+znpwYkV9y/LlPiuMbqqxo/B4Os4wDJvQ8TgxnCf93UY3FvW+2HFNJHh6r0LGFA2DQzf4xtFZ5V2jOzTGlDN0mnvUS8lRUnoKuL/EqC8oOmszeRsz5rkc86e/UW8drXRdJlUNsvgpO/sk4BktZe8vPeK7s+kIv0trSop4o8glwjA6wq1jwTm3TD1Obhrspk7/X+K6gkPYAYy5XxkdNOaNXd8PuzGK+N38wE4rAgQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_0a7983896760298801e00c2b2d0f5fc7"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_dbfc362d60e8839f1df51bf0eac12c08"
                    Recipient="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUay8Y/lqzyNHVGdG8jeH7iOjlv+4wDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA3MjkwODU3MTBaFw0yMjA3MjkwODU3MTBaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMWFPXTBz/te58RBleUcYaTFMHZs2K1TB4qEGHEp9bX8iKq4KAqiH23hAAdep7DyW/ESPwydW9
qhL1iqdK0ZXn5gh+ABYmrirkGWOWXbSes1SsXgBd2WyQbjDXlu3oFfWzj4QuK2unE9xMhREVuKG/
wB74z9MefBTg5ofoDntLfM4BT7KqJL89Hk1S9kI3PaS8685JE7pNaPQ/pQ5Dgp9kM9S4TlnYA5kn
b6xC3jtnQLrLljJgan972hnlrY3fRCq/IG0G2ysLMndsNHlxOn4ky3CaL7DpS+vu72E0Kavvo29I
6jk5Ezl/zL4kFLOnZhyW3Nv2oRIR8eFqu5dsupenAgMBAAGjUzBRMB0GA1UdDgQWBBS6pHwz+M46
OdHN3IeT/UqayqtiOTAfBgNVHSMEGDAWgBS6pHwz+M46OdHN3IeT/UqayqtiOTAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB8FM1xHIpsVM9c9++Ou+SvrQ9Op4U21YABgYYIDQkN
if9xh2/MUlHXso1LLyXbpTP4ws/Sm3gFuAxiMYbrt5SsXzKUqcTx8fOHRHyYqQCIJZuvUAfJZkNI
ENK0u+lErCybK8Qf0B/CfjqRdgA+GtoACiVs6fpQn+58EANU0OKiyq6Q9fm9F50+Ts5rlAcpccCA
RtviysLw8hZDMAFQXAvZjIn1279svOzDkNo0O5cmqMmF7Z1CGjoRVYJvTm3WHp97TUwAIUjn3th2
t2rpJD6O11A2EJejifLbHZkKQs6bt8TKLPsXcH4TXHGLqRf1UDX0zNyYSviIPSOvL/9MhqgT</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Gaev/P1coTLHkhZaakluyszyDEi1Ft279TjtADUINT50neTSX6giyW/rBq3QIB8vA0LWidd2IC3pkI7IKhew8Cw/93mqfoln2xoVP0FEz623s252tr4Iy8BV9YVka+WQ7dNrrNQ7ux4HtOQrjSJixCof10K4fbrCsnWz+3nHdzzk4PRTjsRudMYxcGPYswdRIpns0byW0hX0JIUPvLl29q6ZhZYpJqX5ecBZGp1geINJAw3C6f9CtcZFI1/pOQ5djqw4uAPtBOXBf8ChRLaL3UqiJY1IzPm8wbPxEEog39cKakGqHCcvT0/Ngi/iK6ajr7EGmHamgErmaBfHdJc6DQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>6WeeukzekoMjZ++6klKcAzXFEAHM6B6hyPCLEqUGeg0kYdwKNivSBd33/fIgBYKPaQtkfw8u7qtxzrRp6OUDy5DFlXSTPLAod8mFql8YM/AAMKiLJiqeo87aElPkwJqF/NJMgFozV9fKXAZFkBuFonAV504dlDJoB04f8YNGvSxXKRtc3mAM5tsY05ofcKh5s70aiB2c5NLPWB+rFNryng6ZuOzNusu16APvUn0vk8uscDTTzteUCpGRCN09LR8q11O9JBOvK+AB3Xtng3EcaYj6p+oyH0gn7eFOtZIPTFwXuvz+6nZfunVwU2+NjVG/O189PiDtQr1KGd7iQLP4+dZxKKYbp0Xo7Zo05WNVT0KasGoKwSXrHWcf4I5notzKXveSZQanma2e2ZH8SVgZr+hDbY6G4IleI95REOh0OC/0i1EQCZpdHMUZ1EVTTtS5/fhTk6h6Bab6AhE8EdIFuBBtBxhr17FO/PQdBQkDrITq0moZb3XTgi1hjIOihtZ+lS4M6v7cIkf3OYeBbHDSgBSR5oQbDlrFDMhhx5u0SyRlXdP/nSMNWPTlBQa+3GvXwHlm25hUZISMnHeI3Pz5/IzrpfnwFZ8pwW1xKoxot83GmqycyCM/BnCDkWnqSyFksDP2h/Pn443bxbKlj3Cj4O2a6lUcSAvHjPz2yC9v94Vz6lkWrr1YWntZp7Qv31efYNQPJHa9zpKnnA0pi68ktNEP3dWPKuVn1bw4+ioNXLs2iZy+i+SBjdzZlK8DqMncHYFXkKvaNQzjVJoD/tlACmQON9MLeCF9cVrR8pAl0TNAWhyjwoRoSw1GptVFf8zcSsb4RBONfHkWeZhM6ya1ITuvJAkNo3TfQRF8jfPbNb9fDgAyu9KcVs5Edr1RH+0HkiMO9V42NgfSK/4dmwPtIr31KEx0lNQ0vLY7sophFTjdrsPIDGNhEKpZgNEgRVo5dZmIAbgFDhZJMbm/9AUv1NwtCA7ewM9dkSvAe0ckbS6vo8HDLxe3FjhucoC1t1IwCFPwcfGS6LVfNxix67TNMcUC01YumG/e8aRU6rc/HUdVpytn/omOM0W6K2JeOCl7VREXbWpb1/G4TrJHwfIvqEahdWOjWq78ORNqsyIO3UgFtBYT1b6aknrGKxK/N18ZlJ+jOQFX9bJ66kqj4EDP4W0jY0xWEZxG0xtrblX2XYFYTbnAwqU+Fxa7nAxLHirwzK3rlnKcFDTfoFm5XA/TPjXzUpjMhftghXxpjPvtnppYzPEYEKv5DZ+UoVb1d2jYFld/L65Qwp2WjZkwALKSQBgsBX+iAUkVcrI7ZPX07BlOEkPDnd5tl2Ahmje81C9zM3jzNmmREy5G0UJorSbgF2RFrHBLnJqaw/GiERxjsqYEklDkAY5VIgcPpSbK220Og0OuBB6vqwmhMH1KyjmXrUrLJL/d3XVt9V/NicEhTWGCC5TuXG30yBYRGfMBzx9hqSyB7b7WBCdMUGBXOx0m20LSYxzuGJrZTVB6sy4cg75SAR9aKesTP5d/BY+JKp279ehlB6Wj1vnNIthBLqTPSGdc+i7//qtgh+URr/OWJTnzC0WGZV6RCJUUevZNtEcz7W01v2/q+Z+s8BhrAVYgqGlvEchnUB7tqFZssftMAUtv9DMdF4HVxH9HJYO3UzZw849cmxc1mBPq9dYNstA8w3BxKFuHJt9qUnkLMSVr3evID3PdO9jSSlQ/CVzaYznPAkPJuGP4kMQN5dL2OTnvsxUqaWQun1LVuJMVjtd2IlQ5N8IwyF1Ez5V9EJ/HiEqBOouovTFlCXeYpvFyOuHU1JscYvLx2RB99PpLV58v8hzc87YsnZtx+bIWRltlnlyGCkNpkyL4/fhP/f2kPzjXUvg/nzcNGo4Yf2+bhP6PAZzZtWaYcMF0Pf3ERFMZ2lGOFS1bKOt5wilxndjmnyR1wL8ADlIEvxYhjTdeMZd327q37vxsVAmfo4xTs+BnVBIevlyV0SSn0a64U7A+d4GtA298GN9IqU4Wh5Pqd3pStvyRo42rtAlrrxPBExxk8uolk3vKAxWBHGS+jxjvmm+NKIRpj+cMvYpqVVYe0Gy54UdA66LJxpu49AMZtfk1hYn9Zy1yDraKxizKAJ9MIzBkQxDgZ19mV71Z5gYeq/Ykdo+ebOnMyYmrjlqNx73LRazgrGUfRFfUHKIfw+QxWsMQz2NgXPsu08engGGMpK3TQT283FQR9pDsNEk+jY+3pSVppPiGmL57TWCrKlihoXMiyvK7Z/3Z4+Rsb4GHXG10eg2qg7ukR2IdLOYLXKAtQYGEJe4d0UvxVvXwRANVecpQHG5AlwD7XWNUG7XXaBtYqwRI2OBXZJsoS0rs7/HPjzihKtIUS8YWeUFxwUwZSqhKCIzCYKh03GcbRt71llTBbYyZe08jI5bn7eONFO8XzPK6bRiSrxinopmPQNyUrV1FiIldfTEkrEM56KuS8XNp0FHK8ESb3fiD2K9apTWVAIbZbWfm/HNzwIZp9hHJHMSDq3EGP3HAdGQLX5FmwiHLSVoKl4PlZ6PQujdZrsdt/EPDeUGv4tSV+n4M07ANKaf8WEOqWNaJgFelivjsIwZlElWAHE9ErHeH34JgOOAoUNq5thJiLaQw+t1lVHgYlTyjynJhgOG0/392GA7CSYKUqHlikWAXhBjCTu2Z4yEnwynCgP7rHWXQSIzykTp+OXNFLPLViUJbRYtH8kEuCPf/NeplYhZ+rE15Ytdsb2ZuS/9415bBvyUJ3FVGriHTwK2Qlju+T8oU2DjEPcwsNQmOENfysf0pS5nLd0R9ZSkJ2ti8/Z/7gzrc8ZCguNc3QCCTsOqXt81WyeC9S0BYGqxgN+jgBMRwMifKEkuL0ZPh8QLfkL0JScyGvu89hylMYj3iWEbdZXUxs03V7Uc3W5NMSaaXlklI/ow13bKjJMnkkOrFCJeFiprFTV0huylvZh9wKTptpt/3BCANacUDzFxeYaEjmo5hyt7zfxND6eOMSzcyWlkr6/eJXmrp8IakJ9h0793TKWzoPXEIwb6t4dJM3zqMgn7Fr+gjJ0JwvrM8mxf668NT+9g3Xq7oE+yVWEZz2JkXlzjtRVU2XMcVR7OcUPhpEiXW/P0FQ1JBoFVHyq3D5Na5kVRupPAiXQU1DJqgb3jsgtHsV3ise3t/6Nk+a6SU0ymFwLAcONMMYzvWbD3NIGaEMXL06mk53oAA5qksmnA07K/PUz1qQEV4lvX9iXxYqV2meqnl9KTHMryhOj/j/Kdq7B9dkG3eLjZdb7rLDA+rgrZwxwAB4m+l67lhogIlyFQuc13mLYED+ginzCAnI/BljP2/PeCTYKb9iQyMsB3LcnbdX7CqfXQH0Wl/sUuPShu849QPjG1hPhYMaN/RUZI9l7G8BOUpPE0HAC6TAY34lN4RlRgWur0eksm57HzCMgj7BDXGJUjuAeCYjJMLsNDhsXec2AVTigh5w6aDSLhAxmehRe+HBDlrlkItmKUYDOoL4GW7NpQJ5DbXD7+6+LttEZ0ieJKhRp97KUuxFC++QDYTaLfIm5wuIZYWrgcKt31FDejiXPV7LWmWEqerpbD2sFaZrgHmSCYquf03fusDOWVHKOR6NHBbkLvxB2tZvwZ0/lI1UTe9wBc98GwudbAp+avR5LXLQVap9jMT/FEvWbDrHjiemOLWDRdPqySoJIfJJUfGWQdV59wbE+4AZBYoHAqIYalxr2vCLdPCmEqJbcTdDfh4k57Bw7jQOyIcUCiDITdJETuIARL4x8xVU29Nc7bkQYvp7XQi3NZZeWavuapaHIn0dAKGua8qIDoW0OuwNDn+H3et8eeaio1pDosUxjg2syOv30wm07akicB78tdlSMGv30iIwoocZZkM96bte0L8DrT6bJ8l8zJeMS4UT+DjPn6kS1KZc5m9JIiZYJ7lBpFedBtXs1IKci9azxA4iDOKvNudMiwHME2KpqmC78LZjDtwN10H/o/ND3dpOe8Fs1vgKiD/WmazDBOIhkFhfr1Wdymf5zov1DCX81T6cSH0BjrQQFvLE9zTGyVjHfXqgE+Cy06D2IdjlstGzHXVTS+xnnVdqSBP2rFv7BmxHdf+NB89h4za+lJJmNGPRQKkPJLV+WOgRBXjuAYM7Ug5Dd9He/JzYx2NnWSku2su/sTp3Ec2oBzk/OwYiO/G4BVtzNMHd9/B/T/1uhO/mE4Ijo4FkMT2s1CT5GKajagATavpSH/595AB/UBO6MpHC11AB0enP23xfjMtoN9LpDPYMDbSxCNNEVdUawSGiITGB7ONprYdUvM6mfnVEF/q5sX+tgv164c6BZ4rSBb4V9o9T2UhEHFDgrtrfxRwMhCSltqcWOyfNqcncdS4gfGUPvJJ7yLtvnrU84chste/c+aYKD0+uZIlyQwMBwGB9g3k1U9L6iEoTopTYtS++fX0Dp7XDv8YQHGL4naWpnvVQwI22dlH6EDmXkK0JLSJoFYPZnzfQ3DgiCO5a6K0QolusDh+dTiesnA4HeXz82MkpgmhaVt5O8k9FYpREkElhImU6ElRfjOuTaeHGkgenReTolOPSY4nnb6qaqDs4ByUbhNT0qFtdpJoYZ/MfRgE3idtZnjshMUQpMdWPNDw5GYd5oAo4b51UoJYyWd9Pzm9QS4Dt0XWryfowg2m8MpED3IMi754V+d2WL1zfzaM9l9WxoEniAn4ycoV232XytAJ28yiKCuSaWt9qIWI85YBs7uv0xupxrlI7BZDUDhMHryv/2syoBlDpAsA5Od3XxkOgDdvFubEveH/AxlahklsSbPECtcCXAAV/I8NuGMzfLY+T0oeRaMf9Mpvh6zCJEj6qawha4Kjkb3M/E3RIDCenwn8iJRMj4iu+4SKoAdA2u1uQHq+++UjPAEsWVJUdmX+FEb603k0M9/wainh0HdHkOCZRBOoGBD9+R6L42r6yYq3y8OrP7g47qlF4DyC9oLuOra9ZVhnAqCxZ4iIyJvguim+wQffHsYf2bouAtE90EoMXJn/pNDhPIXyix2If3FARSivCwzLqHFQ7rPfgUF6Il5B7skL70tPdLuvoVydPxD8ZUbVfQuHctijPJ7v4AlWfN017zJqbwE0ZnL6A7MGGjF0SAfX35s+1nkzJh0URLilhcIHHn9ecPYrHEf09RbWsYytUXKpLhDBaDXhCw3CsPKP1L4J9W+neqBIwqRbqQ/INABJ9yy7CQR5pKE2QU/pdhC23vMEFIdRQl88Rt8gW7rrXrCxlaxbmc2OADqHAi8umzClK+vkmR9cOgDcQMBMfStEGDL2qLGOpBX+iCfufx1PoZxXw5tf3JG4mzlbl3RRE+4BJAuwcXM8rYP4ZSeJ5PXfTC3APaANbY236iFvtuC+ZV4ID+smYtoISu2OZoelfoa5nFZTdxuPVHLMVZnE8ATan2PHh7i2rsfJACQGnAtINCGpatWvjQ/HIvYa/j4MHzGnt7OO7BJjJzpY7wpWHV8epPNjTzMrzh6cO4LIC/8MOqoJVluFCmrC+9rQ2bnIYJDVH5sru69EqEr1e7OCqbB6fITajg+Scby5VCu+sLHt28jluavrHoS6d7Hc8nHk/pROh9Vv+klZ6aE6US7WhJw5DHXvxE8LSOxIfcwyZ5wa37gpwIEImqHEOBZVvgFEHHs0fWrslBnOrG13UN+Rcu7N+TDM1CpITTTjMiKU2WQupvtmnisCTr4T6oK1her6L8og10P6MBAnhyW6IMMUwn078E51SwDK0aUm0TsK+kVZkJHhFtB2kpa5SVRPHcQ7a2CYxWhlsWwSWanWEiGUq/JJ3Df1o4rM1fbj6dStuz4I733Ylz+7JDdeXCmRXaTv4YxyuDIwiFVM8EPv9ruI6SgWj9SVkbliJIovOXAv8oaQkFbORhrxUBfpMkt0kwU3gxGMHd9yTS43a5MEuZ2+KUHRD+5b5ZrW1CKaXr0565ueK5KFw/kQk3VVWPksr4nTifDwX93qmf9HJ0DRwlTfFdlkBPnCgvYJDL0fXNQQ76SUxL9OSf7jWf2w8UhIH1hy3Q41jbyQLoosdUitB3WeBohGL6u85Oj0m9oueryBlazzFDC3yFxJDTLEFyiXG/pWvFSzW3c+kqpIVBUGTfMiIpofpKmjcSi4tCC1LfGN4JDNTvKQ0UqHogDWFb186Q4KxlEzmVOrdQWM6Kv83Jl+2WQCcpjzGOkv/kOdy98HDHeOWf6hksTD1oZGwL85qBnaDBi/FLzPzcXSNYXH/qBYRJZ0oHQcz/rGP7L8gN0niVoyg7f3hU/5TGUaXSSzM3xFHm9ewrfbQDSwjOl3uEaW1pUAD1qJnD4Vl+GH2FE3Ia3aSQqWqplHkJRWbX3v3x81XfGHgNnoY0zKW31oFsDtAGqOGDQphktHgV+Wdx6y/FYDFTCO46op0j/wJk/P11wQdHQin3jppdTO34RRT2/hjoPR76/djFfDSIWlNVkJYmqFrHqINl6VKMBFDEPjdNyCgRGPI9aAul1dFsJSFgQZgvUQltbRklK1F2oVXeoV5OGI0H0Ltq5ar4Os4LySUzzzSWonH/bq6hAnTEiAlFWeyACfX4QVKi4mEyF+sEr7scDNOgIqeNFj/kMTTOgHkOxdE0QwekwWrkds8HnQrvGP+84hDxtopfJ7qQ4UQRR+I9tI5Wv87WYAVoEyQBkHpcGIGvEobFe0/msHy1L3WnsH8DkDZFZWkU/FfZ57jrx8D1BMYzFEKJjEKc8Zec8+xoyF0/oYsf7sO+M9LZjlWPCaV7PvGrCWQMQuSkBnCmCIWdgc5X+pa8Q4Ud2ddsZpb4J7NSS4zj/wycydDSSeeQNWz03BOzqClaiNVbZ4dUyD4ro1zaY3Udvin3AIqVSYUdcofe6oIpw02MoPEnjeBKXCasp5m15oirCtHmRCn4Y+wRWSZ52ZE3Wmkk+C3E4+Ee3pmwmQjZA5hjw/BoorpiPlVFx/4jOGY/+K5wcHwVaMObqHQ3obv/xq/DwEf37BRjFDXPZBIZXvZEEvrOB8EWVp1EtnOivrOlljb+aKTsTrhgzO+lRbYtL0/vNvZlJBiwtDAhBdq1hvpdhuhf2Yz8XP2ECf1HqpeWumk0skIjzVEDw0BZZg34GsNNVcK2FBFC8eqnXXUPT8358ROyxcsZr9Oxke1H6MC2YxsARA6iQTEUJdznBrbdMIQtuF4+YpccYZfNBccJ7dqy7Qc7z0tp3wrJp69NjaK/hV8sDGaCOZW98eBbrQArY8CIanEx5gsXFh9zK+lX+y/bWFbX/B5rfQ+j74rOXPj+yhaanD2o/86Qm8zBHjGIkEevpccFene05hzAVwCK2rkBrlEmwUSJ+pxJdue4je5mMyzEOJ/hR+CM0zayHIvVjLoAn9Ea/QDLl1zRIHGZ3PEPYByoubIc8sTYAG2IbajqsdZst+CPhB86mXbsL1Fn4KcU7NIaa9uFZmKsbQCMMrbrhh156QSVmIB236k+NqNs8Cv3Sf9XnR3ZWYBOllxFaqIxUNIH30r30MMjtlDKhKAIbDH0mqjj2uv7yQy1PIx+QPZFCUGCVaCn5fkSC8jIvUyCB+BEzNV99eKdR3O3idTEgq1yq1SjrMtHK9LUFkx/k6HJnqJLiTlF6xrk37BNaCMQVxmccHM9jFQXxJ53ZtCYkDINRC4clhvh9QrU0UYltk+YEXDv+q+MXWNT9UED1AeIuM9EqRYC7qRRynSutpRoY0mwE3j8075zuHSe97VfdMEsNX6VjbTzM/mOq1rCA6lqCVjW9SMWbXQQMVqg2DEwTLXkEsqNKWAaCdg+/is9+FNaChWDOayrF0HREKHY9YGXDXN8ZJd/sZ1za6yTn7FvjIurjPUf9rcqqg8iRQuiKzPhG04dgc8VWqWah8mo/O5Kq5zAlpP4xbOdOJQuGNlv44kYErr0ofWrKWRY1OZ0Ep9PLPVXwjAGYBubaw6d4WuPZ5iuWB8ipXEg1iDZPim+OtTwRBx6pCU4rf60NctVymDva8wCkm2rH/36LMh2Y4YF/PnhRa6VULm5oy1tqHnyrcbM1JUHXHJoKHiPa+Uc2IMPjR9j18V7RfKtX8p1yvBSTTNynJC4zh9YCirw5ZgZ2o3Jw2aYyDOQixDXESYojKKmZSe5yUEvyARww3aa4rqGUikk59TyFvdPyh01OHskeCGBM2fV4k32SyBWC6KImPL6TtQWsYakHEy45K1M6M0Lrb4/TrkUG8ZyifCy3uJxupj/rRqStodY3P7FfGmcQy8lv9zVyXm6k+U3vMiZ17UIX4N74b1EfSt5EOMI4N0jVjD8iunBhZbrdqtQccMKQIORiGegdNWnVXKtAQqeaxxDTjN3zLCwC5JcMoCRNxgCF+Vmk7hV54v/rvso12w0khhsmnUm6lVeIKYAjX05Rb3Fd286/pHIfdMCXjOOzUGLlmyljJXOc0rHpa/y/jwclWmk+q3RcbwZsBpUEjC7dkbTETo+SoJRuLU2dibexX/ArnYhVubFI1bIxO4S4QNlY9iy5hpxkb3FnVgD35U8hw2HBF1GqlkA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-07-29 09:04:34,628 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:04:34,628 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090434Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-f680e9a037b0e2169eaf6301dde2fb2fee51ab04|http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c0f4499b838c77d1f85bf639df4c262f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx17f4FOprecxoeLdU4z1l+t3RbxmVx2thYx+xfpiL37e5rwTEm4yvIe56bxg0m+mEChFYcJ60xlK1kpBblQ+VpFnuTO6chDHhIf5mwf8vNetqOUxxNmhjiZwVDGThRIhE1nt3i5U0UQpnQXqEFKCK7Csgv7HiXQrMmD3f7ObA/feR0rVVLrttVMf2MNWj|_eac66b34d262baed99b4e3ec9140870d|
2021-07-29 09:04:40,777 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: OYjvK_FA0x6XIpbExDPnpLJX8mvETLNJNy-IiN-xDwgvP7uxTelrNDht
2021-07-29 09:04:40,777 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:04:40,777 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:04:40,777 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-9fc3da5e4462f70bb4677a24850c9795dad7f05c"
    IssueInstant="2021-07-29T09:04:40.723Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:04:40,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:04:40,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:04:40,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:04:40,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:04:40,783 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:04:40,783 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:04:40,783 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:04:40,783 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:40,784 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:40,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:04:40,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:40,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:40,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:04:40,784 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-9fc3da5e4462f70bb4677a24850c9795dad7f05c', issue instant '2021-07-29T09:04:40.723Z', entityID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:40,785 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:04:40,785 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:04:40,785 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:04:40,785 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:04:40,785 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:04:40,785 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:04:40,785 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:40,785 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:04:40,786 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:04:40,786 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:40,786 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:04:40,786 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:40,786 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:04:40,786 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:04:40,786 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:04:40,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:04:40,791 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:04:40,791 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:04:40.791Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:04:40,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:04:40,792 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:04:40,881 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:40,881 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:40,881 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:41,005 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: NHLNjkeIOFdO4Og9vztzUI1FCCB3cxRrYRKt1-lGjt0_LeacRFotkFDC
2021-07-29 09:04:41,005 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:04:41,005 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:04:41,005 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-394ba48cb571e006eb2706782bde223f6423ee34"
    IssueInstant="2021-07-29T09:04:40.944Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:04:41,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:04:41,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:04:41,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:04:41,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:04:41,006 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:04:41,006 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:04:41,006 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:04:41,006 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:41,007 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:41,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:04:41,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:41,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:04:41,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:04:41,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-394ba48cb571e006eb2706782bde223f6423ee34', issue instant '2021-07-29T09:04:40.944Z', entityID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:41,007 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:04:41,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:04:41,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:04:41,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:04:41,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:04:41,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:04:41,008 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:41,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:04:41,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:04:41,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:04:41,009 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:04:41,009 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:41,009 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:04:41,009 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata
2021-07-29 09:04:41,009 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:04:41,009 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:04:41,009 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:04:41,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:04:41,010 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:04:41,011 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:04:41.011Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:04:41,011 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:04:41,011 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:04:41,011 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:04:41,012 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:04:41,012 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:04:41,012 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:41,012 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:04:41,012 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:04:41,012 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:04:41,012 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:04:41,105 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:41,105 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:41,105 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:44,055 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-07-29 09:04:44,055 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-07-29 09:04:44,055 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@505878520::identifier=morty, context=org.apache.velocity.VelocityContext@17d47f9c]
2021-07-29 09:04:44,056 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@505878520::identifier=morty, context=org.apache.velocity.VelocityContext@17d47f9c]
2021-07-29 09:04:44,058 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 84e948a70b81dad78b2b9a7f5e0891b4c238916efcc2062663401134e8664e9a for principal morty
2021-07-29 09:04:44,058 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 84e948a70b81dad78b2b9a7f5e0891b4c238916efcc2062663401134e8664e9a
2021-07-29 09:04:44,059 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-07-29 09:04:44,059 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:04:44,060 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@60c46e0d'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:04:44,061 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:04:44,153 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.102.87.106'
2021-07-29 09:04:44,153 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:04:44,153 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:04:44,153 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:04:44,153 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:04:44,153 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:04:46,094 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:04:46,094 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:04:46,094 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T090446Z|http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659085486095}'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata]' as '["morty:http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata"]'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@60c46e0d'
2021-07-29 09:04:46,095 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:04:46,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:04:46,096 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:04:46,096 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:04:46,096 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _19405897f0f35674f0ac2b20a2a1864e
2021-07-29 09:04:46,096 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _19405897f0f35674f0ac2b20a2a1864e to Response _d785abf9034ea598a601fa7133737fe8
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _19405897f0f35674f0ac2b20a2a1864e
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-07-29 09:04:46,097 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxODyO0/oDjEA+dx38priXZv6tu2KWcg2kuq4EXAPQbN2XhtzKqGtMxWN61YeickSEOqqfoSIBOWwALJjsl+L0EWIy1UawFsmXD6grExjRUIS2Yprjq3e+CAPsOh/ksNlbmVdYHUYINONoAH7FGCOsyijiVc75UqrwmIgGoOl0Yu1MmXN4JrIS6egpn1B+ with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-394ba48cb571e006eb2706782bde223f6423ee34
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:04:46,098 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _19405897f0f35674f0ac2b20a2a1864e
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _19405897f0f35674f0ac2b20a2a1864e did not already contain Conditions, one was added
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:09:46.095Z, to Assertion _19405897f0f35674f0ac2b20a2a1864e
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _19405897f0f35674f0ac2b20a2a1864e already contained Conditions, nothing was done
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _19405897f0f35674f0ac2b20a2a1864e already contained Conditions, nothing was done
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata as an Audience of the AudienceRestriction
2021-07-29 09:04:46,099 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _19405897f0f35674f0ac2b20a2a1864e
2021-07-29 09:04:46,100 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata to existing session 84e948a70b81dad78b2b9a7f5e0891b4c238916efcc2062663401134e8664e9a
2021-07-29 09:04:46,100 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata in session 84e948a70b81dad78b2b9a7f5e0891b4c238916efcc2062663401134e8664e9a
2021-07-29 09:04:46,100 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:04:46,100 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata and key AAdzZWNyZXQxODyO0/oDjEA+dx38priXZv6tu2KWcg2kuq4EXAPQbN2XhtzKqGtMxWN61YeickSEOqqfoSIBOWwALJjsl+L0EWIy1UawFsmXD6grExjRUIS2Yprjq3e+CAPsOh/ksNlbmVdYHUYINONoAH7FGCOsyijiVc75UqrwmIgGoOl0Yu1MmXN4JrIS6egpn1B+
2021-07-29 09:04:46,100 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:04:46,101 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:04:46,101 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19405897f0f35674f0ac2b20a2a1864e"
2021-07-29 09:04:46,101 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19405897f0f35674f0ac2b20a2a1864e and Element was [saml2:Assertion: null]
2021-07-29 09:04:46,101 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19405897f0f35674f0ac2b20a2a1864e"
2021-07-29 09:04:46,101 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19405897f0f35674f0ac2b20a2a1864e and Element was [saml2:Assertion: null]
2021-07-29 09:04:46,103 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_d785abf9034ea598a601fa7133737fe8"
    InResponseTo="id-394ba48cb571e006eb2706782bde223f6423ee34"
    IssueInstant="2021-07-29T09:04:46.095Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_19405897f0f35674f0ac2b20a2a1864e"
        IssueInstant="2021-07-29T09:04:46.095Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_19405897f0f35674f0ac2b20a2a1864e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>1T01H71xuf9R8HEQ8l3k4RXEGjZKeahEJrf71GZsXPw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Y9+dguw1n8z9B+wYCmBiR46lx4Pl/M0AfzTVcAVEGk95mFrHVKE9afBI/zIUtXQ5gatcEyjom7lanlOAHcQLLTQEM+UOOAVuciuYPjca+RHyj0b5R3z9QnMNL3Jw/TGAk1sp43gdAz+6bEUCgQPfOqRm/dZTTYpKK7ZfaZJSqvSWUi9qMtRfjUHthb1n0lsaV10PB9VpuvCXQdiMqC8dVqmZ/PMyWqR5B0KpziJJDo2hgAGKiYcsvJ1W9ZFIJaV8KDEkhTDx9z1Df+442Ra092SBlrTwW5M59ohQ6ZzrGRv2j7fXp4Hk3DrDzLbqN5/CSDDmQi87Gi4U6nrUGbv9Eg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxODyO0/oDjEA+dx38priXZv6tu2KWcg2kuq4EXAPQbN2XhtzKqGtMxWN61YeickSEOqqfoSIBOWwALJjsl+L0EWIy1UawFsmXD6grExjRUIS2Yprjq3e+CAPsOh/ksNlbmVdYHUYINONoAH7FGCOsyijiVc75UqrwmIgGoOl0Yu1MmXN4JrIS6egpn1B+</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-394ba48cb571e006eb2706782bde223f6423ee34"
                    NotOnOrAfter="2021-07-29T09:09:46.098Z" Recipient="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:04:46.095Z" NotOnOrAfter="2021-07-29T09:09:46.095Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:04:44.058Z" SessionIndex="_a758fd7916e4fad666636b4ef7a705ed">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:04:46,105 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs
2021-07-29 09:04:46,105 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs
2021-07-29 09:04:46,105 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d785abf9034ea598a601fa7133737fe8"
2021-07-29 09:04:46,105 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d785abf9034ea598a601fa7133737fe8 and Element was [saml2p:Response: null]
2021-07-29 09:04:46,105 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d785abf9034ea598a601fa7133737fe8"
2021-07-29 09:04:46,105 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d785abf9034ea598a601fa7133737fe8 and Element was [saml2p:Response: null]
2021-07-29 09:04:46,107 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:04:46,107 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.102.87.106&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;cdpidp-85eukn2dlgpljhwgzdvq&#x2f;saml&#x2f;acs'
2021-07-29 09:04:46,107 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:04:46,107 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'NHLNjkeIOFdO4Og9vztzUI1FCCB3cxRrYRKt1-lGjt0_LeacRFotkFDC', encoded as 'NHLNjkeIOFdO4Og9vztzUI1FCCB3cxRrYRKt1-lGjt0_LeacRFotkFDC'
2021-07-29 09:04:46,109 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/acs"
    ID="_d785abf9034ea598a601fa7133737fe8"
    InResponseTo="id-394ba48cb571e006eb2706782bde223f6423ee34"
    IssueInstant="2021-07-29T09:04:46.095Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d785abf9034ea598a601fa7133737fe8">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>7Vl4xrzisyCUeUXWE9ixvuLuUTkW093Zs6nlCofZ7DM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>aYgKcYX/gpro6LiRYwxeDMjXdropVhE7xOI91095YH4eOPflkH9fzo8OyBPUC3PPWXmldakYJ83Ld9EIT1mbFKB3dGbIt5REu4mdRatf+4V6jEGxpaQKTNwptsUb/TXDT1D6SaTq/bhg7ybOakO0n62v1B2yqeqMg4i3gi6d4FVYgUDFnJWxcRWPGBxjlWqKFb4BhEsSKNf+iqjZf0Vhoo7ENJOhqDoaG2J7mGwp/lSI9U6+qzRk4jVE+xe2DH6kHwxk51VpDD4S+3x7q6jKDdp36h6ubUP0ngvgdVWoi+EUXvAqgXN5UILOy00iSLi7scf0odEulMvWodU2EdJAHg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_f236a55c897ea38787365b3903c1b738"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_054543b1d81fc92e0a11526863ccb1c7"
                    Recipient="http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUay8Y/lqzyNHVGdG8jeH7iOjlv+4wDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA3MjkwODU3MTBaFw0yMjA3MjkwODU3MTBaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMWFPXTBz/te58RBleUcYaTFMHZs2K1TB4qEGHEp9bX8iKq4KAqiH23hAAdep7DyW/ESPwydW9
qhL1iqdK0ZXn5gh+ABYmrirkGWOWXbSes1SsXgBd2WyQbjDXlu3oFfWzj4QuK2unE9xMhREVuKG/
wB74z9MefBTg5ofoDntLfM4BT7KqJL89Hk1S9kI3PaS8685JE7pNaPQ/pQ5Dgp9kM9S4TlnYA5kn
b6xC3jtnQLrLljJgan972hnlrY3fRCq/IG0G2ysLMndsNHlxOn4ky3CaL7DpS+vu72E0Kavvo29I
6jk5Ezl/zL4kFLOnZhyW3Nv2oRIR8eFqu5dsupenAgMBAAGjUzBRMB0GA1UdDgQWBBS6pHwz+M46
OdHN3IeT/UqayqtiOTAfBgNVHSMEGDAWgBS6pHwz+M46OdHN3IeT/UqayqtiOTAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB8FM1xHIpsVM9c9++Ou+SvrQ9Op4U21YABgYYIDQkN
if9xh2/MUlHXso1LLyXbpTP4ws/Sm3gFuAxiMYbrt5SsXzKUqcTx8fOHRHyYqQCIJZuvUAfJZkNI
ENK0u+lErCybK8Qf0B/CfjqRdgA+GtoACiVs6fpQn+58EANU0OKiyq6Q9fm9F50+Ts5rlAcpccCA
RtviysLw8hZDMAFQXAvZjIn1279svOzDkNo0O5cmqMmF7Z1CGjoRVYJvTm3WHp97TUwAIUjn3th2
t2rpJD6O11A2EJejifLbHZkKQs6bt8TKLPsXcH4TXHGLqRf1UDX0zNyYSviIPSOvL/9MhqgT</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>NbMA681pZmTgNS9+BH55Ql8uaOsr1COsway/2YAoS4eSJtYaoGbKxvrCSDRsZPKlqD/hF/5AUtWepqi2mUEsgwbBWQXCrcNq5zpuMHHwZPpmmTdy8P4ybez25ZBWRln1NF3uS0bNmpzy4cSU+oK50UVyDKOTGL9/NklVGNDx/J+iGRktEBeBIBl6gq6Uoqr5RAmnMU/socsE98Tgpa9tEdIbItVd+mSITxS4B6TxdXP+RLd9OPK8q7I5c9Rxe9/RXEQEkFISIY/o581eXLw/QFJFXwrKqY7dLNjtkjEr9AkJqX9V/m6xeNZqYegO68SBrXc2TQTUOkvbBNFdpNp28w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>sg03sXxP0d/MGUbSW6F1Upmhx90Wh54Y80kDxBxO/RGLjEysht8W3bkqzWbR3m8+xdsA4yv8bqE4n38YN+iliw9bPr2BmNauKGJfnTd3y8AFMVYEayupoTjucWFc/FenrQqxQIfcAS7KCXul8BC4l0v0dlUXRpVZBvQvRQJ2tn9pPN+k2eGNHyWyFV3GwLJDIw9rWuNilY8N7gsfl387lx7bc/Iu0qsB6m73XcCMwHUjYKsA5gmbIHCWasJkAEbF6jwUQApvs2X/v+Mb7JgT3jaMwM0deGlZzCa3sDb4LqTDqI/6miyNponGBRWfQPYDaxPS2ZtmJY9yLF5ReF0Lmd9M/CtTaEbtpxoJnih031CueoPybT2bWhxbtSjwe475Y9ZkEFAMRfW1Ldvw9g4cQURQbii5H2tMsTZFSFfNY41nmu930OdIXVd8rIhRNCJ8e73uuqMx+yNXALbFFqHWLWHkatatapWO8ldvaGjt1rR+2660WkxV4kmPE++25PVMJxTvqU+wZMQ5OgdGMvw0tjocavNAKhDc01rIlu6XIY87I3DiB8ZEc52T/uWWUns3d4jvKxavFXmqfCg3v24m44Qu+QfqvokRkONjDq7TJpabUkKVAPgvck/YQtnYQDtQ2GMmWERNYfzHkijw2Ic4ynRKvG5qdgBrZa6YbnrHtK2WCZFQi+W30tKs6AhkLJn0aI115qlIyHw4N6n+fuNkRiar6MyFEw60sGMbrZ3fA4XyJDLqJ64dghedeWKaM/56z6TaEzuu3VLdt/90Dgv3DRYPJZUX42vPPuJBjEs2jEWXbuyPMmdogC4Ponhn7XNaNExb8vZkX3fhrHvW05qS2DpVkT1tEQx6OtyahVas8tgvzqC0whCesb5HSN1y0jRgWo/qGS1QgNVMeEVbGiQoQMu91d1+w51ukybUF7lwuGaff5N8d/X8lHAEu8IQQyZyiGhp0kl7rmD7ea2w5e1aeX+2fNSLxkqTkAZ3koHyVhtqj/EP9XgchlsOVLmUH7hWfvmMd2Q/STZB8hUUogtc5DR1tPW7j0ZbLfgzIkUzztmbi8nMfIA5CFw2oegcRw/vSf/aXCSHeGagC4PBj/k+kntHQFIViGgRmCv2xfLG13ZxvZIPDCOl/KLrktW/WGo9lJg4okfHujLKht2WiA6Y7b8VeG//ZLl+K5Q5MX/MSb81en/Y+9m1dlYq9ha3e8r2K5bVw8UNoV//OjtDGqGyeapSxJExJCov/geQSY71thf9F+rDE4y1/mNnImA6B7MEsaX6kcebD91yHqIwoZxL4SD05xj7vWc6M+S/5819fRAwkr51Og5fuCJu6AJMRlhif9C2/RNGCsQLBftOlSV4g6/cUSC/Lp9hNCQOh1UekHfQSv2egwMxqTt/eQ/1c9kN5AE/EgslV/I3EiHzlvTyRYK+IFuTS95V4zXd1GdQpa5cd413Bl6nJdTMmr479rFxzb1LgZrbHkMSKB8FhepJ2c9W9L+sBntkEE8ZBcyeDSTbBcFotCNmYGIPyGp3aplQbeXSf+t96D2WMdMrSO71ElfLakmb+LTBTLw7FWaBeHgw//uFV3IWkenMGqA9ECZiFoQeiXWrwzwwH/0LoybH4EmYpZf9xuy62ZNFGWXfW4RAXeMl1D7og2tucwHotML4d/51DXm2LmykuFPx0bVfiy8ZT3MdlQsfQTn9AirJq18/nz+3+yyKqDINtPioJdRG75Y5YUB8KxsW1CZdUFS6g1wNzCCBlj/XSqlpOpazFP8m5eC7ykL8DvUuxPRmG9+y7v2Esj/3OrZTzG3fYt1YlCECMs+TLuoATIrUislvWeJDonaR5jY6DFdPBgTx4OaN/0a0Dn5jn3CIP7IOMm0m2ejgm40CiRpUZo3yk5aEf/KlcCoVCAtaP7pIpy+FwMaGBNMXnvnRsYU8evfdRRo+RDXrYfciFzjAhbsh3HJB4f6WK44FC98jf2rIbSSVChlgDyV5x43WjWqpdC72dWN1/B/cnjJkLSh3NZiijvcA0PobIwcNMhYRWolIZWxV721nHDl3Gc4F4TODKau4xg7M5CeQE/DIfE5wZ3uEDoyISBZZxOnfbGXJASWqewHdJKZHvZpgm/pZnHe1FI8k3lXyZdY9/wJ2ws1llcMbT3uU1NwUCyQP4GNcN9Jz54Xu+1q4AZquF/BcNv/GyuUwynTwJ43Ye56gPCivH14zPFevSbJqk19nfLqb9J/wM0ngZdIl2MIrgdrP0FPo53oWgHtZ240s34iybubYSVcHkdC60S85hMIfMGo+bf6BxejC3FP/6CKO80XrROpJtNoC0x7ab7crBZGqDmogPYKzaOcMja+o1ohTcfYBwtGLwW5IR8TYyD2LHjW8iZpr8yojlmqe8FPFAuNNM7SKwiurBcunrkRDTbEa6/r4yfez8uudMPsXvSMl6DIguu0dV0TNn/Uyq5o7GiqOQbba7DN8or06ahtcm5v6uRAUwXzTv5E9LV/GHmIZvnslJ80PHhrMbmlAqnC4jcJVu5iHcT4U0jp0V2ylRuf4MG4VE39oZ6WviI1/lTEKYJezgL3/XupVwfI9CEYjtIaA+Nh4yYcbBEiaU1OCgZVZF0q0PORePmz7wBDpZvhwAM/dg1NwtoPa065X+L7Qgtx3dsZYSAH/2Xljmv2dnNYV7tw4mYJhURaFnJqNLoUz27ZklZPMnL5gHo0QleD7gYtBUNNly7d9i3TocbHiMw5n+quhe7RaXGqKGA3l0iMRgn7IRLYGcCLkYaVkq8+aNnGg1oRLAq3hmbLvIea1SYmDwn3OgtnHcTnKCvXxzAMVL15bpIY+RHpoqzO+5CKrF+SycgUm87Vqbi5P9VnW2c8NHvFTof/zHL9hO4tJMdwohJhIy+1km9uIHO8Dws9AZIKlF4ORj8yXqpy3ChdaKW2jRoijB1LmwGRxIn6k+xMsV07uKqQoSZ6gCnTEwLhnoVkqq5CyrXAh0wVUem/zCFVOhu9ceflTAXmFvhwCtMrmlD4gT1lXA3UgMz+5OSAO1/r31BXDM/oVMdYnXj46MC/8zz2RtE3jrAr8eUHfwleb5fMk4/tCC7ZDqaSmwpmazjWMRFKNigIeuSbpE4a4T1nLukOOyz1Xa9JvjP4uetNVkQDry7Nf/9/iPqpSxW35nFWwcu2m7IH7fvONirZwLaDAb3sSewJYRn4zTv7SKbCtM1hrE6Dw6k70l92z+uiRa1/vqK5sEcdjyXfxCqQ0LL232Pl1dy80Rr4fERI6pghGryzYQRpmS70mFoW9Z7TFUAnqzKO7EeCwann+M9ql0bqWQn+DBDt6ih5OubA1rLfBFmnBhhz/1KD16TpixSAb6v24cBR/KWiz3o/624SGg/4xmFVsTVveNE2YV09HmW+LdYYeymOp+OD0xEXxWJPnjJRVgEmD+ILv8ZRe2/imulGUF+O3hNJnzFBlvmsnbpCGvwe7Q8nKS8rM809KW3WmbtWlEMNzZi8fIp9LBPPQA70ZGv8I2B6RJHP4s61XsTtrZrVzlMbZC4+3PECNf89g/0QrkBHvRW52lpcJGnfgZnx3171TXphq7mYXfro3Z7FSlnJLIrK0wHg6p8ZJYCwCw1WHVequZ6Adf8ILdx7UqxBRy0MznSdSarn4e4BgkACsOYNBckmAnpWaO8sv9BQ+YyLuYQWyWylmqMbL8NMBQP64FN/LXt01YLOUE2F9Matkx04ky6YAkCc8HKZWm1N5qETmZz1CS4nA72SysTA0nF5poDwYZvho3Uw4nJpf7yjyo7P1cuUmRfz/ikGsL7ts7L4Q/T+zg99fQD1LoVxTCgjxKSNNHRrSOtJZK/2MSuIG3PJuA/mgJ/271rL2s/wYWTD4OuRV7uEulKaAAJ5tETqxFQW6swJGtg1IouWuPI8pxX+4BEfU/xaOqjT5ZhMXatcIqdRUWdKpD1bQ+8VgljnmMDaDZAnHPIP1qj9TFXrHH29fzS8gOmNdx3wHwZNWe9yWOCxGXRE/eAj8ug7iUcG7ETIJg4KB4lq9gpBp9nCf9HmRsMxH3KKNAB1qMGySo7PjnKz88SA8Hav9/Lpqn2IkothOXS50jvIbkJRtpbWbR5C99y90uLl6oRBRFU/t752VJoLceNVzt+0Rfo3/4LEeP5KmmSVNTtnh2O4DtYmN6XIsmmaAWF1a3IYKEWv2Yo+cN0f/BO5rHrPGFgx7MBjUCisVn/TQNhDnne/4fX0pLIfsSga+jkThCAcRPYnyDSuSYx7MKOLGmgYLsQeAuKTNLbD88B6elf/d5T3CyP1I1wfgaMIJqaJ2vC69DSXiEDe1E7yV6jBZXWJwnnwtvQtYD6J3TfpNQksKpqJU9QkhAyqqJxPZCobBgBbJDhXIBZyLTJHr94PSRDZnUAPoVSfNl1zpTWbTH0kEytvGrfi9TkkyXedUlgrCz2dUt/IEHIZGTbqnHFvce5u8JIEOmkmnsKfFb8/OpNMO9qIHDKAetkFsFJg1BHs/ax5ZuMEVgRJiYTvs8voS6Q0EIjUnsRGqE74TORdgdS+PMi1T4SPDJr9eNoTI2TcTqzhzMl1qx4ZujcEbinhUKGy1gcv/hEeWQ4XkxCOBSrJsRoy6Tqse4eAgIN2buIprf2R7dl4MaGp92wjVT9LoNd4OUvhIXc+HQc1PwAczxhxsOj97xIBCxB/B/Ey+yD1n65w93nms+1YXaanugj1z/SWYQ9r16o2jL62VqyZG6Y7GkmtkjjmyAz+c6gTRVnF8Jy9H6YpLatOwR8XwLe36vY0yEr+rGs6wDaf9CR89bs5tWiKPXFN+t0Cc/KVXcxqv98zx0TqXV+F55IzQhnlfGVEO/sQwDZ4UpxjRG+J7jW0ITjYkg+Mg49LwAtBjRfeBtYjl+y2ogp0qV20eqiCtuq/ns417LGDlkZL/yugcgZ3WSe9sALS70Iua0Yb4JHEN9DeGvO4OYfVzBKhYHTkyT97ZGeKcqYVY64FAXIOChxolCHiiBKzsyGf10tRs/y35i9cEGQ37cn1bPxRAQJR0ZtGc56vf6c1fcBGNeeRd+yQ0fEnQ+4O1dTf+ayI0MUCaoWADOsVDOO3CyEya2m4mzbzaVX7+I2dbksj/mLncAvMgj3+qp/l/lkglfg92GHLjkCQA5wd0GxNSEHywzEcb671Dz8KV0ks0RQit7MS5yJJR5sCu60P+g7IAtBkN3q7ioZr8k6XCX7uH2kkLawxjEkI7AUiOscEFbF2wFIdkhsMiT1hGpS75sSpPx44bOvaaHEVel0evHeHpf76K34lvOMIVTT7WhpqlmT30Rt4tEqI0oHN4+rQwo8f2XWjk8LRxZTEi4WsrFNfyUs0tpQaHBFPCrXbJeR4Bb7YXdH+wE1/NxGNrhOsZ+C6NoVqa0JSbWhCc7faSUlCQ5qLxhUmhEr4US4oqjUTuy5go5w+4ED5Yr0yBdfxsURnhvzGO1gwZy1b9J2H7jDFqWbXTnAsKZ4WEWjd2G60gBhiGBtrlankppiTkCy4ZZzzPMP6tVRMw1fH73CUL90htUzqHaDpms8J6Ug2MWTw+bOJOoBPP0JJeEC0jBv0lyRGp+SwAVToeR96hWeAXhCPAfHZjh+jEFxMcCVeMDlYE5JWk69HudI4L8bg59TPMd6xQKQJg5UodAb+w1trL+FkdG2ogLdNP5SAhAvzoE2OooHloSTes2FcWXS/h9orlGUId8MqfgaEvau1zE/Ajnc/iQe1adCVqw6fjhRxV+FrNQFdAD4KbjeQ5MSdN+bxhIVOmUCzg2w64E6cKVXK1eVo2RIFs+2FI0yYYZ6u8kHHCVamTWIxi+UiT1uLKIg3DPLF5pv8egeTdfbAFKkPOfsPMiV02VwBasXnCVHVyrYsEvNyU09HghNqkCLFnJoGLnpyyFuvneTauigu/jztdpRlQzAoQIBXe3JjnYk5BSLVmbg5/7BWLiip6ves72Qnpfwl9mPGlN+0GsggzQKygcE+KB2Y5KEmqkrjqBbcy6MdWDfWJThogkUrCR1sLOjHVE04INyTk+5L9azYlFl5yTY5X01jtfDimi03y0v17yFHE9V5NOjE0A+dAjAXeMj+OAq3tJP/oTEpLA0LfEOQArnTPqKb5Y8trWhde739DpffyLI7+LcJZ//UjBdVx0Y+PQsJ8fDAN8JvLK+/tA0+MLg6yGSeU1qeoaUQzL6ReWTFrjTob/dp53RjhhNiJroz9269FGuurTaZVeP9Ql0nZyEkBVCPsFI5JELf1up/jesQBPF0K383XPEcnNDJG/u2t0IlEW9ALqtRxxnnwjSUvDf1O5nJQnYcIZK56QvoomW5Ox8KThxqp5fkuwf7OPHbiGpA4JeJ9Kag/v6+aBB+7k5XCUImz1+WmPPPm5dOriqDUw5ERDps/qFl+4Eemoa4JR4jO+CEOiVo6m9hMDDurw6ETdLbkoQQG9djfIqg7l1nGEyc/mgL60a5J3AW2SLKdpAjHaTZdEMOqmAmA9oMo+/q0BYCKqSK7QrnsemFeus1zLrSzsqQ1UyB/YDT2pk6/UfDdyKPBdJRIpwzcJSea2EBjD8ToBLTxQ0B9V4VAID4TshujJTqoMKduDIZ8V65au7WORWZT5mz2iBQtz/fJOH1MVtkjnNhFWtU7ZwB7WUAgeuvFfrFfbVioekLOppKKp8LvsYrlS6N4bsSlNbqvGpt3Bydfc3eBKdzVt44Hg0F7LYQIycGcKQeOIP2ZkkhAQ8NDG1xPq8toA6+HzHtdXmkdNjhEbNRDX7/wdJhhFqC3Ml/eVKX4iM1umoJE8PlPjfdJ348s/8n0X/2+fxWWAOPEVHUamE3X3j6N/U14oV1Gs3Drd3MDAi/GhC2CcGK5LC9/AYVOjel/1Dj2FEErXBV+tkQmi3qHVxPBEjSENz2/J/e6C5akLqv90jqavsYL1VnLMVgsS+Ycv6lJaDZ69//rdn75iBHXdW7c7tDNKCo+F3exJi1c/XbwD2bBG8lg9pSSYc894HZ6FGp1ALD/X50XtcAPs6WfvV7HKWoyw1cH1L3EYLkBHYF316eagboYc5OY/iNtSw54+cmOZnG2AFCtVx4cY78nGi/8iLw0dmWM4jj2FWrIdbl/rI6qvFkNCIsMBbgfRHvHV999VDMI8kjNFYQbMssKXLIPri4KbopKsMUBVRUl9B8uvrwxMLP8J/mJ9MrbiL7s+JN2VxlP4f+0j3k0osoMg+OCugym6xmMpyd8SuR4ebJ2FgxvTlJi/d+Uv4vbg8ezp/SJx9VyQovpr6LBdYU73ZXLKA3+4uueAusZePN347P7ZMDHUpKTkEuJuMDdqKsaG3fF1zyPbWl38+YYgyXXtn9iGVc8/vWAtnM5Ui1VSoPaMEIcYeT73jTMgiathusbJNW7Iu7iNRoVZUuemBbEk6rcXSd06AgAXm4IhTibLqcZ4XsIfl5DtLDyeqRS+l5f2JH3WM2b8xyL+/fX/08RtPVeuyC1KnZvxmqRIaspmMP9Idqp81vbMO8PGutGHI+fORZHpCsvfrDg3jd5OQt/9cMSMXSiO5F5JWAGeXjcQjmKowhq8tXsZ4LbOgkaWkBk2UtzyuW7dsWi9aRd/MWvR+T2Egs7UkKsPnOPU0oKHf64fSF5N+xEy+DXta7J7dAN7bWP01OsN9nQTUJR9owmJQrTSOIJru2R61Uiirg64pAPMEEKOycohvoGMzJjzFQudzLzdldE5j2ICQG1D1CCrX4DoO7yNNIdtUoUogwKEhyCZYkRjayNmlQlpN+VJ1csrwcc6JHSraKSyeCAmr9smiTenS4DzsrTohZKmPgNjywhuchhpezzdUyF29WqBLjIk/TNGLdPEzQDMfXBHYz/uPeRrS60NA283nkPZaJ9hneANw2lNZxOdDseCWz8GCr0CWRC77As+wkBuiRrhSlMEAQvKYd8hhFUum3b2J3AVl8kkiIYrCeqk+auvO5qMHoKpYu8V7gxFWmEytDVuTRcpJQZ/dl1NX9BQ2mGKyPKiRtAlr0fnwWtWbiz1TPuST1EpBbkF5VKn+K3IzKC2SQGQFhCfwLy8//mkxC22n61VTb6QVCBeFJRS8QiQPNXhwPcaLvbpACvi7jbnSXvuTtO2iEMy29cCMl4vblmMf7VlAUyrN3jjCWmrw2Eafc09vj7fpAMnbMOdEcSXHorouZel4rbfXNt21csS4oJziY09wN7OSoPGzsM3AI/DkssKl7BnXo347c03naKowmFcVB+a2egE8HlELfraMLRWKFElZ7T7ePoH0pc2t5vFLu8DgdMbUhkpq+rOipZZjbTgBurcjXebqw5/7bdbUgmdQ2hbA+f75MJ3gGyyQJIzHLDfzbUUGHoKRKGwRxXEioJGDpIeBTeZWs8pqpgfMbQ1nHF09g2zYQSq+o7y8MpT99ekCCHq8u4lWJ7EIFOs6hmdS4//MdRr2c3yb4mSzsGncgrPp0Hn07i+m5qxxT0vsvk6Qy7r6FY/qsS4gcTqotMNFQbrNzbzjbYkbpsjB4eVCsZ3iiHK5wISFyHQvAsTr24g2OCpO9KWbf/0MRS72b6iat/yCP2rhE=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-07-29 09:04:46,109 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:04:46,109 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090446Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-394ba48cb571e006eb2706782bde223f6423ee34|http://10.102.87.106:8000/v2/sso/saml/cdpidp-85eukn2dlgpljhwgzdvq/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d785abf9034ea598a601fa7133737fe8|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxODyO0/oDjEA+dx38priXZv6tu2KWcg2kuq4EXAPQbN2XhtzKqGtMxWN61YeickSEOqqfoSIBOWwALJjsl+L0EWIy1UawFsmXD6grExjRUIS2Yprjq3e+CAPsOh/ksNlbmVdYHUYINONoAH7FGCOsyijiVc75UqrwmIgGoOl0Yu1MmXN4JrIS6egpn1B+|_19405897f0f35674f0ac2b20a2a1864e|
2021-07-29 09:05:19,917 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:05:19,917 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep" IsPassive="false"
            IssueInstant="2021-07-29T09:05:19.263Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>ikbzcDB7GeasSgdOLBQC40gAawo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>dOdupoI4y4uIaJHscYicZPxKmcPcd9YWPsYf1r3lMmaep1ITWfSL2V5tOrVaxqpeMEkKr/dYe27cP/xJSewk27dpnLc8xHX0XcPHV7gYv7Ug6UzQe3kFuNbaePo79y+/8sI2hRedvkaOdmbTRnDJUOkURaO/p52Gnq1egoUIboQ=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-07-29 09:05:19,930 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2021-07-29 09:05:19,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:05:19,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:05:19,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:05:19,930 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:05:19,930 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:05:19,930 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:05:19,930 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:05:19,930 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:19,931 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-07-29 09:05:19,931 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-07-29 09:05:19,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:05:19,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-07-29 09:05:19,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-07-29 09:05:19,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:05:19,931 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep', issue instant '2021-07-29T09:05:19.263Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep"
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qm1hlh9evxphleuobz9dioikrz7tekhjk7ep and Element was [saml2p:AuthnRequest: null]
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep"
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qm1hlh9evxphleuobz9dioikrz7tekhjk7ep and Element was [saml2p:AuthnRequest: null]
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep"
2021-07-29 09:05:19,932 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:05:19,932 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:05:19,933 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:05:19,933 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:05:19,933 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-07-29 09:05:19,933 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:05:19,933 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:05:19,933 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:05:19,933 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:05:19,933 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:05:19,934 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:05:19,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:05:19,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:05:19,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:05:19,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:05:19,934 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:19,934 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:05:19,934 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:05:19,934 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:05:19,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:05:19,938 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:05:19,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-07-29 09:05:19,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-07-29 09:05:19,938 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:05:19.938Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:05:19,939 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-07-29 09:05:19,940 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:05:19,940 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@130796137::identifier=rick, context=org.apache.velocity.VelocityContext@70f2b2c]
2021-07-29 09:05:19,941 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@130796137::identifier=rick, context=org.apache.velocity.VelocityContext@70f2b2c]
2021-07-29 09:05:19,942 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:05:19,942 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:05:19,942 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:05:19,943 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:05:19,943 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:05:19,943 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:05:19,943 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:05:19,943 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 951a38c6493d68ad3798b052511b6748c8f6d6cedf09f893841887caa1ee2449 for principal rick
2021-07-29 09:05:19,943 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 951a38c6493d68ad3798b052511b6748c8f6d6cedf09f893841887caa1ee2449
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:05:19,944 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:05:19,945 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:05:19,946 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:05:19,947 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:05:19,947 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _fc393032f0aceb31264c6f1c72199eb4
2021-07-29 09:05:19,947 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _fc393032f0aceb31264c6f1c72199eb4 to Response _ad85e32b751d25efa4e9b3d52391b429
2021-07-29 09:05:19,947 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _fc393032f0aceb31264c6f1c72199eb4
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:05:19,948 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxSdP1B1DYQRfyDrSNFaTYCyBbHUZyhHOy2oyoKZQXQjVvYqfNoisIHGdBjpAeaa+y7G6Q2am9VmjgqBii0Z2cnk22NmhirfJwMDTu+jz5lrel8BHZj4JzZTLV8VYqoUw4sOFnuxIZPlXTpLLM with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _qm1hlh9evxphleuobz9dioikrz7tekhjk7ep
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:05:19,949 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _fc393032f0aceb31264c6f1c72199eb4
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _fc393032f0aceb31264c6f1c72199eb4 did not already contain Conditions, one was added
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:10:19.945Z, to Assertion _fc393032f0aceb31264c6f1c72199eb4
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _fc393032f0aceb31264c6f1c72199eb4 already contained Conditions, nothing was done
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _fc393032f0aceb31264c6f1c72199eb4 already contained Conditions, nothing was done
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-07-29 09:05:19,950 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _fc393032f0aceb31264c6f1c72199eb4
2021-07-29 09:05:19,951 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _fc393032f0aceb31264c6f1c72199eb4 did not already contain Advice, one was added
2021-07-29 09:05:19,953 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 951a38c6493d68ad3798b052511b6748c8f6d6cedf09f893841887caa1ee2449
2021-07-29 09:05:19,953 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 951a38c6493d68ad3798b052511b6748c8f6d6cedf09f893841887caa1ee2449
2021-07-29 09:05:19,953 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:05:19,954 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxSdP1B1DYQRfyDrSNFaTYCyBbHUZyhHOy2oyoKZQXQjVvYqfNoisIHGdBjpAeaa+y7G6Q2am9VmjgqBii0Z2cnk22NmhirfJwMDTu+jz5lrel8BHZj4JzZTLV8VYqoUw4sOFnuxIZPlXTpLLM
2021-07-29 09:05:19,954 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:05:19,954 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:05:19,955 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fc393032f0aceb31264c6f1c72199eb4"
2021-07-29 09:05:19,955 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fc393032f0aceb31264c6f1c72199eb4 and Element was [saml2:Assertion: null]
2021-07-29 09:05:19,955 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fc393032f0aceb31264c6f1c72199eb4"
2021-07-29 09:05:19,955 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fc393032f0aceb31264c6f1c72199eb4 and Element was [saml2:Assertion: null]
2021-07-29 09:05:19,957 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_ad85e32b751d25efa4e9b3d52391b429"
    InResponseTo="_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep"
    IssueInstant="2021-07-29T09:05:19.945Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_fc393032f0aceb31264c6f1c72199eb4"
        IssueInstant="2021-07-29T09:05:19.945Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_fc393032f0aceb31264c6f1c72199eb4">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>JUaAEBGMPb5/TsZIeo/KWLRxYObh80zu5hQnJ9F/gJ8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>dIoYXRiVKd65hpi0w0FGuOsY40X9D+JF5XbTI8/TWJgKP1nq/IQ625qGsT8NJcTb7Qugajf052/7XO5+vglf7gYPDiuZnFbuijpeo5nyFfWq35WgNAtW+VIHU0e1Uaeq2bQdsin1eaz/HKqVWcUSmWqGQXDkf2dDXuZw4MNVb7NNJY42OdCls0CPEx0XlkLSpWDQSumE2nNuzHWoaw+iKuE+E3N77s51Z+Lo8C2a2kA0fe8b97cqjuaW3alVYF21HOfA2Zrv9ONe8nlJjmz68acgDr13wWhtgqrxMom+BfH1c1TuH4Zhwanm5FY9TXTGItkZenyLRz0iMULEmo2mzQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxSdP1B1DYQRfyDrSNFaTYCyBbHUZyhHOy2oyoKZQXQjVvYqfNoisIHGdBjpAeaa+y7G6Q2am9VmjgqBii0Z2cnk22NmhirfJwMDTu+jz5lrel8BHZj4JzZTLV8VYqoUw4sOFnuxIZPlXTpLLM</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep"
                    NotOnOrAfter="2021-07-29T09:10:19.949Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:05:19.945Z" NotOnOrAfter="2021-07-29T09:10:19.945Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">qR/Lq+DATNVTZkZUiZ51V3QPttLSTha8EVJMFXmMU2A=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:05:19.942Z" SessionIndex="_9e61c056576418db46a005a02319877f">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:05:19,958 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:05:19,958 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:05:19,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ad85e32b751d25efa4e9b3d52391b429"
2021-07-29 09:05:19,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ad85e32b751d25efa4e9b3d52391b429 and Element was [saml2p:Response: null]
2021-07-29 09:05:19,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ad85e32b751d25efa4e9b3d52391b429"
2021-07-29 09:05:19,959 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ad85e32b751d25efa4e9b3d52391b429 and Element was [saml2p:Response: null]
2021-07-29 09:05:19,961 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-07-29 09:05:19,962 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">qR/Lq+DATNVTZkZUiZ51V3QPttLSTha8EVJMFXmMU2A=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_ad85e32b751d25efa4e9b3d52391b429"
            InResponseTo="_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep"
            IssueInstant="2021-07-29T09:05:19.945Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_ad85e32b751d25efa4e9b3d52391b429">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>yfPwyh3ob4GhDtAXhTaAHnw8FBCvuSsJeBTu0Fk8C8Y=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>QGQMPlE9VgKwN/EMxXU/htY9ISov4Kr8YNp9pTA+sLjNPmVO7B0kmrQkxx+aTGQQMq4KkEaC0tDl7iG9HAVumjuMtagjKpo4dgU6p38A0BJ2AT4n/hrTKLoRhzA5P/+gdSCe31520i4LDfGUag3ZrytLj1zxZRBd5hFFJcLb4gkW6ElfvNakhu4DN/s66IaPWcMJyYmteXmNiQhpebcyqDiGtTF8srLoKFvt8Y3/g+zOKJHHKVOwEFOodHTCKXVmPV2h9Ag7JH5wH18YnTyDZMvAkDb44hyzgaB32Gzj54b799GziGZFYMvQGIpcevFSct8rgqJuqXqxsrSGOYfFXg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_98502e3f5011c51b790f6d53feb32cc1"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_cbf8c3453fcffde0cba4e60f1449504b"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>fl8D6FNreUgC6QhmG4PpLYWwFIH7r9DJ948NgbmmYqngluUbblVx57AK5AhiLKuBLwQazr7Adq87KNxJqoee/E/c39Gg3fF0AG/KkzT32AjUmQhfEqyVvN4walXbdpNiBYXTu3iOj+5oYMnD+UMSfLWvycIKEMx/K4SzTKkNDJ0=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>taILrQivn2CLYPHDsK4zSdLdnSi2LoLRC2sCtWfoLRV4LuUOur4RNGeVrWkjKwRvr17jyOCJGtVeZT2HY4kGarsR+p2NHe2wdsa/vbBNvKOy4fDIPWxmoBWSp5CHfh/616Z+AxngV7yof2Eu1XNQ9+ntJvYRGSqONpjSghl+YHM8qocU/PeFFJCvHaB/vj0a6luRraKJPTRghyfpE3C+VSg9KSMRDCFrP/e/gssvGK42Q7qNkh8ltlmvt7VgglEevSrgbA7Mc4h90F203jWVwIoLzGmj9lcJpAjUdsojDTWBnbmEA04fORf2rQnc/C3hcIsLCU7RSeGcKIw0q710g/zz3WNZX1/F2p8U6nitlzZqszwZGJV8p9IWEDIAy6+5eNeNZsDsciW30nS7fJBlAKlQiGlbm3haV/Fu+rgXdvx+V1mKm3Pjh35fFGeLJhMCwjNRJzOAYj9d/bskuHvK6pFWmucwzGjD5/hoqwNEwINibi/Vv6ZUL4QskJrmHn7dDcuDlVF6H6f81E5CG0nRIOSVsg470u2iWAM74ZwoRd/nG/SxsydQdve/0mKL9bpLwsxmY1GVU+q+kqK8NdgrrLq/VP+3dzG/SkAGg/A4X4w/k0OiW2ghxtVRLN5zyCmRfnwb1rw8J91akU8x4K8YpVfStrqWusxrcPKKw141kr/Pmq1wiBM2COFtul9m4iBgLePiJ8hIKM7syHLvS9R0ORLuGHPpYH8paT9j9BbFExEKo3xNyhWKLIZDV3ZfrtubmeNAwgvD6nugkB2h+ENemxPu9h9BphHHUSOaKMI2OGT7cS2RzAfCn8uKhjhb5J7EJsf8jfuoGnUdxzkJaAwBkGd59sjkgKEBuyfQcWAWV01TpXzkdlCS8Op+p5SRLqQ8BDJD71a8d9jpTEbbD61Rjm5FG2rzwrgMjWRZipAxyDKm+PT1fOZOrDdgI4jH/35gvaHVBlbyC11uGeePd6gK8i57ZVDbwMu36dHDh11tu9esiCc96omIeRN1kmCkrRGG/aG4eoFnUGeH/ZokJHat1gY3UR5qozf3bGz8XbTGbber/z8PIGzl05Mtzllip8Fr393s9ymUm3BTDRLtmekLKwTJFA0BYYYDotiKAFilxLzFUcBd7h+rE5KoAWcmoRXkgvN8OXQSZfp53z+ZFHEmz3tMmFw93emtajdEKqEOcopAvAkTaQXm3ysZeImcTFNYAhHSfWOQen5UiFaVlzr+xWqsruJlQSXfcouhFP2ToVF5qinh7VS9WU2Yz+Rb0Xbbh6zHIgvc3D2h3fZk2Nc7BZzJdEDZV97CTlipsJZpBNNtcqqqyZFxMjr8Z7WElPrH4ThKrUa3GuVKUEqMddWsQ0C+CvMo584dR2YtAeiiDGohO/5LarwJz+hzD3UfO7S5JKnWDm+I39SJ/FOo4YnjfY3r8jMuZU9XPerNPu26EqjjL400URU+tYmUArCij25RTwhdXLn4a4RqQlnJUUqZvPPo9ijddnYwGlrWPfo07J7O8c/qxu17WeKCwVAZ4cFM3a5k9iu1A7vZZdv2s5tqvsjJErUt/Nitc8z0QzxFS87Bk7udqLFPBc0q3Bxdp7+HVLK4uNPH1vxCv7VsGPKa+P6i+U46GK42vnyXzqbf4IiC2cgv12FxGm3+9X1xcXaGJWWetksPNaGi0hYYnk24ucZ4gyfeUydS+Y3p0YtW/dk2F3HCexJ/fOm4HRLAWckdBU+Xe65PxRB3AK5uUbnke4tweoNDKt1m6MAQ90uv66FLqy6yIExnSJrToi/A/66botWDbxkN7359rasAIt5ZsGQGGnIzyzyOaRMHx0zs5458uNlP1fqX45+oUpfm/ZXDy8Ajw1WNwXxryWF2kgx8G92WWDekTB2vX6EN/QeW1hYVw2RaFi5msiFTg4lAx4P6dwk6axku5h3CrwG+OAwBky7yoxHDSzDI36F4H81j241nykX31R/6z8YMs1/2FBXSXtH0MoUAf9v0u9uKhg5RKLwG2tGiaXul1T+em19fWuvI8S3d3cwXiqT4XStws0en6qcadUuNFzzTbJGvgWQdGgjYORPyic83hvyid8TpqE//FlDb9MIoVWvjbaOIETrUFxTZdruGeE8VeJ941rkwef6zZM5sOhLoXXEIGlE+FcrDp/jkCORXm7iawUCFZk0KKandUj8JnzgtTp0XsW9J9u4nXh9ee3BX7dGg7o0F571bO+UlEH0Rmlo6MM5MZ/re7bSHZo3Fcc/Bf6OYL5uEyn/vd4i+B4mT242xRmHan1TRcMpYbdjrxulR3iRvSvcoQQnFL1F2eCNqFFn6uEQQ6/6++S7hvBvMEJmyfsNPtcBBdQJus8mIIaxOEcukmrCoTLDNAmwOXDiagry0c8a4e8VsSDBVKPSq8WbDlxF66LlG/rufpR1vlOH3gIhYARvSe/SwsrJ1bKtF04lvxaPJzWmT9hJz9Ki/nJic2lmw6eexQIwUQhdcwvVDMg3DpBkW4GetoC9sshfeTcMcY8IohbCnQpnvW6zAvEBRYFgKc4OYK4yToDuJ9u16cwqQMuE84XqdRjjNXZrjvZ2WajKDrMzDWox4pc2TR/GULg7yAAhmoWmGxyEUVRuWuXa0ESZcCRDv/lnwwTE8f2GaCktWAxyprhRTUnyS4jF7S2DlA+pN1++MlDdlPfa5vS529Y9s07zuRJtjeJyV3/k+FnwJM+ypnJ/7twGBpc7PFRDy6GvRhYYj1h2n2J1f4pp40jzs5MHSNycFWCOVkVzozHELB7iFGsVMvB31gtlV10N4BK1+e/kkbMb0BzC2QxqtbNs94H0pKO7ItgbNITF8RSlWBly6KhZKjAshkNiHl0iNJppztr2hPcvB+hnSvlNvB9Bb1gR0Q2afsXCzH1v6wBhKuO9WspaL7OshpjDI9QmyEfAFKf7On3wRPUoezZOiLGs/zBgJxKU49NefgUIKOBjkAl7pNE5oRQfPINpGP0Jn7pyR1IR7EhkR189YnkYbh366Dnk7wCqJRrlov7q//2KnrSwLcXTICWjcwNXkAWWOw4Q9GNCcrAHixdkZ5Vytv5eRrFq2klmrNR+RxpqS7G9KMGgSk9OTuvhSiEdenVwGTH/3DPPp4MBEM8tFgM3hC9tu9/p8cm2aUQfSJMYHSKWUO6h9gT/0Vl/WyEjjC/+KF74bvtURzrcDpL5/DjYWKFWz1GE9pou+yyNmQHavK5vsgq66I9FH/LvBbxG0LJrFYerdLBQbnSVPZoAnJlDQ3lDUXdGjp+08f+FLouie+z2b1u/K39UjaoVDe8D/qQdLpkAYRcG7EMMF7Cz/TzlelkEm2azlzzxYMmjjo0xYbRxCpeqvb02S6RnKpxp9o63poPL1B09yMRLw2nBszqtky9gtYwEaYvkPgMtqMpSPHKEkdMQxjFQEyzvF1Cb7pn4vmorFH7y4EV0qkKdsj9nlDXBWw4ePl1zTkvSIrk/45vKAdodTgdA9nC1pKkK70RFaF3mJWZVhx6HKZhYhMj26fEd+R/R4fqvoP75a+2979AoNROaVvfelqHU7sch3pzn8gMvJUs3XOKyxexy59gRz8TM8KrLhfFqyuF5dkADE9LEN02jy1smUOgpsQVcgAM0UTUE22KvrX4ylh60vZAdJm2oN6K7WVA72+F2hwgbXIphZ22tcYtSmIG8mxtyaEVERmywyzPzBEpOBiEKJ8e6qdI6vj9x4XcmppE//fpz18t2WChzURwmpEAecuho1JjnfDhgZReQBsOt2WyryEqN9t0EtXtgUxydxae0q+8uP1bFfpqunU2LugddX3G9UO+vFrxODoA4TcBl+sXm5+mcYz3K38R3yzumARtIR9OD0fVHAhU8XTzFPHKQQuDx8sDatJGUBQM1sE6mm36nmcbwJFDxkxngNjd/v2znDw+WKqhTQ0TXGR8qz7jkPJMz1Ii1oCq7g5FGSkWzkDwkmhZxdplpQSY0ebfvNF7B/kZ19gAjbsrRWUMzXNv82YHHGpVVltAk9NpmIq3rDXjkZyaTnskOWioiShq3LpisFcbF9Zytqsys9fEUoLfGCYKphrIyNmcZT0FRjBI2DmBw+cT8Br8nDUlka0Bs+M6qyV8WJ7hYzKjKSKqmQ21xUeYY1PSXNO1p3vm49yIjL5F9UlGzO2qHx9/iybnPApyHi8jhLHmBb0g+50SSyOQdTMWBSePbDX/zOL/EG2uLEzaS/2RwoKNsvMAkVv9/5eVqGdzEUnUbozOgpK1+f7YkgKMYMZXTchCMAM8qh1OTndX1dhxYa14/PLr/rk43qfNuMi/wFWNby1lAJzy6ICAymTlluaiTckMbIiYekZ0k8eMMX7df0l6rqDAX6lJlJn1JSUGbiwBPM5PiRC+yuYZntzCN4nVpQg/PUGa3UnQwrq5hP+gyE1pqf/o3laSJoYqrTQqtli7yIqcUBcg+Wp9dSBwhblrfIwCIhpl2zWxpl9t0mGm0sebB7uvjEsPJcEKrHQF+E9nr8n2uJfZDiPe3gAjmx9IJ/6cyYP5zALjZp8tyTwPCREsPIvGSfY3RyXSHmi3aHcp1lI0/7eOmObVgTmp6g4wJpBxXHRS73CVpN9KY7vNrEw1MonqKVqYX3SufX4rENPjfPMDCJvZbe2oaD7ahjnczLPWqMdgPny9BMy2kioTkQOwyglSlioIxZVocNOCC//DKh9JKiwKrAASYD7Bb5m9JS6e0B45L7yI44n3nyax2zhwjU8Moq+wfAZ/BgB0Hcuj+zNwiD4TsaN271tHCgRTFGfALteSXBEEAJqrkk1c720ic6gNcNj6974kjeSM0ElVSj48Mlz6AHXKE5KMfijctcmUkNhTssthpJOHp3Vo95LFe3vWo0K3utXNyttHlob0yaBjIzoFYBQoSY3/CkMwAdpYMuLuGlE4JO5AYOSA3NZwC9eFOS6LLp9WyfGI6KeCt8MVx57rq5L2lG6hAm8rlWww66QCuA725GMha6A3v8LnscIzjo407GW/fICWgADsQGk/ROrLgh42Q/scbL6IEec4WRv6qU3l/hu2uUOX+dFR+YVVRfsIdGRSIBzgE7ecQsVbG8IGDjvfT71lVLr3n6kEYC7CP5e7DICXcqzOCQCFar5wL55aHA19YtiWwVHVItXrzFz/ld+2cIQ7IwiszBu9gNolBGI1PbMlaJ+nA2taOVrZAmDnI+x9hLA3YfgT2ZiNLFdqx3uMCwURk8G/BflGwrwbseztzqOO9t9Y2UhjAyorHD2GKBRv/2jwLTOzQ25phG9SqV5DStN9+OPxF5l+iNGMYEzc4Py9JxFXyx3qzUCUbOiSILa4pX/SjlOac5mtFJlxZqxBiYA+sqEB4CfHT2/z/U8GPCY1xgnYvC20DtYwWFwHeIOeTfoW/nYLEYQ0FuAfHWb4VsnOMiNnYuoYGlPlYgvkVjWa+80HhQ21f51eTBUNes/0LPnvRgAPx8/TNYlb/EHEv0ij7JKmThqoU/w04EvzzvwN85DfRC5r1mwqzirXLZF/XJY/hCniUj5euhpz/5aqdF34kNzO08b/DCvE7sPjW2PAWkMTb2AHA/AT7sjxmCPH5wg02h/8rQP3pam0CtlAr/hQjMM5JV/WcEsaDfXWhJa+hTQ/Azu9zbaisdcI59AlFjF8UHEzBtqh87eMLRULexvuHbb4WGWwFzgVL3EStp388WPg8FM6hvdPYMoiM771KPEDKOMD19hnSsYeogrkMDa02LvjUYcdMjSmDKcFgSivvJ7KzoGVebFmuCLsVuD0CohFSgc2WZiNILN6g1jYHzHs/Iwu6kigLaR8xeDgDUTg7PL8Lc7ZlGVReBihVSiVXA3W5u+dS65XueUuoYB0BxdRoc7PMl6g4oQLm4LyBpwjwXW6/adyJ7OtkIbF52VHd8YGm84UXPRagRvlGx+fmau/Q27IEfuiBhqcq7xE7lFLIWzdpdaIMbiGrQzvazsNEQp4h/zRABR4MtK8yfYFhNF0trhuT3Rb5cQGLp7A2uJOgd85T+yAJTqlUjmTtRv4VB0gTfbw9Klyc/EpNk9Gkk04tb0ZO157w7vj5lX+YXpAcohK7lxWWx3i4FuUNVW5T3ii6Y4T+pxYVFApzfLwUsmI+OQJAFw+EWuRBK07JJoNkCHoEC+bw9eIL+DIij446Yh19g23J3i5IvS1GMHRBXoeVDJtasi+kRzU2fYLDKobZa9h9ybQo4aKY5NP7yGSGWG4oErvIaiaBcDoV8mXSb9eJr8adB6AY7uPEqoSmna4N37GNc2veCwghIqQ4c6xzuM+OyoRSDIBusL2Ao7ljLEggerfiOj+WptwWk6WR8GTKU3DRhHz78po694GbXT1pk/0RtdRCWEKYW/SPqdTZTFQHelwViAvHoTt8ZVlkZZrCxsnUqky834fhoSat6xEX/iSKEWz9sG10g0KSMk8NVo9mJkBmkgGZImt9EH6px4Gdipa/5RB/nuOFSoUi36lQy7lRVS94DsJwncWpfFimNp76HTPUnIVPGg4Fn8EjTFMp6FDliUQ4EAZcrgjbz81zaeJpoEZQuUiS8HM1R6ELoX58DfplRqfMNjfvNqyNTtJK9WboyTW4gfZeldWiy9rYB5Ctn5pQ/SDmmiZNiSjkL9s99h7ph9HreqBfDjGVsGW0kxcGZhnvTmictDFA3ccoiVctZqgfxatqPZmsQ+64spsYZws8kNT3HQm1IADOD9VIWplhuDFOTKO2RXt+m+DS9AL8PfJBxk2SzJzEUMUsNJdHNoj+VNq43woaAWbcSTsmafyFTmUrBn3sLFG9kqD+N9aL2+oxxqKdX38fX92SCTTDWp1jqGsk8qIuTJWCe2VbvJ7At3anf2kzOY2HJIbDuU1/9xw4a9C4zqdTU3/Of8kFp+EEJVHFg/qHHoTlWUPD/OorRqnoaHOHDzh4OWhxUFfSvm2dtdCtDuVjApA82e8TEUHCRK6Qyvi82aVvwogDZUzXPNuUPTHaTkF1jyMzHWBXDv0ERyD+5tjJFhzBCdfYGSf5C7LdrjMgLNW3oC4XjEDIHjBbD+fuB+roFi0X0lSaRXPWWvBGuIDTA/WIxr6oetolS0kt3kDCYBtzng8DT1mxXkjenR/25RiZ4qhF9/RASvjKCwlBLGGn+XnPxGQpHdxnVx8W1bFUqDdmwCqd3LcrxL56IYy6vBVmvmgqO9QWzJr6zb4JLkpSJxr+/BkXP7poLMN2XttCfWB+FUL8WlaEl8Q4sPo4FlXIFPmAwu1YdCAo+ZEwLgC/FmqZM4z4+B0OhX6tVDi+f5td8cJ2vsLtED4wXuzCdD9PMXrsQfNhU0E8vQETbqHlrR9hd8d9x2hUz94OftG+Fd7uiRiFMJ4uAGVXy830yAQvRdo24BEqVG3JCErIh5TRycNFHGr6lM4gkP0D/ZdFbYE+UOKHYLNIX7aTSd26KqMMibYCqxdy5pd/qnPf46xYSZCtY1N0MTQRlaN/8zvcoDD5Hp6p8bu4HF/J5uAPwh573FObzO7iSf+WX/Vcfi/jo6J7HmUpHpzexp2dTXKlQ6L+L8DYtflTVds99BfcEDScCMsB8upPkZsG730p3F+pv0wGTz7SiAmT5z1nIh8Siq/Ki3hj5ONPP6r1/5X9/ArabmmsdFRVeb6n2EL12WirO+rZ016khBcja4YhiPHaaYjDvlaebEAZX265aTExSsYSZlDNbOLwrXyaxQCmmA73yXhhga5uJygZ8kU5ZDY9g4WO8IqHnDmGGh4Y+FAx6SGja7ObO3Y/2I8T5uLpkUISQUw+bid8YPbua02anfnJiFJNn/6J/kdXHHWmJ6zoMYYDsBZ/hHYecXRMET9B3dzk5qxFGtbuWLijbUH8mLw/u0XeUETwlE0vDfObevZNmuqEuYpGZVpHey8AafrIL+3AjRswLxxj7hFG8KYFTB4DDwNNT63gLn9EuEPDyYOg/aTmZAfCKQ6s53SOeXT4z6f0p8Bt84mLljC3nRV08j6OJAaCEyPo3GxcBGfyQm8DVuBT5dy9RqhOGfiUx/BMV6KFp5w2ddMl6714JodicwMKhHf7huOPGbcMfpODwbcTNvlXHgsOBX/6GcR0y1zGFIEm08dZpCcSc4YteOO5F96VVHNOGWtRehyxpnn7DF/JbfGa+gfoM3dwaWKQybRecFTOnEoOMZnPR79wDFsDODK50lu3aBWICrIaTVMc+MSc/o3B0JoDvm5wsbCIaDqUzgi6IKzx6IH2JeIanZHx9JXpJEc9dZBkBGcX34yYxssvay/vu+awMNGmiCK/tsaeoXIUhPlumRu08c/kCbPkWrIs1n4P4WMSaEnQv2DUZ3NA3BDcYrJHpsExOHDGHlgMMsW760x1ducfrr2fJ5bWl04SswcqGwdglaEUHGMwEyHQ4nHgkHsQtxuKibz97VK/IuAugDVGG5VkC39xBkVmDVly5SV3IMOpqYXYT5kwT4sX2WBVUrKLhQNNQ/dV7rcl1tAe9gEtQMw9DOVIpNgm24qrmySfQFD0ekUxJflnygtXB0noLIfOd+TzElL0iUbcCsf410S62E1r572JV3fhsqxaXR7L+gLQuEPVAYg8xr8FM8o8ogkS/l8I2azg6Sw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-07-29 09:05:19,962 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:05:19,962 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090519Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_qm1hlh9evxphleuobz9dioikrz7tekhjk7ep|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_ad85e32b751d25efa4e9b3d52391b429|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxSdP1B1DYQRfyDrSNFaTYCyBbHUZyhHOy2oyoKZQXQjVvYqfNoisIHGdBjpAeaa+y7G6Q2am9VmjgqBii0Z2cnk22NmhirfJwMDTu+jz5lrel8BHZj4JzZTLV8VYqoUw4sOFnuxIZPlXTpLLM|_fc393032f0aceb31264c6f1c72199eb4|
2021-07-29 09:05:22,338 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:05:22,338 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_obdeli49hjao9es7rx7xalvys92ko789rws4" IsPassive="false"
            IssueInstant="2021-07-29T09:05:21.686Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_obdeli49hjao9es7rx7xalvys92ko789rws4">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>e9Qas14ZmHcsWyTlG7VvLXq2mxo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Z6dMg2oheR+nt3dlGChRQl8+iYwmwBOW9zviIfBP/g3VUo34YDJAmsHxQZH8hdZOH941pGt9p8CjxGB/Sq6lY9lGZ9M8RMwrQu/Lgo/rT4Zxzk9R4M/SwqCFs5e4p4nlxF9ZXlXOfEXRKKQNh4GILI7ItqLJdvQTKSTZEHeItLk=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-07-29 09:05:22,339 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:05:22,339 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:05:22,339 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:05:22,339 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:05:22,339 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:05:22,339 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:05:22,339 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:05:22,339 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:22,339 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-07-29 09:05:22,339 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_obdeli49hjao9es7rx7xalvys92ko789rws4', issue instant '2021-07-29T09:05:21.686Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:05:22,340 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:05:22,340 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-07-29 09:05:22,340 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-07-29 09:05:22,340 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-07-29 09:05:22,340 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_obdeli49hjao9es7rx7xalvys92ko789rws4"
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _obdeli49hjao9es7rx7xalvys92ko789rws4 and Element was [saml2p:AuthnRequest: null]
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_obdeli49hjao9es7rx7xalvys92ko789rws4"
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _obdeli49hjao9es7rx7xalvys92ko789rws4 and Element was [saml2p:AuthnRequest: null]
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_obdeli49hjao9es7rx7xalvys92ko789rws4"
2021-07-29 09:05:22,341 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-07-29 09:05:22,341 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-07-29 09:05:22,341 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-07-29 09:05:22,341 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:05:22,342 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:05:22,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:05:22,351 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:05:22,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-07-29 09:05:22,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:05:22.352Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:05:22,352 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:05:22,353 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-07-29 09:05:22,353 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:05:22,353 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1963358380::identifier=rick, context=org.apache.velocity.VelocityContext@56f82af4]
2021-07-29 09:05:22,354 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1963358380::identifier=rick, context=org.apache.velocity.VelocityContext@56f82af4]
2021-07-29 09:05:22,355 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:05:22,355 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:05:22,355 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:05:22,355 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:05:22,356 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:05:22,356 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:05:22,356 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:05:22,356 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session a0b5c438be2867c6cca09611a2badd1eaa1da5b2881b2a8a660ea28c52068a81 for principal rick
2021-07-29 09:05:22,356 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session a0b5c438be2867c6cca09611a2badd1eaa1da5b2881b2a8a660ea28c52068a81
2021-07-29 09:05:22,356 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:05:22,357 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:05:22,357 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:05:22,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:05:22,359 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:05:22,359 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200
2021-07-29 09:05:22,359 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200 to Response _5eb16ab09e0dc170eb75cebf98f4cc02
2021-07-29 09:05:22,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:05:22,360 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx/BZQS8k6rZi2buGdhCepNk1Sra5DsZ7nRGaKgn4EOsfWC7XA4SpYLjra3c+nUpTVJe52no1yiLLKnEg128T6bEs+5ctDmOAykEnMdgEqh9noJCgHBwCYwUwRmJ2FmwqlJyrlM80dvB6vjPFe with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _obdeli49hjao9es7rx7xalvys92ko789rws4
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200
2021-07-29 09:05:22,361 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200 did not already contain Conditions, one was added
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:10:22.357Z, to Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200 already contained Conditions, nothing was done
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200 already contained Conditions, nothing was done
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200
2021-07-29 09:05:22,362 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _5b7d4aa41b5b6dcbc0b7addcbc1aa200 did not already contain Advice, one was added
2021-07-29 09:05:22,363 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session a0b5c438be2867c6cca09611a2badd1eaa1da5b2881b2a8a660ea28c52068a81
2021-07-29 09:05:22,363 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session a0b5c438be2867c6cca09611a2badd1eaa1da5b2881b2a8a660ea28c52068a81
2021-07-29 09:05:22,363 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:05:22,363 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQx/BZQS8k6rZi2buGdhCepNk1Sra5DsZ7nRGaKgn4EOsfWC7XA4SpYLjra3c+nUpTVJe52no1yiLLKnEg128T6bEs+5ctDmOAykEnMdgEqh9noJCgHBwCYwUwRmJ2FmwqlJyrlM80dvB6vjPFe
2021-07-29 09:05:22,363 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:05:22,364 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:05:22,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5b7d4aa41b5b6dcbc0b7addcbc1aa200"
2021-07-29 09:05:22,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5b7d4aa41b5b6dcbc0b7addcbc1aa200 and Element was [saml2:Assertion: null]
2021-07-29 09:05:22,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5b7d4aa41b5b6dcbc0b7addcbc1aa200"
2021-07-29 09:05:22,364 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5b7d4aa41b5b6dcbc0b7addcbc1aa200 and Element was [saml2:Assertion: null]
2021-07-29 09:05:22,367 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5eb16ab09e0dc170eb75cebf98f4cc02"
    InResponseTo="_obdeli49hjao9es7rx7xalvys92ko789rws4"
    IssueInstant="2021-07-29T09:05:22.357Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5b7d4aa41b5b6dcbc0b7addcbc1aa200"
        IssueInstant="2021-07-29T09:05:22.357Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_5b7d4aa41b5b6dcbc0b7addcbc1aa200">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>WHkrwOCNuj+YInpwpBSA6BZWmj9SoUbHMxNs22ZyChw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Di2/tBWzRKQG4ybKXWPmVahNNlR44UiohYPOlX5nqOzqhS0KKC9DUA9+XYqMNKPNIfUf/iEjQZI+REyalqSPCLvPvdkDvzgYnJSzgWIZULub6zljGw+zRWoNEyAof1TcCLYWGIG8QGpMRnqz39971AKLbfIAo07fxZiamOO5WBIlSXScDp45z1FCsAyYT1EOsemehtTrq0rV9Ptb1iVmr8nQ/SLhMuHbHytWvh+idf6F8Emv924B85XIssnxrQYDJLucVk6YBxBa4DhX1S/sMARx0Nxopb/Gvtud7ngO+cSpam2A1PnPfgNuBnzHFSr6eevrXH940dQWe7M0mT3U8w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx/BZQS8k6rZi2buGdhCepNk1Sra5DsZ7nRGaKgn4EOsfWC7XA4SpYLjra3c+nUpTVJe52no1yiLLKnEg128T6bEs+5ctDmOAykEnMdgEqh9noJCgHBwCYwUwRmJ2FmwqlJyrlM80dvB6vjPFe</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_obdeli49hjao9es7rx7xalvys92ko789rws4"
                    NotOnOrAfter="2021-07-29T09:10:22.361Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:05:22.357Z" NotOnOrAfter="2021-07-29T09:10:22.357Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">ErVW2SZzDBJenD1IJ2Yvs6FnWcwkBXjuZx7HCOnxhT0=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:05:22.355Z" SessionIndex="_9b762e08afa1f26935491bed62d92709">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:05:22,368 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:05:22,368 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:05:22,368 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5eb16ab09e0dc170eb75cebf98f4cc02"
2021-07-29 09:05:22,368 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5eb16ab09e0dc170eb75cebf98f4cc02 and Element was [saml2p:Response: null]
2021-07-29 09:05:22,368 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5eb16ab09e0dc170eb75cebf98f4cc02"
2021-07-29 09:05:22,368 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5eb16ab09e0dc170eb75cebf98f4cc02 and Element was [saml2p:Response: null]
2021-07-29 09:05:22,370 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-07-29 09:05:22,371 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">ErVW2SZzDBJenD1IJ2Yvs6FnWcwkBXjuZx7HCOnxhT0=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_5eb16ab09e0dc170eb75cebf98f4cc02"
            InResponseTo="_obdeli49hjao9es7rx7xalvys92ko789rws4"
            IssueInstant="2021-07-29T09:05:22.357Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_5eb16ab09e0dc170eb75cebf98f4cc02">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>AL2RC8IvGKSw0hDwSFv/K1wljOkvEcPyTNwa3bZ5w80=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>p9lbwycW8hNoqWYOFetuh3g2MB9JtUCeMeIdwBfwPDBMWeZoyq1wRjWJZJZMEpUgvh+rVKty8nC5VPGHlbGY1t/KDjNqsj70OjkHb1Xk6Mca2vlpurR+mKXH99P87/yG4tgdIcTJ+Fr9T4qlnnwn0INpwPhm++yxRMD4B3kMe8K2HtufoS/Js0oAw2wqIosw02PplUf3s7EBRNmgF4guDPMJAfW04DU4IGwTwmjKkXmTi+NHlcvzr1iQNcxOh+76+TKjQyuy+yead41U1gmMZT+qKwROwcK2rnortFrXX53wH3NTQzdweOISyoIjqKQMeJJMnd2mwxXRCspPLIG+9g==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_42c931cef4bf7e800848280a56791cdc"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_ea0af268b113f58ee6a26785ae10e740"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>OiWcQaWYRERoOd/gyNHU9uDIm24w1ivEHc1IiL3JC5syKW8arHKcSa0YPpai9/pgzc9i+s8NNLCUvVolkmhpiObnwpD6FmxegeyVqYis/haMTUiBUwmTyzZmQ4nbJXIOWHbgH+U/izYVsHzX3nxxtUhB9ReBOgSnlhx9PrLJqj4=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>N9Pvqo4mHZX1adqSkb/x2rhVPs2vIAROAp79EhrIwRqX/3S5SBrpfFruWYuJpuDvSL35Rc+W6fVibGZmipVl3CKOAb8JgQiWYGNddDakX3dLQq8aIcZCl7tTc72wc+8SlwVyQ6yO1bI6d9p73BE/5TroTLP60QlHQl+DGGVHS4S40NZoImiKGFf3ZHiSUrjKUSHV5n/GLIwZEp+dkJJIgx9jjCk7anJgwRhZpjfTNgG3XAKDY0J4WGmgQrKDGPhFwNE77+CkeG5pazwnfJZWVbW3Mlw8TC3olORFTCCr9h7kK3mdP9Glfho6mi/2tQQWShcNZLHj2vc2lCyUvMVVLUJiNy1sOoUS1oCabL/kg0vUvNQlAM99/k93xih+NbRM92v57VQjSkEucKopyR8m/JEx74F4LcD81Euc61+a47fySHpYp4VnCWiu2xJwkTz6s/WrmXGqkytjpY7qLSCGZEx4JzIxzk7FBa1BAwRWCzgSanKWvmMch0lgnCMokZhLie8mTZuQAOvVvO6qJ6zcSr3RMgv5s4PxSjemgAOu+2ZKcOv2iHZ3UcL2DXmQLC2icahwZ3fCqz3AuPY247dV9n0VgfyvmlK+fiWATFTPnDt36x1QT3HpvoK+BgR8ptKQexD5QnlbZ7NT4NthGZ1F6XrgbG8hTf5Tl3V2vv46wPhpb4Id6badz23FNwvkpX3mHr6U0mUreV7++8EOsnCI5ug6bla3fHejfZSu2H0W2kDExDGJMLTZ1wAc8OFwWULh6RB1tJlYUYg4BKPVlUVn63bKCJhcG/Ym3Q710EhC/9CK8G6L4ob9kM97+Ari3q/lIkm4es3UE2ZTLgdAjCOkyYdx5MWTfIG5jRojXhLNJPpUw/gxR0+8xjjy/VXcNjgotj3bzSQreNW0gtdSCwnq8vE6JbpiieJZi5zM+ojnxmkz+kZS/AdN+l26ZRuXQUCaAPaW4csJtysvvJoQjC0aV0f4It8DngadyhakVJfLTFMiHwYIN/qU6h88wk6vBvS7x0SRarUdEssK3Fp8HXEPowCdaVv06KprKTsW1waEPYugcvOmhba/rTRSz+5VzMR0wL8Xr31ptDxkBoQ9E/+RJ7rVkB2H4wb6QF9hxvWewABBbwtdga1zA71MxsKSGx/NSF+wiNdJgAAx0RdJ2l+2ALMzM84EKKObzYXhZzG/3tBzDlEx9bz+OGIhI3GuuARbc/v8m+ORz56090hVkx1kQOKeG/fEdQOZCngW9wk1hRXIrvYTUOejTUQ94mXe8mkHSEx1rnbVAwL8QNNAVch4ASgyzijtYVBFBd1SkBY5KaCd6Cvvom4ve2D08NEO06vAtWasC9S22MrvxjpPlVpfUSMNlUY1CyrezgEf35xw9XyKA1anOMLG2rqnAqxCn5qRiswB23igqxbefN2kBLU8uYtaNPkXSs4mcvIVXAFbD9ER1YYjwkvxuwlV98p32txVehakASGtiUbOXzrsC1V/7MVphejyizgqGpba8W4tdOK1KNOA7dKSE1d4Qv65vF4bJicrOYJYo/0TFOgK9lQDCLFToyEeSm/VoPsHNF5/YnZuB+XIzugnF2YDguBT0uwGo30LGezu+8cPMt5IqJGN5SJqm1urSlPL8ZIU/YrAxHloKpILyGVoleYDKJUIr/OYRCvRWgBWhDMPSNEjJR0nmsKgkUYSaOwjCbrbQ8wQLVj1Q7FaykWUKsuWlHjaNK8U8LUT8qRZvwSN4iC+/lHOhC/Zrd4pLC5iV+JoE1l+xANKsOooi+VT8AkTYwNhPKBeLJNF0QlBPmNTTklHqoy6PIb9w/ShyAIKh86a9yhioI1DvgWSYQK2FbcsLIhvqYFvfYhcYT6rOrhs4iZBcv177WByfegVffqvheNfXIddnE+LMVpV1YFU/99KOpjxR6ervOexpSiCT1tGBAQ7SOKyiUi04kaxw+pMKRh3OP5pbPl0iNdKKjJLkXkBfOlzxlKpf2RxUMX1HtHv5GlitvRVK4iZY/SKcLC4fFLQgh7dy+K3SfHUyzCQe2BJmhrz3UTkResMbAlq2AVC+bMumJ7z0YSEExpZ/VcyXE5R3a3mvIXezy9eiosrZYdaUFhUlasUlr9zfM7v8//oRaYdxPJkPyJZXi2veOnrzev294OPUFyCnwxCKoVneI+N03lWDQT+HGsnro5cVvh+vcCGoHSyBSBuT2apuRaOPwCPJlgqZzKfG3doK8T8kTzD2SQ4ygoxbKWDuJm7LX+HI9SjarvmNSFsyARDeiK3lz0mmnoThYLTgFk7bSVPDwCBEQswzSsk/gu5U4iFNMAM1ztj7IhbwNReIV7+moTvkiRdzjl1jnQO/hlVDo5IAyF4BcfjN3ehIrxh4WeR5tlUUS0e1v8DVfdbKmEI/QNdNli/n9EZJyJRXJnPCHiCnZMYQ7DTihKGMOsI1rEUFgcL5YHRP3+QynRE2AlLHqZfAw68KHDc8PoPMUuReMquUoPmklxsirFqrC6C9Q6X2kgWQEcoPT7/mnLg0LjzSGlJOjFrltGGOe/BtcgJQlXcXJiFx84Q2cedO011Prwlc89wIX4gG3pGOBI//hAgqSqTgC5VzbRXjspv7sEpeK2xeg4sqQg3SLBc4Lx7c5eE4t6zw3DFZ7vguVv+CqVCP5W7ou+YCwb0lgoj+tYuuEspberM0/+vQXi6UZmX/YaecygTQ2ilo1pEWSTuVimF+L8rUUhM2kn7kyVJskFcAMePyCmj7fF5Z6BL45Dn6rhKSzbrASLfs5voRqNyOGaCa8zLhKbWdusbaRzEJODlUPlOaarndKYdaQzuh4AWV84CRYx5rnOW5WTpq/7eZwWw2tTn2dKn6I22iDhkiHng6ouWd1ERY4LWW1K1FHhvZDkTpbjGCd4Fui4hWeFR0IcZ6K2ilnMr/2Ofn99S2YsSptxfE6VMYuOEVY7qFwc0o5cfjpfAau1MTlenT1fiPB4XdCI05a/Sx681wGknR6BVMwG+irUhtuWU95CJI9SecY6Cz/ebQ8M46D9CiBqGM+eLBmPGtsBd3us8GBBIxtalCTF1+v++tUeD8bT+Dl/Q93hYSX306MhHnNkZJQKEpOjKK+4xrL0KBMFsiyfRckipY9ejKag/wO/q1TffuS7/m8yHZivkJtBQI3PwA3P40E1NIe3obrP/eaTAi+ml8Cc7Rx6RCmy5l81qIuTehhijzz3aG8VrAcOuhV7xI9r/15/146TTWVtVJK7oJ0CeXPubLzPgoTKY9awO6MSAWanaLBRpEr+BJLHmECGMvfLb/OuBnOqeqW3BuxeWHxkYC53ex1GjUPzOzmzLK+xZWOQLAI1529pthe9YJTMv3M8QH3T/H3Qp6uQV+YRudlZsADaiowxrHmZkXcCje2ypsXksQzEm4MhlH1iZcyb5O7/1e6BI+xGpml/nMhI9pmxXv7Am25mHgJ2pqrbfi7BazaeUVqR94rXZtZOzfAkC/yegY1aaPvW1ExBmkho9WP3XcDsq7a67co44lTL5rFg7Hs7IQuI8nPykrA4G1s7UVm6n53w5zrCJ1/KVvEOyo4rB/oVFrYZaCy2W3AmTGrEreXZQPEHhXwr1pNOA/cHeUQ93GklSUUOEq12f2lyzLxc6Y5hDw3kpCAnUii0TkxTUUmD9GNqszgwlefuHT3RVHsN2IJtyMkmROnzVVhEy/61cUrZ4yBykmC/a3L6GGE1k1xOnGcYCznfKHY0TWIX7TbybB+nV6HQr+lxXZ/Nwpv1xobAWk43IrOt2A2Lp5KcsWTFR2y/kwmpsU0cI2GiHjGQkvPf+TCXcQGUwtPCnOqRjCRTSGdYB+m5gUIPLFarMw7UcrXheKP74dkQ1uBMDm7QilX7+8WuWEafimuOw8ahoZhxtlvmAaYyp6gXYTaHnSKrhkHdY8dUW6feMxR2h+iHlAXmySXDC6rNmO9qC4qUgG3mbuhaxPQXyaYecWdgcNvZ+GznJeJm86e9QOwFPSfIpWXgpws/cWZeH+0TThqvkE5NrnrgsYwFwVp5UTaUiPW93hcJbhEYf1q1FscpJk0LSmvacCoayzicfYYtNAdOWI/eAW1TYEbM4/mr3DiCZjGbm8Ycu1vOf+PziMxCWNqILLskOtVYGK7r06Fs9giqixwzH89zNjx/Z4w9yNfHXZlQXWyFCqik3bkSBUAZGQVsnAF3Qt6cFQbdEHae1uXIY4jfGwF9zcl94ZQGr63zJrhJvylhRap8FpS1DiWi8VhZemiULjJLccGV20sJEff9MPPDq5FmYHJLWisKlXUj2x4g+jj2USbSt4UZa8+aUDz4HJigmBnpmgpvByzWld8Vbkhkz210rnejUMFxfKnnuHUTTgFYHpew2bK3/KHMCczEVnPyDyFA2WMrKgh9IJOzHYCxohfPRZZ7NtqE1F50D50LldopNTqOuuo+UHBpxI5Jl136hoD5yJkpBTLVDDpGmCj8IyBZIx7MCXcfZ+5WuvB5HLibIzL6HxdNslDZfqxcVkPgpkS/a2JU93pLmB9Uz+nhk1yupHx6P+gJqFvDTjelsvKkN9Ix/oTMHiq7v4GiCxcge1zqpMYAPp7eSLQUEdHhOd1hg7t8VgWgrdRJ82cgmiggddT4yCh5gS3FjE6nvx28sG0i5H83BDWkffMHiFXX/+FbPjZ0TFD+mv5jokfolMCC0EPEi4guzj7Xoveho0EvXcctIHWwiT4rIEO/3Xc7nfKN4PLFyuRb9sexwArrH05KnAljyML+PLx5ssZaDsN2bc81TYT8RNcoqMaUeFyMtYn/lFsKAtN4to54eBmVMh73YDrsWgHR1bnkrWqbVAlhY04bR62RVJGEJzcu35XgHjmnUgTtAtJPnra4b4aNl23ZDW1oFtMaO0n4uoeivwE/TOec4+fxUkShAeORK+Ys7ilseM/wH5FuE2wkyrXdsGudq0JXCUbfjPUZWcovuQoNlUgTcG5OW3Gdw0/Mf2Tukg6dc4SCoe4l7lzn+MXtr7zbmSvIXXBBEUQsCGi7qkZmPAGuc4Cw6NSl8S6ufc6WhJG8gpr6nm+UhYDFgtHKA8qIRmGgmLhg+VMtsJbbxw7JgPROOEKae6WIkc4QAHJbSE82IPqgPCmwcRi3w3eFYUbfk07KhEcF3GWKZMQn+db6L/dq9MNKdMvN1DAKjM6g/tek/aolsJC+HR2D8FP4FsquFAvS9kcIOfJfYMPOAE95yy6XOST/TtGa6iLGTLwKoDcitYtqVtC98EFcnBsvk6hJzrvV4RmbAAKWag1ZI/KXEL19V+wUVLjrZXuA8QFjcD+/I0k4ROrYMEpXua79/sq7MBEf4Vkk/oV3eYwYVapbunGyNmdEuFRYGk1dIr1v4Mc03Owb4u5fOHxb9Eda6oAzG5qFrQPc3+H8xxub1BAetGgfTv/K0qKhUDDHYWL9zZQlL14SMLwjYq3vlntGklKiia/IpHhCLESLSI2mMqWCjf5esDluWYlaXeZ6avt5rI/gdk117p8KKc9fc0niZGAGcnDJYlf8skPo9+tmDKkJIAq0QsCsETUpMbzUDjLoZY2lMQYm2lPswH+jWS2SUxi7YU9OZu01B1Lx7ujvPO3zvvLvD7XzVZcWFF/nVrUXp4vyRYP1unZn351YSyPmrFjHWWKBFEfz+YLQPATphwRzEZKAxwpC+26e5KFzBpI42+0vSXjgjzTF5xdtKGInA1d4qNZ7E2Gb6LyhiYOzyfWs+MVQWrPiHx1qCNUXYN43JJm0piMi+wlTxATQYC0nm9P6Q2UfpxU6irNYT5/CBYpSV2K/vCCKOB0Ia2Jby9qcQJDZWIBedLqAdXrbbINfZHjPJWm9oVgi0p1WioM8tEUM9fSXGrsYSv9oOn1lX5c8ifesQDwUaAFZnPYcKQiiMXy4XZpSlPiN/C3Fd3w1s6CVZ2rlw7ppiOe5N3mn1VzucIe6et4BZpNW8YZCUgqdJs/SKGx0zY0wQr6rlqVuK5RovCJr5bvf71iY1ED1fP6C12ZX3hul1veJJ5suFmFgPvvVI2SqEG/6r7KzCgf/koikvoxMkLtydCLStfGG+Du/QL9pY/54v2yYV/VW8G8EzMETxh2KZ6A1/eiJ03iOcBxhB4rugwAEuUb0yAH5idN6vnQ0NuvTWNYJ2ev5su7K4gtTP0goa5riToFhA4NukByY95qtR3zBJsmfBmk7TK3utwEcZ+IaWYX9p8f5MJuaLjCq2T40349n9aPpNhSandgZT/LgDMrETyq29s8vy+b4gl2PgPjN7uf1Jiz/QZ56tisrfies+vBCBrlN/CwaCYTsaJtrR/a/Is7mOxg4EW6VcbL9pakKRZdq6qnHftxToXLpT6f+mTaABZJpifuRSihYM6rdWEjBJmMrWx9zvoOVTzC4J4ErB8O/C7a3kKPEi2zUPaSZConovUTrI59V8+wLL9EiUyE6LeZHhynOxTX4olRWFcAlZQ65CWAqZwAfScERf4r3pJJFpXupG+8WNuYjU4R2z7bJ9bMVETC5OwNg+Sw6x/TJyHef2u+5BF0qzCDmAJDDOW6qqT+U76D+/MatFOZK8lhZJ3I89pzCJSw9czvvL+AStZGxrnBUNJBg1MjG4A9ngvMxwS+Tvdxh2hBsqGphuSOk5oyQnjErz/wMKggSwl7LDMpa5XNACz9ci0pZ7RHBXOtW8Jn4sKrE1mAV2YD/oDrjM7plWIKF2ZEYjnrMj0yItSr5rYn3aeo11wLfA/W7WtxGEHMfWADebcCR1uFi8OUWy2kHsUNJyTO9kOPRILrYYnnVWyYAk89KeFYiDnTkH/f1GRhdsMCNuG/bn4purfE3z40WQ3EQf9itn9aQgvwV1pJ9S9UcNFKQnKhfJRgtKdTe1n1gMsgStWyBMUpf8JUPdGMfMTP4mS8Gn/YSrCpXcuA9+oeGzP0OYYk4bUHv7cXW/tzHYcCP77NGewgkg1irnvUHd+918NsffSdA4/hCAY5DbMkuPc5H7La5RPJTBa5L1rwAiNXkUCEhzVIEtD+ZXs0YxFSDxtHCm0P0E+/Us3EPSvmM8nTRCsi/CBZOBhsH6W9Hg+b9R3stR6m2nsCsXoihcmzgypMIQZJpvacl8k3cypbKxypROpAwQvKLJ2Xl9i1vfaUQjRX/uhuJYjcDkDeQoobzbHqMwpgxG6dDBuJyjQQFjLoulE6wIOWClktqbgPUrtYKDNqQosCSRhcUE7+ewfe71ABmTG9GWMRhqVB2I5UaKkguA7uNHD7VWi92HRdqL8mWyaQ98pQaEVw31uMaEhrIGHd9d6HbQmBchGGA8slxiZ0Ek9S7kanvCwcqVxm+q8GT5nzNik3D+83HXx2Rk3FND95J01+K2j3QubhoGtFZ4MEu0nIbGGAlxyiLTtvdAsjOraWSlSt4bVAaTQo78+ZhooPVoozhQ8bkivm0nJoqSOVnn1qtw7SO3Iykt4JlWNbL6tcWZCYDtt9/aIgoLuQJidhQ2bX+ZJBFE4KvnX4vuiHFQMR8v9yFOV3pcL1nQrcMdzQdBO3GS3Uzgm6lLguVj7n6l7nu4akWtmtT7IuVsbg0RHctsTPUEB931OnD1FqTPDpXs2uOyu6nr7fWucPUHAbCM6nAYeMt7Y2Azt8MiSYhOP2118DUgzqJAFSTTXeiXN6n7yYogjQ0DLNUMhWOT37SL8pHWOn4zPusHvHb1LVzJom+k/u/LzOA7gj0738itMfflFX7tlzIDFrb24Jb267Ufmklu1fbVRfIvbvk02knHIXvxW7WT0vThrBR9kg77ws5raGk+ONtkj9AEUTFs88pEgclQkyK/i4bd5F7RQKHkiqlOTPqU/u9vOBZmIVNuywKZe0+BRPqoVB97r5pouw3twRcLXesaepWhv3zu30tw8S7WaQwMrFfSDPg+PbX8mfGKjWKxZpqlhuNyELUAA4G8kBlyWV6MU2wJM+g5XsC0PJpz33h08Hm8h4hyOd9HWkPKXLbpilq0iASIG/4Tj84a5qknP+rNuVVxXwMABIrJ8e6csbIte2F/6okp8S26Bm2XLbPWOtSKyNQmcxLw85fNlaXW6MicEqJxrjLGqzzh6WPbI5GO/FftMSAgnonUvm3IIhR9aSuFT0ToMDJ0xDvpcz0E7MH7OhAexLFrfwmZ5Cs7UWEJp8edRTYsS5NmVVN76zzfxOj2IUwfTj0WApY5szUXNd//xCoT4FaW0EoV0VPGaz4abJcAM2diNeZayJgv0rRMKIQqlp5sQWQOsll6ZZpRvgctWe9ZNSQuqRqm9EqyvwzcsHH+U+s6ISejdn6kmjEMiFxwF/jIoVnRPee5EALa1wbiNJj+XVGQk82X4eEc24qcqPwo6ogXLua35DC40qDBYLnF29WwiK6mgjx1lIc8/5s3eK4uK4flC5KFA2ZFTa+zqsc9+nXJZCDTCNXApNf1TQYlK1Neb6pPWhfPSvWMn5WzJmlLQBYwGiy4H0S0XYyoXrG0tki6PydGIrnZ+qjBCArheQqDtnBfp/P0vtPPh7NCJfrqFliaWrT4TuPeNziESWDeCdcBx0SX1hVAHAeMvTvotVqdKSNkOOeNuPkqd+4EhEIbKxQ8yfDxzlRA9iDVtDzoZc5guQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-07-29 09:05:22,371 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:05:22,371 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090522Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_obdeli49hjao9es7rx7xalvys92ko789rws4|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_5eb16ab09e0dc170eb75cebf98f4cc02|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx/BZQS8k6rZi2buGdhCepNk1Sra5DsZ7nRGaKgn4EOsfWC7XA4SpYLjra3c+nUpTVJe52no1yiLLKnEg128T6bEs+5ctDmOAykEnMdgEqh9noJCgHBwCYwUwRmJ2FmwqlJyrlM80dvB6vjPFe|_5b7d4aa41b5b6dcbc0b7addcbc1aa200|
2021-07-29 09:05:24,779 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-07-29 09:05:24,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-07-29 09:05:24,780 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2021-07-29T09:05:24.779Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_82701cbd-f7ba-4828-89db-dd61312f90e4"
    IssueInstant="2021-07-29T09:05:24.779Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-07-29 09:05:24,780 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-07-29 09:05:24,780 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:05:24,780 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:05:24,780 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:05:24,780 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:05:24,780 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:05:24,780 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:05:24,780 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:05:24,780 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:24,781 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:05:24,781 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:05:24,781 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-07-29 09:05:24,781 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_82701cbd-f7ba-4828-89db-dd61312f90e4', issue instant '2021-07-29T09:05:24.779Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:24,781 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-07-29 09:05:24,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:05:24,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:05:24,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:05:24,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:05:24,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:05:24,782 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:05:24,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:05:24,782 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:05:24,783 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:05:24,783 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:05:24,783 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:05:24,783 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:05:24,783 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:05:24,783 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-07-29 09:05:24,783 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:05:24,783 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:05:24,783 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:05:24,783 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:05:24,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:05:24.785Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:05:24,785 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:05:24,959 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:24,959 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:05:24,959 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:05:25,306 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-07-29 09:05:25,306 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-07-29 09:05:25,307 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:05:25,307 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@700991108::identifier=rick, context=org.apache.velocity.VelocityContext@6744e6e4]
2021-07-29 09:05:25,308 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@700991108::identifier=rick, context=org.apache.velocity.VelocityContext@6744e6e4]
2021-07-29 09:05:25,309 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:05:25,309 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:05:25,309 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:05:25,309 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:05:25,309 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:05:25,309 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:05:25,310 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:05:25,310 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b029d3cd102d26b6a2e68eaaef468c9bd68d7db7bd4ff1b06ca058a283a453db for principal rick
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:05:25,311 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:05:25,312 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:05:25,312 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:05:25,312 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6e8004a2'
2021-07-29 09:05:25,312 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-07-29 09:05:25,313 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T090525Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:05:25,313 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:05:25,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:25,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:05:25,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:05:25,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:05:25,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:05:25,487 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:05:25,665 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T090525Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659085525665}'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6e8004a2'
2021-07-29 09:05:25,665 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:05:25,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:05:25,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:05:25,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-07-29 09:05:25,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:05:25,667 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c32358624887f7691e0a90958a303731
2021-07-29 09:05:25,667 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c32358624887f7691e0a90958a303731 to Response _831ea9dbbc3bb8c272ca8f52563f98cc
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c32358624887f7691e0a90958a303731
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:05:25,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:05:25,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:05:25,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-07-29 09:05:25,668 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-07-29 09:05:25,668 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx4Hurs8wa5bICjga54P8+q8eWXOC1qUG1aCFl+BFgb0k8t9BoPCMB6UzQpKTPzZKeglqc7xDtOZSJ3VDGQLtsAIU21f4fhuJXaiL+uVYnH0MNeY6hF4eHSd8uXqZIlmrhSzZNOg22TKwUs8a4 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:05:25,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c32358624887f7691e0a90958a303731
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c32358624887f7691e0a90958a303731 did not already contain Conditions, one was added
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:10:25.666Z, to Assertion _c32358624887f7691e0a90958a303731
2021-07-29 09:05:25,669 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c32358624887f7691e0a90958a303731 already contained Conditions, nothing was done
2021-07-29 09:05:25,671 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:05:25,671 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c32358624887f7691e0a90958a303731 already contained Conditions, nothing was done
2021-07-29 09:05:25,671 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:05:25,671 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-07-29 09:05:25,671 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c32358624887f7691e0a90958a303731
2021-07-29 09:05:25,672 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session b029d3cd102d26b6a2e68eaaef468c9bd68d7db7bd4ff1b06ca058a283a453db
2021-07-29 09:05:25,672 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session b029d3cd102d26b6a2e68eaaef468c9bd68d7db7bd4ff1b06ca058a283a453db
2021-07-29 09:05:25,672 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:05:25,673 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQx4Hurs8wa5bICjga54P8+q8eWXOC1qUG1aCFl+BFgb0k8t9BoPCMB6UzQpKTPzZKeglqc7xDtOZSJ3VDGQLtsAIU21f4fhuJXaiL+uVYnH0MNeY6hF4eHSd8uXqZIlmrhSzZNOg22TKwUs8a4
2021-07-29 09:05:25,673 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:05:25,673 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:05:25,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c32358624887f7691e0a90958a303731"
2021-07-29 09:05:25,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c32358624887f7691e0a90958a303731 and Element was [saml2:Assertion: null]
2021-07-29 09:05:25,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c32358624887f7691e0a90958a303731"
2021-07-29 09:05:25,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c32358624887f7691e0a90958a303731 and Element was [saml2:Assertion: null]
2021-07-29 09:05:25,675 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_831ea9dbbc3bb8c272ca8f52563f98cc"
    IssueInstant="2021-07-29T09:05:25.666Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c32358624887f7691e0a90958a303731"
        IssueInstant="2021-07-29T09:05:25.666Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_c32358624887f7691e0a90958a303731">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>2wPRq28klNfwFDNlG1MoUl0J9bRPyIIixy5aOhJOjFM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>dy6UDgi24HpWZHW0Gx5SzNshveMl/ZLDXWpXyYZmCBalV3qAA2fJDeOcI4V7C8w1LUZftDlCAVfoIeami8acx+EKerUShYxz84oKtlUMun24i5WvkMVqz1uxNgBhDro3jPEz3lwcqSMC21Qa8XAyEB+YBVqUscBJih00R1Y9HCIymltyXh91/lQHSniH3+qgMPPlBbsXHy+b/18FtwA7Qjs51w2ogmvX3TNwZ6bsfr+s8EYGHDtxm2CG5z8dqzfUwJJC/ZsnQmLC2DwAPIyfisRzN4gRDf0YCstLdDUmUGH023V/Q2rGCbjQU69ji8WLIY3BGZFSK0WUNVM2dIHtYg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx4Hurs8wa5bICjga54P8+q8eWXOC1qUG1aCFl+BFgb0k8t9BoPCMB6UzQpKTPzZKeglqc7xDtOZSJ3VDGQLtsAIU21f4fhuJXaiL+uVYnH0MNeY6hF4eHSd8uXqZIlmrhSzZNOg22TKwUs8a4</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-07-29T09:10:25.669Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:05:25.666Z" NotOnOrAfter="2021-07-29T09:10:25.666Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:05:25.309Z" SessionIndex="_830f2782f06f22cb5ee98f990466d328">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:05:25,677 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-07-29 09:05:25,677 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-07-29 09:05:25,677 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_831ea9dbbc3bb8c272ca8f52563f98cc"
2021-07-29 09:05:25,677 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _831ea9dbbc3bb8c272ca8f52563f98cc and Element was [saml2p:Response: null]
2021-07-29 09:05:25,677 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_831ea9dbbc3bb8c272ca8f52563f98cc"
2021-07-29 09:05:25,677 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _831ea9dbbc3bb8c272ca8f52563f98cc and Element was [saml2p:Response: null]
2021-07-29 09:05:25,679 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:05:25,679 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-07-29 09:05:25,679 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:05:25,681 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_831ea9dbbc3bb8c272ca8f52563f98cc"
    IssueInstant="2021-07-29T09:05:25.666Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_831ea9dbbc3bb8c272ca8f52563f98cc">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>oCRHr4ooP3ODx2cfqkTWoPZRUoZ1orjQlRo0ErrYiyE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DeH21aUCzp/1yQxzwNK8mFtcxkjw4scF8P6ZJLZ2CmsD0ir8YBHgAJtOEXzoTcgcyVjEA4rYZonZYbeSkm2iOSQe2LWsZRNJcDkOzMwPZcnRxa4/8LqLe0K4EpZOSoI1DV/uwpKE3MM04EvxLijvGtQXY88O7UtI/SnXoS+wsWxCf0BqWGsPUIvsDgqIbDJr/vbR4h6DBt5qb5gPiv9iwXCTVhe1sJysggeuwS+r1u/6yP65Ve2aOczL1GbfrgIQk2YXuC5qAXzAIt+KWL/x1oaHqoxRBgenjpOlo4EUC0DMr0e9+v7dY0sicJt3jNXuKLmkO4iYSAT0FbreooJ12Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_f1eb9aa81c74aba5941e8ba128b52f1e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_45b5752b857ae67eb0de77bdf085e8d4"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>AkwKX+7m9QmEmiVfCoxLs9MAvu1BLk9sGjIozAltZfy1tsWcmykqTfSPIrlT+w7f/O/H1/MtwEXv2B7l+Lckftq1MUJiUajkeCsNh9kYp4w6dBWqER3QPO68nwv5OwcMHmHrbz5W6wUfV6pNByT6ORI8AMwjSCI+MAqfC17zL4w=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>Jylr5rYnmtfEJMuYaQx4QlmkndsdaubrIPTeMjEI7ejTFKzpVFcjovTkjkJBJl98u7EXQNLSvChjF5S8Dep1iC8cnY2p3XzK9PgpVFmKGSqn3II1o0NcMNWiSKkLifIhajzUbzZS0Yvc4BcjQ8KMZNERt2AiNZV6HGnCDw/JqqQ/DjiFdOopdzrKbKZde0f+5K5xufkF3OL7jxA82sDXpGJb3agQfdEkBKRuRBMXsMWF/YFtoE0BBXlIHsfNmvEZQNPWuMKO5IqDFvjPZsBoC/jP+NugcVl4/yQTeE/b9b84tRnPmZdgBuA9ERBa+ZmOu2GRwByz/YkLPTK5hFVSTI9/eRUaDDolynpUYAhGNm3oTCxLkUSQ/mQPUvjn/EgduKixbqUX0ox2zjAFHqbHm1fVB93ftnTIRV3CMKFld8LtnvVYF4BCl0uazNwW7oeUGTxoBoBoS2onIEjvs9mgf2asg9K93KEXRfSETcJB2T9aU6U3uUOj+i6NEv+n7loXX8bqV59qD8G6qEyljYLgam9Tlxbtw8LEn+R0832eBFRWP4UHYepJB31ESq/mwJGHwIbx2YKdimG7+1Url/P5YURDRso8dupXlyuZctx9Tvl3xXTnFFQMYqEg6Jp+kZ/8syRQyqNUYXXS4KX5s8EcBd97tgS0TLyDfe3b5e2odFljCbdIV2hJM7w5bQWYuayMHTa+LulNNCCl8qUyXtol7IHpO82xzPK1WiIjpJWOAmjsTqPm6f0ujX2cXNvtAGWh2YhCC3llWtGrQuPqf5UKeJCNhZNEq/aphE47X9PJh2jVOPWmf9NrPPJZZ+WOOKt9SIsDm+Qo1s+hw+Nb2M54KHeTBn0rtcwdsDh4jrAWNYmGYzFipUBGWSR4wmh6KaUm6b6dwKkiKF8W/DQPX9aBIpspbxanedua+cEljMeOBrqvykQjwGoMdS2EJSJMu5YJbTuOAXXLiAOwxP98PKmKBNWXO0aaS1+wRCL2v+q5xGO9I++Cp87MorUjX6P90Z7Wws5ZZ5sd2pi0JJc3wzRfmACLDzXpvC7nCXRhHY0MivJq+s5PdTDoNLUeIFiYM5CZR6uQKKBXtzobLPBj7GZizxiEFegmSpWq9udLJuYiDV3KQIMwHU7JvOgdIY44NUrmrAbLkcTzgS/I5GzNfUO6hDums+FdjAd395S3Jybp5vAe6P8AYf96lRFsiEEgw8YudqcHXoRwGcSqcWVuwoyFJ0XQZVdPE/r0dbKlfEMptIlOoHnDogqr+Q56ynniiLCBlSJJ0Zh8jMN1n8ioBpfxjT2oNJtle9SoYfeO2Uw7RrBzE2oLAZVQUt6Rfp0vTZO+66YyyPfGCefCBhSY0mPyAK+f1ZgmK6lnSKKOJ5JjdZQ0C/6PwoJNfyLUU9+YX4/lDkzY/xgy8VI7uZtHsIVDDvn1vBUs6/LpWhCJBSTTIC94ckffdMYrcuXObVuW+pn7AemEOOTnnx0+06r3DxGL//9cOmbUIUHYi4W4wjvp28GzWRpQnxC1T8rqC+A56PZ3HTfprNMJ8UUhyh6SKzAmOov0Ht6m9Yk/jzGIAjiSP1Z/wDXqGkn5lHCI6QMU2gCQvP3bsCFMciOUy8lhJkdt1RYS0nex26WrJP3QFSasNqLn6xb0gE3NdmkshGyfqlZ3w3XRrlFDOx4gj2uoyC/5NAcEGemSJYxwo0yBUMGlMcVXx3/nNYv2oecUtd0DyVc6sfIyhZpus4jBRURmtoKUtTUZzd2+iGuPXxAojfsLe6QUEfGK3ciK1+8mx2QxPlaZQDpqoU5YhBuc4mdFti/H9qhhvn8G4WC+dMSf4nHhGPyBf+Pam0fGqTi1xZRHJLNkejqY7RdWm9xNqWj2UC8BtLU8xXYY2TrErPUgDfhByVxIRNHu8FA7yuCOHtaHv70IgU16VMx1yNUxdlKJD0tBdT6UUKl4UC3VNUiySFXxdufYKhyVayYUtiO1XGyZOMLNWwbvdwrA6Mr4bsfYUJ8BzRUBVse1CKKqlidr2tW0SAas4eN4XD27alITB00Y5EPwWM0YwPTntW1UshA24p+PLQremx7FadPgKWOLtoJj5ElHZe0LQXMR+uvdH5hIx0IB2NXS3w1NEPDnzbA/jrb33E3vW1LqqJ4a1uEr0c+EHxpFjiiQySpuT4o0slqiEHeR7Ib2MO4jL0E/gGkByedKvd/tHAr6XgQmm27n2/+OdSM7R21pYyv2KjdKulzWiZm9ubrpG8SRA3oBhRApl03Gon0r10r+EMRNk3cWFkJqtO2MalVy3VeG8YqFKhjR1lXOO2Z7tFGxy/bnQBPSs1TeEG1SR1MngvmLJm2+FQwI3AyN8f7Cb1zVhrWV+R84Api9yLudLFVQF92eDNWxj+VEb1BkywFT/Oym3jXtI1DJJoDv0pQi8sfdDC7I2wN7+3Z4LvLhlivPzrv01qNHbpw7NwdYdG3l6e/dDdNDsuZMS1EYl7WnCGFvpZTp7ScLu/EV+car8RB+FzFCQBrOFFIpPISdMRgYX3tLqXy3goJ1ZOKQlcyYLaQxuAlkjLWCePVTz5NsgxqXtRnigBhMHCmaHAAdQzqVZYmVZwI/h/1VFeV8avsToc9Zdj031o/hxHRe7+KGIOWt0dGNz5ACsRqZNKcjZ95GUcSxyJh8R/FBrIhiMJxad3NIfl2NW9n0bHtjy14SE3l8EBnZ8lSES17zkhqIxBIYRHDLJJgxxCICsPJNv287z/C6igE2ZTVgUgFPfIjYG2fqbbGlMus3kTC2X56LzgDv1/vwl7gzbAOdruRs9OPDB6RHQRTdnJoxXCgogtBuCRvcXja0rBc7nATs0r7EjUafF/Ns1OvdV/dlMcDivepGLKmJD1Ffrl6RcswtJAy+UuZ2oSh9RD/fbAPTop/OxrAXdoK7KxfveqCXuyAL3mL73ADGwoEGQcC4Ynxdqu1HkflmZGA5nqqchC7OhVTTSD7N8fkdARCJv1kotMMDtxngee1vtcHg+ZhfY2YtJQa2ikMBBi7r4U9aZ28Ot2k4/vIa1TP55LtG2jOXzc6tMProFDKj0JCwOYHm1D3CZ6yflWzDGPlMGdUWXPznA3OwjBq1l9YwR639wJUqGWfKIb7GFbCBvBfkRtPblCWV5FhqTGsICySJ+mw3x4gkYtNY3HOvmAQEcMD3NCQ8oZGhFCWtAfnazJ1Lr/fRLYp+RtOnbgi4iDlq0ZysHKJ3FMn6MyoLbwLV3uBKFEBAi8W9gXGrQhD5OQXilj5AKolfINdU1eHAji5T9lfF6tea6v94/Uuc9RGCUbB2i0CkNN/MNQJ/bikz6H9bikUinnaKSBHnau4XQ/JK6xfwbxL+xl5K977QcLEwuI3qAFc0hQj+yvw9nQbgIj1jLojX46UQU28QVeDntBnfyCi/+byhel0PnBaqIhULLvDk9kIPKYho4ktSdxoukX5GCi5uxBKXgTY1fBlBmmD4kW8h9SBwBcXtNBdI8zMZPdo0RGuOeHaSM5u2U1qLZeEuKdH1EhcUpQ9TAN3zK3bSyjy3YEKrVLGqmuReVlJ14hNuWsa+dGw9xW8ndfUjYrn7wIwIJH7p2dxmH/AWLyJ1BJLLr77xPj2uY6yRbyjqjGHzZCXeEq5NH/6lHvZ40MwIJsAt0I3C5aZJgEJfA7IfYQv7v+AP2Hu1rLagXPI9u2ndsAuVawD0a+XmFyh2plBzLJbE/RoexxXwm5cRpUfLM4DaGHsk6B8pzM3O8PtBdeBAlO1lx+zBO8wPQ7/CU1rQzOfvIs92inRV78PEUPa5G7chniPSq8qRUysOGqm9+kGtgsEl/5i7lCK1bg/UCQ4gNNVRmEmxGFdIsxisNQscA9Li2opdOhta57/hCH4dEX0k197ZfeUFpX+8S1R1gXSfVkO/8Nah+uIjgQV59m38JvSQU9zlhCmGokMd/MEoF5wLUYdl2ATxAzAcJqKY2coNXUQPBSv8+lo1Vf0AttBCn9NXLKWNgVspJej9hmtQ/IZ/SrnlI+a5UiSBIrLyLTT1YJQnZ80b8bqpI3mac0FcOMr+HUNaKVdzlc601NgohmQ4fknlG0nNDqQ9FwxjVkU2YUlkoALjEgzjybnh0ai6SBNvbLShuCFut58H2vTURL8OPQG6/7+JNZiNlhqQWkmFIAEBcwnfrk+3g/+JL0E+Yka+RhJG315/84gsbbzSbYB3NtxLZ7999TAXZ/PNJr0KIwrkXXDjYcAhviMPeoGdbAmHxKVOkgOj0L5XESorMTmq7eYyLanUUY6q44mniWh4yyhnHt7mIkbQoSe/+mbIX1QMe2LDtBiN1SOP1xTsIhKdeHYwqp31ZFwiRWbIm2S5o8Xi7lM3C8BO12mv2M2ICp3A3wX/27sHuC1T/3jlyijfQ+jEAZWsKtBI7NnJ81s9c2hj7rhNE34iyR5SKcH30fijVs60GM5U0m+iY/yZ64i/Tcu6rCHBEpNRs/g1K85T6r0KQeIPSbzcnKOAf6BiFGivbku0oG3zWoef6gCOZRGs9Echo4mo5V2Pq4cz9KjbcNbvBPEDfFxft+BdV73kw023WVgTkPX7fBUnph9SLOvnfDPGAtl+BSkSUblGv9o2WnohYIkFcp4a5cIvowPBsJb/27CXofPNBg5AtT+exqtpRCChYrs9Mu4d2NXjzm9ti3PKNW7QXGvbtFLIApceFQ1Jn3OSEPUBevm6LDopFWt8o+oPOLbNBmD4nQoUlCXDl6moUiu8cD7bIj6M+d6Mrb+vkn87H1HribOwGuw1tyIsfyPn4so35O1E5s0QYjEdYEPbLGYSw+PGky5/2g2lDfyNox6DBdmTOmQ4dxjncRWw7fSNREwdb6GcyIWh7W+yams8Tlmix+PckjqTerzMSGn23HhC6ATr659TUMIm668Ls9fPM4lcvg3wf19512bLlewoaGU3CXetL3pEe5MivEPJN8To9uUHDzcvtr/IOkSuUvvvxKgmzYQqjI9ps6La67NVvL/xpU4bxsMLqSDSLo1Y/YGDLzjb+IlxF7v3eG8Scb7PcWRhnrET+ZCkxxDtVFJgvK9XIbK/SiPu056SK9ZrEgOY3Ar9Dnljl2tjm+7Ajzus3AK+E0eEEzq7VFLF1g5LVuwsv2OR10ygMA3pUlZl65AYJFwi9s6wr9TzU71FDpwbn/Ei0ADH6vttSE7uBeZq8izenieuHT2o6YkZwQYc+MIE5sfhLklC7mPd2YgmPAa6j5FKxpK33sXyovN/xDRgoVlwH8M4hh7Jf0GM6NlidIvlmGtella2dfLXW3mDxXr8OcR+5cYoOgdhMJy22o7gUa34x5oboOmiTeD2smrpkMy5vpP5mbDotC6Fw7Q+ef1N/OhZBmx42kSCLwbe/sHKfc1CykCjlZUfL8125eBCYHbdA5+AUNglwgjosTBOWGf3Th6W9SPLZ0tHlkaqpw1wkBMhglqGhqKdsnGQCUbsRArD6qNF4F5evGwkqe8evSIxaY1FDQLqCbEza2Ofuyg1RRG+hveOQSIuZAfGFyLLNAX/LaA79mEUDDyyraR8/9soT4FB352FtJMJmG9hBdb1OJw+wkSVPFahousBWu36fqaReDzrZPTnnX4QHAH2tGblRrOVs/QR/B4ycMsMo6MhjGC3BTui+Fx4vk4BAAo04HdQYXeNBHE/FJ2L1ENpFEqbESrzfTQKWJWqbHELe5Y+YsOq6l11Zg9lYwzLcT5OfpjkYmFxw9KKagl0QXSPonvJtf8k60Ygqd8yFUawm2ukJAtc52puvC3ISlpn914i2fKGjY3DVDD3nDlXaQLH8ayMdTRX3kmMRfekKEIvZdS65sdyKhbG+oovQWYhXya9O09kxIJZDjBSFpzdzvSXAr2bhiMbujC+1VhsLSJAcZBx74JWkhiXqIIbDUT6CIMZlBDOCJgYeAWcVCav3Plc92jSF/Tfpev85gcPrYmMQwnlMfWwB0NqjqAdroGdYUdKmaUA3u9QvDQ8ZuscPeEhIzx4pmHQVY7yeQ/n4co/QC2IEOLuwxFUlAvCuUXBNI3wfwaLZ3+DSEOH5XQS2KSdcNqUQbGeiFhspv11rbLZ2ACp/TF9NdPEJynPctcK07WRp5dR4PiQ1yuUskmsV1K5jNCfbWlUTCG3Xmivwbn4yETx/2duskDRSx8oL1504yfG6+iCnGlFefxxirRf3ntSDLw50zO0PhXP1Xegxr2LVQfTscnwWgR5lXmV4VxNYrNLulHBNjBk19Y3EuIhqj3+tDP+CwgkSzzGIODsmOaspH1ng6UKJ0MmFJ3OzTKLIQrslqrK/wskqOUmvUTSbtJZ0uK26e5sIW2dqtN84W5BAVmvb8EOg+qGo+tIBhCIumQn5TD/ry0Bjts2oxO5TBBAVTRTcyV8lAFyofmwYs6tKrajjW/V/w/GWo7Yy1bn6OlQA2auf0RdUD995P8+RbIpLZGKkNQMe5nYABcP1VvWMjN6hmO5I96bodpizegOEkRJASvvK0nUj0PKkvdDwBazKEJZdakI2/5RU1hPqKDSHTaM9TcYph/cXhNDK4NCB3XYlnpSveI3WBUKZd2WENPhhhBRN3M8ZDeoIdMoOZiptxZReGNUft1dK9QZ6T6+OjVUm+b6cdk1T83RwSMcVm/1+YaDq/LyR/Va1dJy14SMKpnb4BHmXCgFi0YxAgUIQowjDvYToFhhq2F0SpKgMabdcqrQ8xWlQyTphuNqzZzkdr+cP82RhcypPRZJDVAUKnnPzB26nKekj3AJLDYbXi3xNKaRFlylcNDGrTrzyumTmbl0v+NbWldRTKx7c7WYBw/v9tocHV/Krdl3jYVGEw8DWNHVtxfCVrMIkrOiUDrDwlZ8fpsnCVung3JYNMGU7XdoPgyctpm3VfN54wcZXaQttNfGH7D/Je0qyv/PbR4/9zGJCuHAVSA1gje/CeoMI4hgAZzlj8x8i5P0zKVOMGvBkuoSSEgjdJbRAzf7E6zLJgZNXdc04FD1JnGZ9maT/7wa+VvzhMTbM+BeeYIx4RdNUt2iYh1Yxp169nu2RWu/7Rju/CbK+APtSwQaoSRcUbFroeVRQYYPj0OPGaOjw2e0ybS0Zw80zo6/+kHXnYYCLKslDfrhs3asErRO4WAZ5c/kly8N3fP+CMjkHcSbbA+9vm+MEJorbDEPl/81ZqkIaDHlhWmdJUCUvZfsT6Bv2HggWl7CHrCNo2LzyJDt4XPiIUgduFdxKNnmyHZkk2Uxoj9LzcjTGesthlfNnyZlBDwoCcuSZMjE5017fPc1CmIcZyrGPqUnR3/T8j5ds33PAoscAVTKDpcsdcONL9f1Cbf3aMlzkl2uZIBj4srVBpXgebmFiwG6g7RGjozIO6nyRkyhdwo1S4quoeEWYO36yWuMjTPb7HwERz3pZyMWA8ywXaJC0JWH+hAYLiAkXepRskJKrmAt5YWBuTjOfZ7oJn9eD3rX0aRf+Ph3Fr1okJNoMTmSjSRtlJ/Q5aOJe/BFabv4TyErsdg4lHP8c1D2jnnWohd8ndUPIe7QDflw/akpHP8O1+2C53U2ku9r/K+7g9o5lPXI99x5Lk8fGGjPeqzI6Dmw+j0ELKDZHM60J1z8ILQC/D0UBF3KCuNKb8U7ip/4UqGcakH8TtvvUnyE0z01p1ZV0+AWGfobQVZ6xO9DnGDjVsvRvNQPmHsJwlwjhGs7gvOmeRRj5r0hM55q4TBn3Qo/saP/w2dng8K0bMofr09cPav9ppJ6xpyK79gro3YxoFd2/3LFfEUqTjtg+CmTqT59k3poon5ZlYnvJSp2KVVWq8qGmAfwVO4X3BrFXo7hKzGG3Ko8JLWvi9zZFoHkYJMxVBlelmerGgMoOGWmzuZ4SDxMPsxwXElIpPCxDYrd3SJ+WGfWpz+Jg1NMIX3t8qMwPoSHJD0fj/Z7zQZh8r5+9i5/kaxP9r9fmmu/+YwZzIS86W10zpw7TaUHQM/hCcPKxRST2CtL7DZYcCDy7AJzGJ6N+k6fi88AHkeye+GPeLvCn1u1pMjTGv7qOf0rmF5mMFtoOHgIH0QrJC4ymf2T3LLaGoevderNOy2ixlRY1CuQDrNhJz+DSDxi0Gj/XuuHYJyjKYEIb0oZQrRJZLTROWgpXwozFEcBKfFnQgSCCQoAQ3C4mpyWn/zr53TvacL5spij7DERZb3bh7+e6AjydeE7Jqyxn4wlu1UOsSkyC/QV6v+ZPz0kmdP+HanPzZoRdTbq/hFSckMiuw2s75JfKRCLABdd8R3mlDPM5qskddN0taWszAJz32EmMvIso9POq6uYil7z1lO+plgh8FtUflE=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-07-29 09:05:25,681 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:05:25,681 - INFO [Shibboleth-Audit.SSO:?] - 20210729T090525Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_82701cbd-f7ba-4828-89db-dd61312f90e4|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_831ea9dbbc3bb8c272ca8f52563f98cc|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx4Hurs8wa5bICjga54P8+q8eWXOC1qUG1aCFl+BFgb0k8t9BoPCMB6UzQpKTPzZKeglqc7xDtOZSJ3VDGQLtsAIU21f4fhuJXaiL+uVYnH0MNeY6hF4eHSd8uXqZIlmrhSzZNOg22TKwUs8a4|_c32358624887f7691e0a90958a303731|
2021-07-29 09:06:18,773 - INFO [net.shibboleth.idp.session.impl.ProcessLogout:?] - Profile Action ProcessLogout: No active session found matching current request
2021-07-29 09:06:19,047 - INFO [Shibboleth-Audit.Logout:?] - 20210729T090619Z||||http://shibboleth.net/ns/profiles/logout|||||||||
2021-07-29 09:08:36,336 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:fead60a895e7128d3af119842766a738c10e7fd8796d7cf55c1e32592b06c09c
2021-07-29 09:08:36,336 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:08:36,337 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:08:36,337 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_1178059ea0f2f2756cee10bc104001f1"
    IssueInstant="2021-07-29T09:08:35Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test-mediathek.lmz-bw.de/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-07-29 09:08:36,344 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test-mediathek.lmz-bw.de/shibboleth' from origin source
2021-07-29 09:08:36,344 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:08:36,344 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:08:36,344 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:08:36,344 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:08:36,344 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:08:36,345 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:08:36,345 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:08:36,345 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:08:36,345 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1178059ea0f2f2756cee10bc104001f1', issue instant '2021-07-29T09:08:35.000Z', entityID 'https://test-mediathek.lmz-bw.de/shibboleth'
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test-mediathek.lmz-bw.de/shibboleth' does not require AuthnRequests to be signed
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:08:36,346 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:08:36,347 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:08:36,347 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:08:36,347 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:08:36,347 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-07-29 09:08:36,347 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-07-29 09:08:36,347 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-07-29 09:08:36,348 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:08:36,348 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:08:36,348 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:08:36,348 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:08:36,348 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:08:36,348 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:08:36,348 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-07-29 09:08:36,348 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-07-29 09:08:36,348 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:08:36,352 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:08:36,352 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:08:36.352Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:08:36,352 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:08:36,352 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:08:36,352 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:08:36,353 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:08:36,353 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:08:36,353 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:08:36,353 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:08:36,353 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:08:36,353 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:08:36,353 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:08:36,875 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test-mediathek.lmz-bw.de'
2021-07-29 09:08:36,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:08:36,876 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:09:03,517 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:ad77883362a4200b6ebdc4bee4de2a689cb4430cce36eff411d45a8789f7fe30
2021-07-29 09:09:03,517 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:09:03,517 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:09:03,517 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_83da75e03449e8671beeddb7302e8ed4"
    IssueInstant="2021-07-29T09:09:02Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test-mediathek.lmz-bw.de/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-07-29 09:09:03,524 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test-mediathek.lmz-bw.de/shibboleth' from origin source
2021-07-29 09:09:03,524 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:09:03,524 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:09:03,524 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:09:03,524 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:09:03,524 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:09:03,524 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:09:03,524 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:09:03,524 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:09:03,525 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:09:03,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:09:03,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:09:03,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:09:03,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:09:03,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_83da75e03449e8671beeddb7302e8ed4', issue instant '2021-07-29T09:09:02.000Z', entityID 'https://test-mediathek.lmz-bw.de/shibboleth'
2021-07-29 09:09:03,525 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test-mediathek.lmz-bw.de/shibboleth' does not require AuthnRequests to be signed
2021-07-29 09:09:03,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:09:03,526 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:09:03,526 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:09:03,526 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:09:03,526 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:09:03,526 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:09:03,528 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:09:03,528 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:09:03,528 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:09:03,528 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-07-29 09:09:03,528 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-07-29 09:09:03,529 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-07-29 09:09:03,529 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:09:03,529 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:09:03,529 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:09:03,529 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:09:03,530 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:09:03,530 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:09:03,530 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-07-29 09:09:03,530 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-07-29 09:09:03,530 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:09:03,535 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:09:03,536 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:09:03.536Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:09:03,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:09:03,536 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:09:03,537 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:09:04,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test-mediathek.lmz-bw.de'
2021-07-29 09:09:04,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:09:04,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:09:51,709 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:2344345ff653aa6554b62a73140308fbbbb86cc2c34fe2ff680bebfd51da1926
2021-07-29 09:09:51,709 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:09:51,709 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:09:51,709 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_2664bb2ceeb7bd5de2e73f7dc0c8dad8"
    IssueInstant="2021-07-29T09:09:51Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test-mediathek.lmz-bw.de/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-07-29 09:09:51,715 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test-mediathek.lmz-bw.de/shibboleth' from origin source
2021-07-29 09:09:51,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:09:51,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:09:51,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:09:51,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:09:51,715 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:09:51,715 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:09:51,715 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:09:51,715 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:09:51,716 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:09:51,716 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:09:51,716 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:09:51,716 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:09:51,716 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:09:51,716 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_2664bb2ceeb7bd5de2e73f7dc0c8dad8', issue instant '2021-07-29T09:09:51.000Z', entityID 'https://test-mediathek.lmz-bw.de/shibboleth'
2021-07-29 09:09:51,716 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test-mediathek.lmz-bw.de/shibboleth' does not require AuthnRequests to be signed
2021-07-29 09:09:51,717 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:09:51,717 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:09:51,717 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:09:51,717 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:09:51,717 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:09:51,717 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:09:51,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:09:51,717 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:09:51,718 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-07-29 09:09:51,718 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-07-29 09:09:51,718 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-07-29 09:09:51,718 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:09:51,718 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:09:51,718 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:09:51,718 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:09:51,718 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:09:51,718 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:09:51,718 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-07-29 09:09:51,718 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-07-29 09:09:51,718 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:09:51,722 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:09:51,722 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:09:51.722Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:09:51,723 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:09:52,246 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test-mediathek.lmz-bw.de'
2021-07-29 09:09:52,246 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:09:52,246 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:10:27,425 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: luwF6vCDVTV4s-DY3AkaXsUV0shOoSuM3ywSUIp7KeE.hyBa8pEnzQI.qa-frontend
2021-07-29 09:10:27,425 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-07-29 09:10:27,425 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-07-29 09:10:27,425 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://phoenix-frontend-e2e-flaky-detector-1242-k.dev.starmind.io/auth/realms/starmind-sut/broker/samltest/endpoint"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ID_23493f86-6fb6-4a7b-8b05-8a9eb541f66f"
    IssueInstant="2021-07-29T09:10:26.241Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://phoenix-frontend-e2e-flaky-detector-1242-k.dev.starmind.io/auth/realms/starmind-sut</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</samlp:AuthnRequest>

2021-07-29 09:10:27,431 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://phoenix-frontend-e2e-flaky-detector-1242-k.dev.starmind.io/auth/realms/starmind-sut]
2021-07-29 09:10:27,431 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-07-29 09:10:27,431 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://phoenix-frontend-e2e-flaky-detector-1242-k.dev.starmind.io/auth/realms/starmind-sut in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-07-29 09:10:27,431 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-07-29 09:10:27,431 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://phoenix-frontend-e2e-flaky-detector-1242-k.dev.starmind.io/auth/realms/starmind-sut
2021-07-29 09:10:27,431 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://phoenix-frontend-e2e-flaky-detector-1242-k.dev.starmind.io/auth/realms/starmind-sut)
2021-07-29 09:10:27,432 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-07-29 09:10:27,432 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-07-29 09:11:09,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:30daf5671beed937c596efa495b1ea306c68bd4362278162d1596996d197cb19
2021-07-29 09:11:09,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:11:09,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:11:09,455 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_eab0bed28fccfafc247fd5e605139a4e"
    IssueInstant="2021-07-29T09:11:08Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test-mediathek.lmz-bw.de/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-07-29 09:11:09,462 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test-mediathek.lmz-bw.de/shibboleth' from origin source
2021-07-29 09:11:09,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:11:09,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:11:09,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:11:09,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:11:09,462 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:11:09,462 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:11:09,462 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:11:09,462 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:11:09,463 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:11:09,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:11:09,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:11:09,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:11:09,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:11:09,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_eab0bed28fccfafc247fd5e605139a4e', issue instant '2021-07-29T09:11:08.000Z', entityID 'https://test-mediathek.lmz-bw.de/shibboleth'
2021-07-29 09:11:09,463 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test-mediathek.lmz-bw.de/shibboleth' does not require AuthnRequests to be signed
2021-07-29 09:11:09,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:11:09,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-07-29 09:11:09,464 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-07-29 09:11:09,465 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-07-29 09:11:09,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:11:09,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:11:09,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:11:09,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:11:09,465 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:11:09,465 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:11:09,465 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-07-29 09:11:09,465 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-07-29 09:11:09,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:11:09,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:11:09.470Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:11:09,470 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:11:10,021 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test-mediathek.lmz-bw.de'
2021-07-29 09:11:10,021 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:11:10,021 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:15:17,057 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: StateProperties=eyJUSUQiOiI0ZTRiYTA1Yi1jZDgyLTRjZWYtOGFiOS1kOTMzYWNiZTRjZDEifQ
2021-07-29 09:15:17,057 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:15:17,057 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:15:17,057 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_4aa4f113-05c3-4ed1-9c30-880340daeab0"
    IsPassive="false" IssueInstant="2021-07-29T09:15:16.7380406Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620</saml:Issuer>
</samlp:AuthnRequest>

2021-07-29 09:15:17,065 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620' from origin source
2021-07-29 09:15:17,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:15:17,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:15:17,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:15:17,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:15:17,065 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:15:17,065 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:15:17,065 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:15:17,065 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620
2021-07-29 09:15:17,066 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:17,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:15:17,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:15:17,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:15:17,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:15:17,066 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4aa4f113-05c3-4ed1-9c30-880340daeab0', issue instant '2021-07-29T09:15:16.738Z', entityID 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620'
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=xVPLbtswEPwVgXdJ1NsmbAN2gqABUsSw1B56MShylbCVSJVLpenfl1LSNLn4WgI8cGeHnJkFN8iHfmT7yT3qE%2fycAF3wPPQa2QxsyWQ1MxwVMs0HQOYEq%2fef71gaUcYRwTplNAlur7fknHOed0mShbQQWZiDTMK1yGi4WtEsp5IDbykJvoJFz9kSf4UnIk5wq9Fx7XyJpklIqzBdN3TNkoIlZVRlK5rT8hsJrr04pblb2I%2fOjcjieJbpPBApGSs5xqM1neohnlWm8QmksiBcXNf3JLgxVsBidUs63iPM7x%2b9DfUEb5WjNc4I0x%2bUlko%2fXI6gfWlC9qlpjuHxvm5IsP8by5XROA1ga7BPSsCX090%2f2d8lF73E9rlNReR3bx6UjoQZPiJGD0pYg6ZzC3hIr87J%2ftzYCd2N9XJ%2bGfvjwBHOHCpKV7IqRAkFL7K8pFVL137lSd7xShY5hzKlS2BjjGjit%2fmJV6Hk3ejHy8bH15TIbjN3s2WOdk544O4yda4oGXZLKwPtlPtNdv89mE38zsju5fTxY%2bz%2bAA%3d%3d&RelayState=StateProperties%3deyJUSUQiOiI0ZTRiYTA1Yi1jZDgyLTRjZWYtOGFiOS1kOTMzYWNiZTRjZDEifQ&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256&Signature=e6P6GLzm8i7orGwBaYzgUNPEbW27yxgMwsjt6%2bAO%2fMRXgqT1zlZMWP357FgMOYLK0v4aTURNiNkG8nU5SYNogpxH1ne9dPGh9jUq1Y%2fM97XWKG6mC4mIGmyBnrD1HmYfEHrVRME%2fJ%2fg0rhrf%2fMqo%2b%2fzo0phY%2f8JvIBn1aXK8rcqBMURa5UkyyZU58RBzu8Rq27S9yGciX2SIdQU43jt0DQSmp1SalMrmFEfPWRM6WaVGw8AjdjVwzG2IBa5Utql4auem84FyIVpzMRYI%2fjR8bvs7htq%2feXPxY3sAkeSG6WYo3ARgjKoDFT6rfaiL5f7JUnNPK9jJZhI539fmUotf0AmLCLqYMj7OLlRr5kUPfYcF9j8MhNHSPzV3Yey7kYbkChaERZwYR1YYXKoBCWoUTl4JOqZ8v2yrw%2bmmWlKlLyaf%2fF5f8VjXlOSuURAukEkzwxgPIRDNuUURFR9khm1LCiVPh1LUbTNVkEWKfVUjhA%2fZdbVWNElNCSoccF9PoO%2bYLb9fjT9lO55es4H%2bngvWMI8JjdlkfXgrRidFV4rRNuKwmxDTHEI8DC7KpaklXy1IjlcxMpapm1NJfxiHO7tZFkNYUzB%2bMmvI4mwImCkR4MDijYNQAGZlZ7slJTC6FFsa6GxCEUxrb9ea5o09sbNXSviOoCv8KkWYKYiEXsrekHA%3d
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=xVPLbtswEPwVgXdJ1NsmbAN2gqABUsSw1B56MShylbCVSJVLpenfl1LSNLn4WgI8cGeHnJkFN8iHfmT7yT3qE%2fycAF3wPPQa2QxsyWQ1MxwVMs0HQOYEq%2fef71gaUcYRwTplNAlur7fknHOed0mShbQQWZiDTMK1yGi4WtEsp5IDbykJvoJFz9kSf4UnIk5wq9Fx7XyJpklIqzBdN3TNkoIlZVRlK5rT8hsJrr04pblb2I%2fOjcjieJbpPBApGSs5xqM1neohnlWm8QmksiBcXNf3JLgxVsBidUs63iPM7x%2b9DfUEb5WjNc4I0x%2bUlko%2fXI6gfWlC9qlpjuHxvm5IsP8by5XROA1ga7BPSsCX090%2f2d8lF73E9rlNReR3bx6UjoQZPiJGD0pYg6ZzC3hIr87J%2ftzYCd2N9XJ%2bGfvjwBHOHCpKV7IqRAkFL7K8pFVL137lSd7xShY5hzKlS2BjjGjit%2fmJV6Hk3ejHy8bH15TIbjN3s2WOdk544O4yda4oGXZLKwPtlPtNdv89mE38zsju5fTxY%2bz%2bAA%3d%3d&RelayState=StateProperties%3deyJUSUQiOiI0ZTRiYTA1Yi1jZDgyLTRjZWYtOGFiOS1kOTMzYWNiZTRjZDEifQ&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620
2021-07-29 09:15:17,067 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:15:17,068 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:15:17,068 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:15:17,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:15:17,068 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:15:17,069 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:15:17,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:15:17,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:15:17,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:15:17,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:15:17,069 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620
2021-07-29 09:15:17,069 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-07-29 09:15:17,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-07-29 09:15:17,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-07-29 09:15:17,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-07-29 09:15:17,093 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:15:17,094 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:15:17.094Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:15:17,094 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:15:17,095 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:15:17,178 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'jdacldsbxb2c.b2clogin.com'
2021-07-29 09:15:17,178 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:15:17,178 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:15:20,474 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-07-29 09:15:20,474 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:15:20,474 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1914119768::identifier=rick, context=org.apache.velocity.VelocityContext@608eaf5f]
2021-07-29 09:15:20,475 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1914119768::identifier=rick, context=org.apache.velocity.VelocityContext@608eaf5f]
2021-07-29 09:15:20,476 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:15:20,476 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:15:20,476 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:15:20,477 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:15:20,477 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:15:20,477 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:15:20,477 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:15:20,477 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 14d1a00efb4007523b8edcfcbab51637c831b4c38e640adaf9729d8c28b31605 for principal rick
2021-07-29 09:15:20,477 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 14d1a00efb4007523b8edcfcbab51637c831b4c38e640adaf9729d8c28b31605
2021-07-29 09:15:20,478 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:15:20,479 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@34fbc81e'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:15:20,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:15:20,481 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:15:20,481 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:15:20,562 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'jdacldsbxb2c.b2clogin.com'
2021-07-29 09:15:20,562 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:15:20,562 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:15:20,562 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:15:20,562 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:15:20,562 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:15:21,729 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T091521Z|https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659086121729}'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620]' as '["rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620"]'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@34fbc81e'
2021-07-29 09:15:21,729 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:21,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:15:21,738 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:15:21,739 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _6e2910a7ab0011eec2ed875641e96ed3
2021-07-29 09:15:21,739 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _6e2910a7ab0011eec2ed875641e96ed3 to Response _f9b47e76363fbecfd489e35c4216762c
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _6e2910a7ab0011eec2ed875641e96ed3
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:15:21,739 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent]
2021-07-29 09:15:21,740 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-07-29 09:15:21,740 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent]
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-07-29 09:15:21,740 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2021-07-29 09:15:21,740 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID IDEHMGL3DULIXATRYDRK4Y7F6ZILIZFS with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 20.185.89.56
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _4aa4f113-05c3-4ed1-9c30-880340daeab0
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _6e2910a7ab0011eec2ed875641e96ed3
2021-07-29 09:15:21,740 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _6e2910a7ab0011eec2ed875641e96ed3 did not already contain Conditions, one was added
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:20:21.730Z, to Assertion _6e2910a7ab0011eec2ed875641e96ed3
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _6e2910a7ab0011eec2ed875641e96ed3 already contained Conditions, nothing was done
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _6e2910a7ab0011eec2ed875641e96ed3 already contained Conditions, nothing was done
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620 as an Audience of the AudienceRestriction
2021-07-29 09:15:21,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _6e2910a7ab0011eec2ed875641e96ed3
2021-07-29 09:15:21,741 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620 to existing session 14d1a00efb4007523b8edcfcbab51637c831b4c38e640adaf9729d8c28b31605
2021-07-29 09:15:21,742 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620 in session 14d1a00efb4007523b8edcfcbab51637c831b4c38e640adaf9729d8c28b31605
2021-07-29 09:15:21,742 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:15:21,742 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620 and key IDEHMGL3DULIXATRYDRK4Y7F6ZILIZFS
2021-07-29 09:15:21,742 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:15:21,742 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:15:21,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6e2910a7ab0011eec2ed875641e96ed3"
2021-07-29 09:15:21,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6e2910a7ab0011eec2ed875641e96ed3 and Element was [saml2:Assertion: null]
2021-07-29 09:15:21,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6e2910a7ab0011eec2ed875641e96ed3"
2021-07-29 09:15:21,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6e2910a7ab0011eec2ed875641e96ed3 and Element was [saml2:Assertion: null]
2021-07-29 09:15:21,744 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2021-07-29 09:15:21,746 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer
2021-07-29 09:15:21,746 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer
2021-07-29 09:15:21,746 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f9b47e76363fbecfd489e35c4216762c"
2021-07-29 09:15:21,746 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f9b47e76363fbecfd489e35c4216762c and Element was [saml2p:Response: null]
2021-07-29 09:15:21,746 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f9b47e76363fbecfd489e35c4216762c"
2021-07-29 09:15:21,746 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f9b47e76363fbecfd489e35c4216762c and Element was [saml2p:Response: null]
2021-07-29 09:15:21,748 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:15:21,749 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer' with encoded value 'https&#x3a;&#x2f;&#x2f;jdacldsbxb2c.b2clogin.com&#x2f;jdacldsbxb2c.onmicrosoft.com&#x2f;B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620&#x2f;samlp&#x2f;sso&#x2f;assertionconsumer'
2021-07-29 09:15:21,749 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:15:21,749 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'StateProperties=eyJUSUQiOiI0ZTRiYTA1Yi1jZDgyLTRjZWYtOGFiOS1kOTMzYWNiZTRjZDEifQ', encoded as 'StateProperties&#x3d;eyJUSUQiOiI0ZTRiYTA1Yi1jZDgyLTRjZWYtOGFiOS1kOTMzYWNiZTRjZDEifQ'
2021-07-29 09:15:21,751 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer"
    ID="_f9b47e76363fbecfd489e35c4216762c"
    InResponseTo="_4aa4f113-05c3-4ed1-9c30-880340daeab0"
    IssueInstant="2021-07-29T09:15:21.730Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f9b47e76363fbecfd489e35c4216762c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>UNwy3QNidssMVo9DtHZ4CcIGeWpzGwZh0F9phwPdw9I=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>T/dIqHouBgPxRLk45qE6g+DNB9At0V3+8i7Vba+BF1N1QPjlNCfdzQlNtwfz35B7f9ypoux6KDlTA3gGplYgGI2ZiYiwR+k110Anv+P5Cc/Ya0b0rdTvez74qVhUslFElx5kYj1qIl9RKVGR/zx1d8EL+za5s9qzw7uNp4GzV5wBMYD89hm5Y3wmq0BNwcuKSmd6qgyuqVIMzYDV+14MWYWE6OyAKlCSwJPsBOXRxWtXBA2MoTeQps2OcOMfrC0t5PmPNHPXz2WfXHDJk+y5FTjcGNf2tEjEROdQ4CnYU/wxENY+ZUZYUghZZFvvYdMZjrHzBN1NtbHL12aqrmoT0w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_6e2910a7ab0011eec2ed875641e96ed3"
        IssueInstant="2021-07-29T09:15:21.730Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_6e2910a7ab0011eec2ed875641e96ed3">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>6tex8WZ3k45UM3c09QTUnwbGi7mhve59rHf3VFTBKSw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>sug14oXPsrC2MGh7IpZOVF28Xrio98VGy4Lqn1P5ZX/CKUhnLiGfLGtZSot6kULCjvH/4MedLdcibWZN+makP44Atim+uqkbQkoKLQgSJvGW45R5LAEEoYgUvkiZTuvC1+eHul76xiVdhwmkdIwpYLjXhFcgq3v38JS5Z4qF1+EWCmuHDBReq2Qw6fNRWeIKeMdKVk6kqHWUT46McVavTexvjflaA0Z6/EUu/i5qx85fIMPAGtXMz7OF7RmBkorLPJMNMayL/6/Sd0NorzThhltVgCfh/r4Y1SdOnAPTzrnI2QlJQ8apzIsjZXr0bwPo/sqlSDU9UtAL2CJdL85T9w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">IDEHMGL3DULIXATRYDRK4Y7F6ZILIZFS</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="20.185.89.56"
                    InResponseTo="_4aa4f113-05c3-4ed1-9c30-880340daeab0"
                    NotOnOrAfter="2021-07-29T09:20:21.740Z" Recipient="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:15:21.730Z" NotOnOrAfter="2021-07-29T09:20:21.730Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:15:20.476Z" SessionIndex="_238bc7b3ec373773dd35640faf09eca8">
            <saml2:SubjectLocality Address="20.185.89.56"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:15:21,751 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:15:21,751 - INFO [Shibboleth-Audit.SSO:?] - 20210729T091521Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_4aa4f113-05c3-4ed1-9c30-880340daeab0|https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f9b47e76363fbecfd489e35c4216762c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|IDEHMGL3DULIXATRYDRK4Y7F6ZILIZFS|_6e2910a7ab0011eec2ed875641e96ed3|
2021-07-29 09:15:25,649 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-07-29 09:15:25,649 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:15:25,650 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:15:25,650 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:LogoutRequest
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_56fdc59d-d592-4ee4-8423-a54227fe3125"
    IssueInstant="2021-07-29T09:15:25.4880482Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620</saml:Issuer>
    <saml:NameID>IDEHMGL3DULIXATRYDRK4Y7F6ZILIZFS</saml:NameID>
    <samlp:SessionIndex>_238bc7b3ec373773dd35640faf09eca8</samlp:SessionIndex>
</samlp:LogoutRequest>

2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:15:25,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620
2021-07-29 09:15:25,651 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:25,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_56fdc59d-d592-4ee4-8423-a54227fe3125', issue instant '2021-07-29T09:15:25.488Z', entityID 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620'
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - Inbound message is not an instance of AuthnRequest, skipping evaluation...
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:15:25,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:15:25,652 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:25,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:15:25,653 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Request is not a SAML 2 AuthnRequest
2021-07-29 09:15:25,653 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:15:25,653 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:15:25,653 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620
2021-07-29 09:15:25,653 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-07-29 09:15:25,653 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-07-29 09:15:25,655 - DEBUG [org.opensaml.saml.common.messaging.context.SAMLSubjectNameIdentifierContext:?] - Ignoring LogoutRequest, Subject does not require processing
2021-07-29 09:15:25,655 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:15:25,655 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidMessageContext
2021-07-29 09:15:25,656 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - Error event InvalidMessageContext will be handled with response
2021-07-29 09:15:25,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:15:25,656 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:15:25,657 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddStatusToResponse:?] - Profile Action AddStatusToResponse: Detailed errors are enabled
2021-07-29 09:15:25,657 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddStatusToResponse:?] - Profile Action AddStatusToResponse: Current state of request was mappable, setting StatusMessage to mapped value
2021-07-29 09:15:25,658 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer
2021-07-29 09:15:25,658 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer
2021-07-29 09:15:25,658 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler:?] - Message Handler:  Message context contained signing parameters, but error response signatures are disabled
2021-07-29 09:15:25,658 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:15:25,658 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer' with encoded value 'https&#x3a;&#x2f;&#x2f;jdacldsbxb2c.b2clogin.com&#x2f;jdacldsbxb2c.onmicrosoft.com&#x2f;B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620&#x2f;samlp&#x2f;sso&#x2f;assertionconsumer'
2021-07-29 09:15:25,658 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:15:25,659 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620/samlp/sso/assertionconsumer"
    ID="_9d7d0fcc1682a66c5fab83cc1818d2e7"
    InResponseTo="_56fdc59d-d592-4ee4-8423-a54227fe3125"
    IssueInstant="2021-07-29T09:15:25.656Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"/>
        <saml2p:StatusMessage>unexpected</saml2p:StatusMessage>
    </saml2p:Status>
</saml2p:Response>

2021-07-29 09:15:25,659 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:15:25,659 - INFO [Shibboleth-Audit.SSO:?] - 20210729T091525Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_56fdc59d-d592-4ee4-8423-a54227fe3125|https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_ae7008d75c6e5a534607b09999414fa7d54ae620|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9d7d0fcc1682a66c5fab83cc1818d2e7||||||
2021-07-29 09:15:35,460 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:44ac68193399b794f71b251e4beb821df3728e8fbe3787891fea11f2470576bc
2021-07-29 09:15:35,460 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:15:35,460 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:15:35,460 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_e5f3032cc2261872028d9e385cae9b39"
    IssueInstant="2021-07-29T09:15:34Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test-mediathek.lmz-bw.de/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-07-29 09:15:35,467 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test-mediathek.lmz-bw.de/shibboleth' from origin source
2021-07-29 09:15:35,467 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:15:35,467 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:15:35,467 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:15:35,467 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:15:35,467 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:15:35,467 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:15:35,467 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:15:35,467 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:15:35,468 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_e5f3032cc2261872028d9e385cae9b39', issue instant '2021-07-29T09:15:34.000Z', entityID 'https://test-mediathek.lmz-bw.de/shibboleth'
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test-mediathek.lmz-bw.de/shibboleth' does not require AuthnRequests to be signed
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:15:35,468 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:15:35,469 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:15:35,469 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test-mediathek.lmz-bw.de/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:15:35,469 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:15:35,469 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:15:35,469 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-07-29 09:15:35,469 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-07-29 09:15:35,470 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-07-29 09:15:35,470 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:15:35,470 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:15:35,470 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:15:35,470 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:15:35,470 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test-mediathek.lmz-bw.de/shibboleth
2021-07-29 09:15:35,470 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:15:35,470 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-07-29 09:15:35,470 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-07-29 09:15:35,470 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:15:35,474 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:15:35.475Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:15:35,475 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:15:35,476 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:15:36,020 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test-mediathek.lmz-bw.de'
2021-07-29 09:15:36,020 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:15:36,020 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:16:17,003 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:16:17,003 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_3vlfg506vvldddhifu9jfxqls96rka1drv3s" IsPassive="false"
            IssueInstant="2021-07-29T09:16:16.324Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_3vlfg506vvldddhifu9jfxqls96rka1drv3s">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>b3AOxSxqN+cE++1Tpm+ZdBcYlpI=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>U4BK1Aht9cLMexamGpMEKIVjF3guR8hw2GSO0VYibkPhOM5z0Gq0mksLOrhknHLyHHSsDlPJEfxj01z+nONWB8sSOsJes+8Bsp9OCdmeYFJ7BkDn33HxabiCfGzon7/orqGrFFqpnh3lYVQrBqbPq3Crxk1z+KWBmmEqJ3Xdz2bIbt4bo4uFhivzR7cvE3TPAnzmOfHISHbZt7XmamIThF96k5mB5yVTMmolMhysHPAqt55xypR9FXT5FZflMaySR49CEMPAvyxOsvOuUAbVgS0AgijHk+MNdrkaSSRefw7UJLEKWKn0Hz6TrIxui1+Lb/mKurLQBZh1i0+SQ9eEvxwypUlf38QIbR6X9x3yQecP6AgzWKid1B8TwFJ0E+Xfr52EqalRAEBlaAqbFLVEQm/uQtr+gGIjRGmH0AxbaejfhMFWo31+fuplmYsa/K/v006ai4SrsrmxxlhXOggTh9sYQ+agKBjGDPcVFEiRd/WjnMFqDtj+IAdStDEvVFB0u9j+IHTNRbCjWke6bGhtwxBQU1j4N2q9s9TKRICUeCayv/W9WswUZYZFN/MeUEDafkmXZs+r0w4ZF2mpSCWWFqPqv2DQApFMeDarBlNn9XG4b5XUEVd6IKqibwd+Zujxk9MQ2zkiimXt+LG/Zj0QshqaoLvNlL9RU/87Adqtj4s=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-07-29 09:16:17,010 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-nl.otc.t-systems.com' from origin source
2021-07-29 09:16:17,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:16:17,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:16:17,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:16:17,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:16:17,010 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:16:17,010 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:16:17,010 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:16:17,010 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2021-07-29 09:16:17,011 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-07-29 09:16:17,011 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-07-29 09:16:17,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:16:17,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-07-29 09:16:17,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-07-29 09:16:17,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:16:17,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_3vlfg506vvldddhifu9jfxqls96rka1drv3s', issue instant '2021-07-29T09:16:16.324Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-nl.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-nl.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3vlfg506vvldddhifu9jfxqls96rka1drv3s"
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3vlfg506vvldddhifu9jfxqls96rka1drv3s and Element was [saml2p:AuthnRequest: null]
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3vlfg506vvldddhifu9jfxqls96rka1drv3s"
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3vlfg506vvldddhifu9jfxqls96rka1drv3s and Element was [saml2p:AuthnRequest: null]
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_3vlfg506vvldddhifu9jfxqls96rka1drv3s"
2021-07-29 09:16:17,012 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-07-29 09:16:17,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-nl.otc.t-systems.com
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:16:17,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:16:17,013 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:16:17,014 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:16:17,014 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:16:17,014 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:16:17,014 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:16:17,014 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:16:17,014 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2021-07-29 09:16:17,014 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:16:17,014 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:16:17,014 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:16:17,014 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:16:17,019 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:16:17,019 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-07-29 09:16:17,019 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-07-29 09:16:17,019 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:16:17.019Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:16:17,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:16:17,020 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@882329747::identifier=rick, context=org.apache.velocity.VelocityContext@1d6abe6f]
2021-07-29 09:16:17,022 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@882329747::identifier=rick, context=org.apache.velocity.VelocityContext@1d6abe6f]
2021-07-29 09:16:17,023 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:16:17,023 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:16:17,023 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:16:17,023 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:16:17,024 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:16:17,024 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:16:17,024 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:16:17,024 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d88155e6e121e0fc7194e054c68c08661a67db71aeb83887a89ebb468c5a9b9c for principal rick
2021-07-29 09:16:17,024 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d88155e6e121e0fc7194e054c68c08661a67db71aeb83887a89ebb468c5a9b9c
2021-07-29 09:16:17,024 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:16:17,025 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:16:17,026 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:16:17,027 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:16:17,028 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _bcc73816656f6ee795ddbb81c645fd95
2021-07-29 09:16:17,028 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _bcc73816656f6ee795ddbb81c645fd95 to Response _55082847123c3d8dd83189561e26b047
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _bcc73816656f6ee795ddbb81c645fd95
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:16:17,028 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:16:17,029 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:16:17,029 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:17,029 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:17,029 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:17,029 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx9PIhE/p6nSrA2SOOL7E3q4WIboKLgMIsnpVw6FeG6N5afIXVhYjBAmCtPqdeHax8JBzx0eb+fJ48MtwAGPtgYBHrsAmN/T4lD/EKoO+FbhfwH6BcOXWUJGYra6CBQWMOmLNV916d with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _3vlfg506vvldddhifu9jfxqls96rka1drv3s
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _bcc73816656f6ee795ddbb81c645fd95
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _bcc73816656f6ee795ddbb81c645fd95 did not already contain Conditions, one was added
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:21:17.026Z, to Assertion _bcc73816656f6ee795ddbb81c645fd95
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _bcc73816656f6ee795ddbb81c645fd95 already contained Conditions, nothing was done
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _bcc73816656f6ee795ddbb81c645fd95 already contained Conditions, nothing was done
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2021-07-29 09:16:17,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _bcc73816656f6ee795ddbb81c645fd95
2021-07-29 09:16:17,031 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _bcc73816656f6ee795ddbb81c645fd95 did not already contain Advice, one was added
2021-07-29 09:16:17,031 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session d88155e6e121e0fc7194e054c68c08661a67db71aeb83887a89ebb468c5a9b9c
2021-07-29 09:16:17,031 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session d88155e6e121e0fc7194e054c68c08661a67db71aeb83887a89ebb468c5a9b9c
2021-07-29 09:16:17,031 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:16:17,032 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQx9PIhE/p6nSrA2SOOL7E3q4WIboKLgMIsnpVw6FeG6N5afIXVhYjBAmCtPqdeHax8JBzx0eb+fJ48MtwAGPtgYBHrsAmN/T4lD/EKoO+FbhfwH6BcOXWUJGYra6CBQWMOmLNV916d
2021-07-29 09:16:17,032 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:16:17,032 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:16:17,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bcc73816656f6ee795ddbb81c645fd95"
2021-07-29 09:16:17,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bcc73816656f6ee795ddbb81c645fd95 and Element was [saml2:Assertion: null]
2021-07-29 09:16:17,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bcc73816656f6ee795ddbb81c645fd95"
2021-07-29 09:16:17,033 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bcc73816656f6ee795ddbb81c645fd95 and Element was [saml2:Assertion: null]
2021-07-29 09:16:17,035 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_55082847123c3d8dd83189561e26b047"
    InResponseTo="_3vlfg506vvldddhifu9jfxqls96rka1drv3s"
    IssueInstant="2021-07-29T09:16:17.026Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_bcc73816656f6ee795ddbb81c645fd95"
        IssueInstant="2021-07-29T09:16:17.026Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_bcc73816656f6ee795ddbb81c645fd95">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>fc3pGkAqXSVl8zhxWE3r9CEP4Gq8c1ENzqgp2MfWSOg=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>IfJLxGB45Ut7xHdORf0LdAzdwum7sxoLItpuhY9SNnXD3AY6J/7WDlBc3z4U/7PrEF3+X5g3kdP0UDt9sASv3IIVSxKlwnYQrncKPrn4QFopjIo3aZBA4fTYnS18HLbvsrfdqTUT0DV3m7BF95I76Kv9MYuqcOjbYqIN5w8Gx8a8UDo3IgBzejexAkbVGg/NFd4rZvgkUWsVROyQrlT1UkY66c3H2ORozU3BG6Yimz8y8fI5aWQ5xyeeCHG80HGmV9midUwpy1sJUzrQPkTuMduEClsV67gceADUMMcFDshOM5zvF+oLYoseV094Boz7r4Gl0AyOuwRmGfWQXzRIAg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx9PIhE/p6nSrA2SOOL7E3q4WIboKLgMIsnpVw6FeG6N5afIXVhYjBAmCtPqdeHax8JBzx0eb+fJ48MtwAGPtgYBHrsAmN/T4lD/EKoO+FbhfwH6BcOXWUJGYra6CBQWMOmLNV916d</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_3vlfg506vvldddhifu9jfxqls96rka1drv3s"
                    NotOnOrAfter="2021-07-29T09:21:17.030Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:16:17.026Z" NotOnOrAfter="2021-07-29T09:21:17.026Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">OHWTZ/wBK1dLx1m0SP5bGutvVFT5mwABMRN1TmMpFfw=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:16:17.023Z" SessionIndex="_91d6f5aa308cf2b69841cf0fc6939481">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:16:17,037 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:16:17,037 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-07-29 09:16:17,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_55082847123c3d8dd83189561e26b047"
2021-07-29 09:16:17,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _55082847123c3d8dd83189561e26b047 and Element was [saml2p:Response: null]
2021-07-29 09:16:17,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_55082847123c3d8dd83189561e26b047"
2021-07-29 09:16:17,037 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _55082847123c3d8dd83189561e26b047 and Element was [saml2p:Response: null]
2021-07-29 09:16:17,039 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-07-29 09:16:17,040 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">OHWTZ/wBK1dLx1m0SP5bGutvVFT5mwABMRN1TmMpFfw=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_55082847123c3d8dd83189561e26b047"
            InResponseTo="_3vlfg506vvldddhifu9jfxqls96rka1drv3s"
            IssueInstant="2021-07-29T09:16:17.026Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_55082847123c3d8dd83189561e26b047">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>/9SmsD1jwaZSzTNSZlu0Vgp9EEi95T5GBR/ZF4GuQpI=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Mt8x58Pzu4+tDfWX09hx2XG5DOdzxi59MgBKFPOW7tnBaVN3IcZSHCl/rJBSQGfP1OZoCRiTOW6Xis4PvTwamCtwm/1i/zqEkWmPNAYbp+98L7Iv2K5jglkF8TIX9/71M1+KX2oh0qhVOBRt/Olyb1p8u3LTo21V/fwTo158zoZzHh5ki9GRkbgVuzZkM5PbGlph+PoeIbV0JGzhGmYXCBTjQo0nDiCFvsgsYKxdVQ/Fh/oGyFqfIjNGuzxVoLRZdhqcajvOAwSJCO74xSJD8z0i6T2uC1AS5dPCqrhHPR3ls3rnUyWCAjV1R/+X9xoAB9O0Y4MZlUgRSR/7P2/wrQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_b9c0cc28be0c354113a08a8b8e436fe9"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_fb099c1b1beb85b89b3c6a2c74942cb9"
                            Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>ADjl3TbqdbPe6wZIsVdYCH08lbJ6tSJYPYKHZkFb6a4slsgzNleOo6d7eQdqNbPvn1GCADoDI1nud0ATjIkyHCsPmgrc2CSUmmpXm+llxIf/EgtyNUGYUL/NxuqzO0UCndN8f/6YBTZFkDMixTSGVq1fgGdKFCVit/9rAbkRnSHupni4RImio1NE1u7lAjj8FomsI/cyNA97shTgp6HOO/6F9hNifNclybhr3fJn/cgkv6DeZnrrMuSsUW9YPwezNZhiPv1wiTE9ycaWmCzw2KoOkJgiDFLckEwldtLD6YmCQ8kO4ab2+3UMioZlYPbRfVqKi+TInNfAGySPFlex5BswVjfOsHkD4scNhg7tVGuZ1eyZkIYapnZxFP5dGMTMI1LaSRv2Iba3OEwXHrpHgbjJW33EG4SalDRlgWxSZH+gQXWYk6dUqtVHoZ6gJdfSkAIHmXtusn1Io59In4LZjYeGn7I3A4dPwyZ+3LaguPglCGYZooDvIa4PbjBKluFM7jIBsP4aODyUMfIAU10bHHwfW3EYAa/VnPHhyUl4pMT7Y/v+yQWG8sKwnVmJanMlUCpXrwQZfLCQ46wpiWZHrmsdrNT6CYcIvcmZjIlyiAC3XIezHLIvLP1+RD5Hxc4bB6d9OQEsyXJ9eS6IoGXxHaTxOUh2rOvMC1Q7SzzDza4=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ezj7TYNz+7dgcncQOByskNlJIm7maQ+8kSSmB3uCm+cGLb9qqPnH3KMNXREJcS4r5pzmv3g1lnF7nuRp83rd12OQjyVU9SdJAG0YLhg/roDbQzI/lL3aPCUhC2Kt3Q7WbGmz9xGnKGIkKpJ7BnQBF67RYqv75fnfECbCds/VPSYXtHInoT08MQnd1QhVpMtQ5PSyNWgJrDVOch1OJP/g99IT+ugib6bOsQAld6yyDnDJ9tIqBnR70BhRNGBtwH/t2zHPNcXs+SpGv+JPE1Cyp6y3R2m5DZUTDRdGTAEctPtgVr+sJRhqBVhAXF+5E7QZE8wuhPFHeZgAETpxPpG6RMcDU1u2iqUTqUOsAs1vZ+1oPWAzrPm/+WAaPkroHi2P7OrDD7hDWDF3t4oJkGC18RQtn6fAWOVO2QCB5ff2d0u4J/7wxjIsq2OH4geLqpRzL1TYow98UbAMOVFVZMGxUnrGs9zWNA3qUmjVNz11c6Y7OJnsRR5HKVOsgcV5PYOxi9pbYhtjb0rddInYkP53QUHybNPlHl4Qh6ywidOSp/iiJBC7I9shC58TRlRkbPSbbudCzYmMF/83UiSyWDHO2h9dtDOfzFvpUyyHI5DhX3BrB5z6XQf7Fiu5m7H2Pi5wF0DBEhnhn/G9grnxEpD9nxBQfLR4XCmbWaLMkIlKDHjUbRVz9ag0EWjrtiHAm8CwOetmqlQ1l4gjq5aVWU3qV2Acpykz3ZD6CN+CTe9LJmTgD1um/IziTOptyH5EvH0VruhTHrrSD7K/P7qZTiXV7vXPDjjIM47xAZk/cQwtj0HA4nJ1ZFw6DtW7Y/fyUQmTIrS9hYHz5Ufm3XRehJt8EOYre8kKyt/NbburxItnSreLnJrJkZQupJPFH2n4v/P4g0IKcya6rMtc0o9LRIjEQbOBOZAk12ycA9baHzE3CD2MazfblS5pT6prgjOQBVtJOGecyvdXHIcjvhvC5hTYM/SUAb6t3J+x1FlKqLsC+AkF3qvYskfo/bHIVLV50myp8ULI0iJdpXV4W4kj0JEusXrpDAypfU3nULNfpAkOsGxZtDW00yIiMRb//Bc/OM3lrUj3+Y3Po735XnFm1S952FGlb9nAU2WARcTqFkJiiZbnspyKgxGFJoknvGf+HnIzhwzOWIyqRywiCobX0MVz3UTROmq9d9IudQ5rbSiTFmQ9FzCaWw67W04MA47ePEDUPlD4K9JNSfOiCWFUla2NxLfhpjKuoMvX/ceJhHiJwBVrNaqBmJHMOKhfoPAHASy4o7UTra81lVM19DUrbPTfMJyoyAI9JIBpWyCwo7OzrxVWaGrRi/gWd/O7mzHpM9kEMAggKNNx5haPqylYTgsDM/0Z4hgvmt4kqKI50cE4Gzd1zT+8pdOKExoHSEkIgVUZewGFt6AxRsGajTISyF5rPnn6vYJso4jCzr1Itt7YZDY+zdvP01CCvID57meU/IiBU66TerdIhfItm/xmuVacOzT8yXxT41eyJIYJGbeGj0cCVdwFkyPWrTdNx2ytafZ+0OHU+oDARLzh3wmVjeJGsohIl0piFGcsa2yr5iXVJWEWuu3a32nZBFmKLmc6IBOw/ZOrf4qJ3oqYIDJhxyVuDTEs4Ke7CgYnC1l8Ml+eZHUnkXtcZY9+fIKo/VcxwdtrBkdtukw9sw5wX0FWF9You7zjGlDf/NLN5/kYiVfLuwHOiMgsbGMqd2LBayOlFKYRnroq/LHD0D+KBE98hYSzv3M7Ph1043Cmun6BbtLZt6fkMlysVERhr9b6PUks0s/uFnNCaR1SFFWfDTXkDh+u6OXwKs9L38okxWOq2ql8O17R1Ji9wxIlW2EopCWJOZYH7RzefeK3n3xFub8YYaG8OJ+V6+oFvq868BQyBWkXWEuiIsTVwn8Z5qPqFz4yrUgBamD2bFc0foVrdHp0pxvtAEhi1EYW+V4NlYsLzK0Xr7z5iN5avQIPl9QIzTI2fGmPUUvB6NSDfom3oia5sQH0dBgiTaVx4DrTBDiCQosJKnrcxhCopJ+wDyvTlZNeJz8VHt6BebZNkLStq2c/YzIBK/x8HeZLOVdldBMijb3bNeu3cO7qaTHYcM54CiucyoBZ6ASX7mxp3OVooSzqWK+Sj2RJmVzgQ7TxUegZE+nsSiIXatXiV/EummkHJqtHkRZcoZ6J1ykzxGmh4ylOghiqjJLLgbzTrUwHND23MIcEsdmy0ywCURfJNpJH+1sXKyHBPU6nksGRivo41e89Vr8bQ9nwhnutp4mRkwr91NMgYDgUpYPvoMiDnhKFo+L2p++JCxDd2Mk4eDBVxrAOPdIRWV+PVlj5C8UaC7hjLQIup5L3AsZJNccEWB/nnSM0MzR+Ne0BgFdV3UgKK24101P7SgSF8zKiyjg8mtuRqNGYFSrCeiucmlGeTEDKej9HUdjWXvxwbV7gnpyP9RTaar3duhPKOCovftwt29yPw2Ee6YHfv6fVRtdmrOX3a5eC7cYhm5Z34AFKVNX+JG99HBYySLaN+48Lu1YVO2uz0d46SEg6PWb4TRD/URPM1T9YhC4kxnWITYS7onC+U1O7NIcq5DwPtuFvABms/KOWHX7mPChqB2yvprjHGG70JwbpaukqTrS75WXWiEEMcdzaKzD/5q4BdG9ff7pyRXHWJOqQfwdifZNEe750GeDA5Hy9msSd4FKX7Tz5nILROCXSkkDT3O9WYhak0zjNvKBHUHQ5CTaxJ/4nKDsceVKOeSd6WkU3I8PxqRQUfmNsCN1yApco0BUPHTXMwMTR2xyQUBXJJR46SNNquwBgJh5/6SlwS+YDggBUjY8wONS846F/brQrF+/w/+hsqzbn1rszDdLXzMQjx1M7FwZ4Hzo4xl9msiSOuzXNLx4j7pmWgBNpZoHpJ/4Ogj2DJGXz5/8A5/0J/ciSpaBbvZ0GjJ0kavMDXZddj5exsOgTVih1msfRi2NUAxmVNLPYsSuojIAIHQOc/iI9pqv6Goiac4RNixyO6mqyQwG7ZeadmIzr7iwrYY6alxyk2cJBurn0A0dOdL7GW8Dsar9XOqusbDt6uhSDgCZal+5LPiGYDzdRA1VLe1tSEhPeS8pCNe2ghPFELZF/XnYRCDhJDIUt/kYUReDcYOqRhh7os9h3952pYpZ1Rvzo46qqYODZTtzuMi6Oyx2xyc8m5HoekrUOob/DHIUmzv7nMd9IgydMbBqk3aGdEQJCM7SeJ3l/+3bGxcLKiQLrDuvTggE5QOneKZabTy+ubqlgfrzWzrBvSaaEkB2amLeXkCuq8xboqHbmrb4UUqjo3YEVaqUvzx/8TtD/8RJlBdP034lqPjRGMq60PY50E6aV3cwITAyyT5jbr1VDvOM/yd1t+z2+aExkgy1XrQEEAV/1Z4Oam1Lo2XH+2QPgvWSId+wf+6hGpBZpzb08m5dOzlQEuttNoO2nx1qMqq6AZ/pgZk4RKxMRrIIut4Py4kUDKoqI0Pp5VLi8KVyQ9ApxCLnA04jT8ENDNZYIxswVZ27fOBj6DVVUZrHwUdaDdB/Fg1dDuECHlIGifNGbD6K6D1SyraS/0emZ1BzwCEqjL+hG6WW+NUtx3z31MCSyXF5mkW8SrPcjEMTPPqGosjX4ch0w9Fm32vPypO428fFfPaVs/DDYZXMMMeE/qUpBo9gZ4Hdg/GbR5v8sAK2hZSYYPg6D9kfALU94jXuSz999D3OvF/kn7aLriEkZYi7ZkybwjFGMnBzFUhgNQInpJ5Qze6jAw4Dh+HiqvdY50kIERf/+y5eMbW0aXt17s6is1UhpuiAu+gK0OivRMyoJYEu2vAbllVeP3xB9tzArB8bn6/nimZwlfhmLymTKPkmNg7bk2OI4zrerU21vIcc82fZy3/gYdAyguBf2w/J6f4wFBVxWjrYu6Mt6z8fGiOI1T7/cPOw3PJTJF8E2SrwuwHWTlE7kcBI/U9Vy3S5aUEyjnwsu8tzdA0CyHkoAzOqh1npGGxLxLQXL5UmD8wSfB3ndqFHXsl/gSU/pi/GpyQ6WFuW6zBYKyeeg8tyzzlgFCfy2qdNZ42RuXOeT6SroUrJwy7pUA74HjY4EaVKaOnOcR9iiVIIUGKvKQ9MDKRyYqSpMIXw+4ZDN7hycut+X8rYCCZ6BRcosYLpg0stixza3LK1HjhpXWrMR9rMv64n/bB4xmfT30OYfNZvvxO19lcUr5l62N+HRFZWjvL/gFABeVVCi8bZBkzAj0fLyQ1wGPeGCDdmSEL9qqukS6mL7FsN0GzQRw3hx1yiB735ATcWKl5jCHEFkMrFw8bHqVBwXAqG60atuQpzYMrUIU+nTZRztIrTewhZK92vteEX1uT2UivpuNAk6/bnLyaDtj038lBo+khodFuTWWibhbZiXxo8S+jfpff8KIDBmz1vD+hlKLVUQOeFm6itNkdf/tPzmGvRkL6/rn3uKa8yAl1hjlWbR5Fs+fSNYvWm+gjxbSAhgTYglcakXFRX/ft1ox2IqbF7FTg/I6j8R+zUao9LsZS5Ff8yV0chs3wscPg7FRsOgJpV0+UoRWZvTBRCPY8XYRKSWg2z5L84FOW1+2tlNPpr+iW156Q6v1q37Bz8kwj/SxdEXypZSetV0dmT1p8Rh4tOTDqa8t15TSin9ELROMxvAjDr5ZCCh22g8R2E6jC0q4srxTaZ33tz/9Ff8i3FL3uQoPsZ1Nnk9/RMTjPm5IG9xZZRKYQOMfpC67CphTRBMmfPJKa4O2/bEKzQ575dTZmJgjtA59CJMDrdCoP6W0A5vCFXb0Ps62+UQVTL5RE9MKUBrIMQ+R7tkTBzQgjTWHY1eclVpZJCPjZDaoY9YZ3fBdmLwGC3Cj3MEA+lBoOMNLF6OgfQrEjSTmmM52SvyK0qXE5NyfNHkjWGL6mv57GtsFlw1wVEcNbfNt9j8iRV2pKOsn17BFOirGXRCf/49GjZc9uKK51hFqJxQzqh1U9T81fh8XpSoMCResnl0rKXwV9CdhtJ+rSoLRyjg8NTlVPS4EXlNUGBZR6l13rjbC0YeGt1p9fPGtXuz14SoXHLePDqryvDftQ3wQUadm8ZvSnN2usnRw5VFbhA1UgBuYRxwEqk9C9e3ilXVlWuMXne89rK6cP4sL9m5AxBCGCBTZkrSsVkEBDlJJjoRlRbh/XJL59tsv6Hd+Xs8SRwLJjzCEf/sRHFY/3na2B1gHKDIDHtR7N+/5TwZmtJZru3JFhxwKw1M2IaOmot9+V+111cmfltcddk6+UKG0C+kTrPK7ajZRkPpMaeyp9+G4D7m6VSHsqyzaAPYM4jLdu5Iu/uyXKR31emczW/1sSrWRa4ycrFu2/nRvjiQfsvNsnaxH7otqnQWWitNfu1YGv9ttpvU9PjxhA34md8WJMha7mrU3FJIBAuYnce2C5CSpGA6JX0dIeaQGHtEPzp/lfk6FRucjlgCiNgSwyPnOVraA7kmkN25kdhr+664CepU/hC7a6qPAvmDIJ2ejDTesJsjaqX5zy4pfrjCRga+QUvu+AbqyTujv4dirmamxBB1ZOxZLzyTU186KuNm1TCEbnd+GhX2/ZQxzKIkt2ye9qErQYtZUJkMqXJ/SDLn9ow5uqQiHKOHP8+wTaOVrSYoXOh7H+yfooErusxaK3dXUX2FUpwQ7xrhe3uES7XIEwQ234Q+Mbvs+hHuQjSgvYkSiBOs4PswaWTen4xUijz5Ar7xR94BjSQ9u6a3gESItn9CmUeLwglkzJSuFGIE9lVRrwUeWlJUr98RGBq0eDnDRXFazbY8UA3dBPXwS4F54b4rPENF5QbK4naY6oErGVUvJRQ1Kf7e53vH3EBnN8ifhjs1u0RGrwAZbz4flmufJQmAZbySL0AyVpdLo+fUCc7Ai6diyX/QI72Qvam+3BgE0K5YNc9vhzlpyT6IM6suX9kMHkF4HEq3s1vh6EGUUw5OYd5wRwyLQfHCYGtZGlU0KBTqq/v1q3xsEatpAIGELFlmgypUskZyT8H93eGsQaVTaXgbD+xRznm9jkNmJftakMbQsHHSwHxEuvsFHiskCYGiYfFierB1sJpnL808WEtHdphNvziFicSorMef+7zUkHvwXpqMrZJ1qEs5i7ZWb1txounZAEfrxeJUnt+ZaxuM3p7CuLmEacvKE5xJFOTQ1LEP45PpmHBNXRU2a5dnAG4M+33MeCTGOE1xq12oG/HSGAMY2nSoUMCaXZ0VCMIICaapHX8+MbltNk+OD8hV0cWsXuXnChKkPZa50DkHiaoQUlMLRlb/jQISInewu905n0jO1WvsV8YOpgJ5a/Nvs1geLJmBGTUQCFLwOQa6zWj8Le1sx6ie6q21EiQSS0a65zGOfLn4kv/vHaUmMeiPm1HRrMO+VoO2uQLhIL3dCKbQAxLR2bjEwczIS/1T1ZFXIxOsJdSy+qv9aaryXIjrna0EZMIBa6LSjyTXB80JhWk6MnN27qcutK12uN53CFwO++DI5XG7LfNIHop0TUN/AOlgvW77zmZmexvWdmcHOElslncA1nIRPRpiHopNLFFlaGEZCUG5aw7V1cjTzRZqSmWPo8tYuLCMWR7MTMHbCDYUoUYf7+uavglRqyb0cnOH/frczRm1srFe+PsuefyVzoEbAtsRCCxUHrIAknqsxdQ2rfzccBMtz1/5o9TJlojIjbZJEjmrDdoIYOWcgcM3/hUmRtjZMcumUxnvpqauhjUK6uY8ilCG+s2y+D956jAroI0qgFCAkeV6Wu0x0/LfSv0rDRaVGFu8ZLzIxdE+ZeiJ3iFAkOYYTK9Fx1BHf4BnJRiTtiV027nral+VKAiNNtxfUr5V7N0vmQYmWJRch2pgTVKiAxqdoec/0mlPg5OxY8KEhziQ3Ncbk789ysRT23Q60jTn45fHk4mH8DdsJFqpZBBVSFSdHI1v7dvhGs7cYj62/T9mCnso1vLd37dKJLQcgQkgbj/5qfpGceHmedTO9r2nytJsV6XGo8VR8ZMplPfpysOJRlGQ9O2Mfpt5w8yjyfa5b4QAAcGrYGHack2UANajnf7mY7SHSdh2F6H1mUaW9Z9HHIpoa4fhRe/bDyWZJFhGeKev+O+oYLiwU0hFwn02n46xPS0fSB9rLLHHsKHjAKOSAZAXzzzzQNRH78Ip+OVWXyKvY9VFcj/eAGxpR4KqWoT2vklZ9+7nRIchq/kYrN/IGzlm/QQ7dWI5TH8UY5CLUQYapcC0CcELn8jWidLKmnUyxVejboOmpPvShXbt/Avj3rLJRTJLRHndA3RcA53APC6rx2HKUslLey1bVF5TKATlWL9Tpj6FCUK7EAqJCTBeLmn221qNMb4F2Y1080v2kXTShSYxoyQf9A/dNcGliwrdUakB+x/FQ/CfH4vA26li8sK4dytNJ/BrVbYJAUbY864bHsVmrylSzlmQUwxqtY6sxHR0PM1cDRDNelj9OdZtBw4GBuZtkjw1BrzBGxVm0tlIULAfj4j7NSUsczgfb+QKLOQGF1IH54Ut8wKRzsFZsaUTWpU3Gs7sIuJuRAH6invYfsoStLeXQZHmD1MePvQSs/lFHZnlLlolTKRnMShRw7uvOZLAZmlmLXvqJSSUgHZ5aMT3mgy8QJwH/jHjVp22jY+C4R3fv0n+B3f3DU5d82T0E8McJ6oXEpsy8Nq+RbwNI9jpCol4OgP2JnJ2R3nMIbURivSax3rurq1ZSPc7VCb7gAAFz6Iut13+/r/I3+rJAwDyO4hkyhJDZ5p+hNrJQCR+LxGYg0ZsD8E+TSlLdWZrsxnUT9Mih8PwetmfSxzFoXrgpb+plMXyFgmLhA8pWFAZLfv/XHc58E7VadScRfTnJBaKe1gDyt3J5ukgr8+E2+Sda5M/IiVlW0SNQV4GFa5IhlU1l1JhtTp7+xylNsb+8QxG+IzgtahHKRDoXShfDTMP2QDfWVa0DrEf2wGoZod97k/6m0SCnxMfYLSwNqKj6gMYVL4+cl+CQPPGdg+ZoPDw9q2/sSyUZTRaNVTXVnRKuwusbT0qIeEBGJsHVepRTtXBJIG/Udcuf/z/bGbb81kicjsLBGD86gp5DN3HRBFj7t/2M/rMr2ETz/n4iknceLfmNOyNc31IMmgjqZTz/Qa9rvMBCT9GFbYd1/mnerKR4qxdF8lEDfAkNZ++30LI3c+gdT5JRbFHoPNkWsnzrSiBZU2vRHX+5+W4xgW79nHL781ypWNAHP6lIh1veyWjwLECBx2mtRRekf2X8qBlzNc+8mct4SV40KX3yTt/DqqtjyqzkZ8wuAny26AjE9oc/6FiqaQBjst1Gt9tOAcA6ovlf6gijlnVWQ59BDls+N3kFLoKc7LTflcUMPzX/Eu8keHJccChs/3ye1zrb5q6hQxj/EWisNtojcgzCWai5h98Vt4z6SFnkXa8BilsBYLmvAqnzLSTVrHFLo5NKPlhg8h8G/CzdNNrgyg743c/pPfF9bcX86LXj7QmxQ96iQVjRArBWzyJWRbPq4+wO7r0bsAd3u/AFPA5jhkgGxgPJKsFF+BTsyLGGyQGq1ubvQZ+CrhQTA/0mbsFZMD0b6S06Og=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-07-29 09:16:17,040 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:16:17,041 - INFO [Shibboleth-Audit.SSO:?] - 20210729T091617Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_3vlfg506vvldddhifu9jfxqls96rka1drv3s|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_55082847123c3d8dd83189561e26b047|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx9PIhE/p6nSrA2SOOL7E3q4WIboKLgMIsnpVw6FeG6N5afIXVhYjBAmCtPqdeHax8JBzx0eb+fJ48MtwAGPtgYBHrsAmN/T4lD/EKoO+FbhfwH6BcOXWUJGYra6CBQWMOmLNV916d|_bcc73816656f6ee795ddbb81c645fd95|
2021-07-29 09:16:18,998 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-07-29 09:16:18,998 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-07-29 09:16:18,999 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-nl.otc.t-systems.com, acsURL=null, relayState=null, time=2021-07-29T09:16:18.998Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_5fbd9248-c237-4f6f-9352-764078dd673a"
    IssueInstant="2021-07-29T09:16:18.998Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-07-29 09:16:18,999 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-07-29 09:16:18,999 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:16:18,999 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:16:18,999 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:16:18,999 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:16:18,999 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:16:18,999 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:16:18,999 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:16:18,999 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2021-07-29 09:16:19,000 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:16:19,000 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:16:19,000 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-07-29 09:16:19,000 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5fbd9248-c237-4f6f-9352-764078dd673a', issue instant '2021-07-29T09:16:18.998Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,001 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2021-07-29 09:16:19,001 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:16:19,001 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:16:19,001 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:16:19,001 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:16:19,001 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:16:19,001 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:16:19,001 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:16:19,002 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:16:19,002 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:16:19,002 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:16:19,002 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:16:19,002 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:16:19,002 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:16:19,002 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:16:19,002 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:16:19,002 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:16:19,003 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:16:19,003 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:16:19,003 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:16:19,003 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:16:19,003 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:16:19,003 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2021-07-29 09:16:19,003 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:16:19,003 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:16:19,003 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-07-29 09:16:19,003 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:16:19,004 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:16:19,005 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:16:19.005Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:16:19,005 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:16:19,005 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:16:19,005 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:16:19,006 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:16:19,006 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:16:19,006 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:16:19,006 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:16:19,006 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:16:19,006 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:16:19,006 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:16:19,194 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,194 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:16:19,194 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:16:19,550 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-07-29 09:16:19,550 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-07-29 09:16:19,551 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:16:19,551 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1827370927::identifier=rick, context=org.apache.velocity.VelocityContext@10ee9c5e]
2021-07-29 09:16:19,552 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1827370927::identifier=rick, context=org.apache.velocity.VelocityContext@10ee9c5e]
2021-07-29 09:16:19,553 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:16:19,553 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:16:19,553 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:16:19,553 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:16:19,553 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:16:19,553 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:16:19,553 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:16:19,553 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ac2f637c7fd9640b9c8863356d9f3d63f1577bf66c8f2f4eb80dcfc7131e80b7 for principal rick
2021-07-29 09:16:19,554 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:16:19,555 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@571d074f'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-07-29 09:16:19,556 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T091619Z|https://iam.eu-nl.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:16:19,556 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:16:19,730 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,730 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:16:19,730 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:16:19,730 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:16:19,730 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:16:19,730 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:16:19,907 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:16:19,907 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:16:19,908 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T091619Z|https://iam.eu-nl.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-nl.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659086179908}'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-nl.otc.t-systems.com]' as '["rick:https://iam.eu-nl.otc.t-systems.com"]'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@571d074f'
2021-07-29 09:16:19,908 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:16:19,908 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:16:19,909 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:16:19,909 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-07-29 09:16:19,909 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:16:19,910 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4dd091ec1d4ad1ee67fa091d02049ebf
2021-07-29 09:16:19,910 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4dd091ec1d4ad1ee67fa091d02049ebf to Response _cd55d6dd4be2fedefbd3adf5358a12a2
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4dd091ec1d4ad1ee67fa091d02049ebf
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:16:19,910 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:16:19,911 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:16:19,911 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-07-29 09:16:19,911 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-07-29 09:16:19,911 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-07-29 09:16:19,911 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-07-29 09:16:19,911 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-07-29 09:16:19,911 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:19,911 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:19,911 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxtzKyQntbcNodTt1Kb3Hvbcbp5Z16KI7Ch/++pxd+enaL4TjRqBpdp+Mw5+VCS8wwmNw3IuOWiD/tE6b6zWTB7VL8EylDI4PxG7NR/80R+/6Awp+UBabmEkih/YHUO++wEtzGpe3U with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4dd091ec1d4ad1ee67fa091d02049ebf
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4dd091ec1d4ad1ee67fa091d02049ebf did not already contain Conditions, one was added
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:21:19.908Z, to Assertion _4dd091ec1d4ad1ee67fa091d02049ebf
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4dd091ec1d4ad1ee67fa091d02049ebf already contained Conditions, nothing was done
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4dd091ec1d4ad1ee67fa091d02049ebf already contained Conditions, nothing was done
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2021-07-29 09:16:19,912 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4dd091ec1d4ad1ee67fa091d02049ebf
2021-07-29 09:16:19,913 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session ac2f637c7fd9640b9c8863356d9f3d63f1577bf66c8f2f4eb80dcfc7131e80b7
2021-07-29 09:16:19,913 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session ac2f637c7fd9640b9c8863356d9f3d63f1577bf66c8f2f4eb80dcfc7131e80b7
2021-07-29 09:16:19,913 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:16:19,913 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQxtzKyQntbcNodTt1Kb3Hvbcbp5Z16KI7Ch/++pxd+enaL4TjRqBpdp+Mw5+VCS8wwmNw3IuOWiD/tE6b6zWTB7VL8EylDI4PxG7NR/80R+/6Awp+UBabmEkih/YHUO++wEtzGpe3U
2021-07-29 09:16:19,913 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:16:19,913 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:16:19,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4dd091ec1d4ad1ee67fa091d02049ebf"
2021-07-29 09:16:19,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4dd091ec1d4ad1ee67fa091d02049ebf and Element was [saml2:Assertion: null]
2021-07-29 09:16:19,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4dd091ec1d4ad1ee67fa091d02049ebf"
2021-07-29 09:16:19,914 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4dd091ec1d4ad1ee67fa091d02049ebf and Element was [saml2:Assertion: null]
2021-07-29 09:16:19,917 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_cd55d6dd4be2fedefbd3adf5358a12a2"
    IssueInstant="2021-07-29T09:16:19.908Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4dd091ec1d4ad1ee67fa091d02049ebf"
        IssueInstant="2021-07-29T09:16:19.908Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_4dd091ec1d4ad1ee67fa091d02049ebf">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>YUBw0QvqRy2tixHbQNhtUUsnDKvdueYVyitQIvbzTeI=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>V9Mggys1X20RP++6k/knSebdFF+GtnH2DFdSTCT02Gi4NERjR8HxhsByo0aSVaxtbarzpD7QCSs3C9HVtp5ba+clIngojEZP8pLAEIEdpgoNvgraIT9L496mVlf7vEn9s8UxlF8DBK4bnjLTl3Zr5VtB5cgRlFPg5VIbnP1iYxVsxI38p3tVlyHPbzubMB1XiD+XO/XWz2yXOd94yU9QiL7IlmUPjX+JAcfMbH1dVPE9F2Zsd4b6fOv+Sq410ZS34LLTCp9mnV3s4kkYYYz+HzwUCBoy7DI5BW/H0HBpwm+y+zOqpbkZtlo4q6YZxi3TtNLYELJaLL9NaDpcw/CB+A==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxtzKyQntbcNodTt1Kb3Hvbcbp5Z16KI7Ch/++pxd+enaL4TjRqBpdp+Mw5+VCS8wwmNw3IuOWiD/tE6b6zWTB7VL8EylDI4PxG7NR/80R+/6Awp+UBabmEkih/YHUO++wEtzGpe3U</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-07-29T09:21:19.912Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:16:19.908Z" NotOnOrAfter="2021-07-29T09:21:19.908Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:16:19.553Z" SessionIndex="_163b3785378994c88a3f44ec78574494">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:16:19,919 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-07-29 09:16:19,919 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-07-29 09:16:19,919 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cd55d6dd4be2fedefbd3adf5358a12a2"
2021-07-29 09:16:19,919 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cd55d6dd4be2fedefbd3adf5358a12a2 and Element was [saml2p:Response: null]
2021-07-29 09:16:19,919 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cd55d6dd4be2fedefbd3adf5358a12a2"
2021-07-29 09:16:19,919 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cd55d6dd4be2fedefbd3adf5358a12a2 and Element was [saml2p:Response: null]
2021-07-29 09:16:19,921 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:16:19,921 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-nl.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-07-29 09:16:19,921 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:16:19,923 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_cd55d6dd4be2fedefbd3adf5358a12a2"
    IssueInstant="2021-07-29T09:16:19.908Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_cd55d6dd4be2fedefbd3adf5358a12a2">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>a/LDG958UV8Ppa+cWoJ3eyjWg4Xy9ygZLggTscwAsZM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>T0v9kOBXlAXNR9Iaq4k+Z3I6ifLSiPMTZSFe4ixljAodbUVbgKzt3RczVIjaG/bVk1i89tWNoPaKbAZrIFB28pQAsqId7YY5K89WP3nYKxuqKEH+fYt39c3Ndq2cbodTiNsQPVtSwy+4tvQLJJGugG9VjXe+KTfMJUiy7Asn+DudfuMK+6XpKUeOZZn34tlfhXxhwKgiMt9eO6EuhAfndlSqriW2wPgJ7JBBmjOy5dj3Ly1zZeYmbhg19G91rX0XDvWm/rCuW8hWp/EPPev7RlLn0A9fW62lpIP1zzZVab76Z5JQ1a/klHGibxJ7+R+99M9wCtWv8HoxH2lU2LwjHA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_492f2e93527381d2e32f3ffbe820868d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_d2ef54937026f940f0f3aaa03faa33cf"
                    Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>sNbFecCZ/zbgPZiFAZfy6R6Pt/gX7I7BzfTDdTA2tdq/d8WzH8ZD9rWlNsikWy4ChDW+qHoIlXGwmiTRzIyPQoExPTwOXMm3moQC4aobkQBouaKDBD2kGrA7PdZPngnmKO8VpIh2ssY/DCThrPdS4CjL29D0zq2yOxuiPSkBtvJw+Z83pu99gMcZCsyNT9PqnkaG2yEOX/6w4jyy5ES0vwMhq5tQyedvOVVANbpI7pULlKGV7jL83WxzMY6+wsXRkHxUW9SJZPPsy9r1KuMY069vTpLTvRPMX3giz0B/HzKGnzrV1LMUq+lbACjDhbGhHsri/86sj5qITmb8X5Sw7EROrvYx9dKlHO6fdkeC/2k5sZ00V9v+ZGWrIrMwnXOQU0/fo9cks0+caAGm6bN1icNKrOp6MtNdu//fiXL+6OaaqzVbGj20FR7mM3ifxoN/MPt8wajpMFLcwIlSxQb9WJOK0TRsbGBXLVRkC89KzklKNXZ0NL0dsSOBbp+876DJdbnUaMy3cG0K5wL1f+EQvOmYfM4W+f+6FyLIGQ775ck38LZJB26EIEcsmMwM7DtB7KGjAh1TZ8Z1iaa9FdUBjCWR5fnLCDHl+SDixExcP7uxrGnHt8DR4ajVe6wpwibEQIAioujqKDgJrQC/DFhLrLAHVWX0KXFQZlpbVaACRAo=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>1JCKBHu3n+PUv1xaIvXGwHkvcRktD9JmHEd0Q3G+shA4VvfUy1AjvFck2d0g81RG1x5PwbQnmt7M27bAgkR/k5zBkFv23/1ebypwbMiYunfBIln5JJMnUcdTejUDzr6jgk5YeoQthNQQ/+3RQFZk9vmXPwtxWPnatIJeZod8vm88qgfjnpq9XVCkz7YW7CvKJjochqsmn354zKh960wOA9+vppnD/FERMFyjfJOcDwm3+O9RQhpmTM2b1h7kOBfizJX5PnnvenLpvR1Rk5z1Ars1CiBbnZpjvcKwe55zGQu9fgndl+21xXtwXYXQNdBCso/CTq26YyVibPBPv4tDnZdnXo353nGX/uUmQvthzqwibxQ/ZxSQHfzei2QAHsutuQ3hN4Ys6AXon+vwg/lHyCYq5DYCpOYdpMXeXX7Gsj6Pvv6tPyIGjXVODrepnDEtEaZvKTbt4RMnOtnAUK8dHKrGmCGOZjqBmqoJ7J10PBPE7M5w3z8sF6NALjdMUFwI0Y2uZeVrW5EDsaBr+rbMUbwABPiqYUHH/apF8wxcl/6aDCXt3hdGjiqlNAwhywUhkgR3+mSCwUiCe0itWZ9ZmpwxoXArzKM/FRkReZA4Cfr7brBchMu7o/RGyCGNzbrtxSoXqkGvLXZFLJZZHtNyKmSBvF0gmpjDMtsXqk1Rq3S0/30vj7WShDMi9F1ljl/u3xVUDK4QDgswOd31QYDAGPYZD1WC7UEgnkNBu8QzgUzXhDWif6foQMDifzFDobS71Oku5hRj8NZQs0oBQAsDVr5KBpWOIxje/8MGlUTN9A2AZSGOEZ/eMqwnO6aaSyYyvlzqBZNn+tpnfG+ovRcjWzlSjC7Ji743M7QPzs0cHdzkwWGOfqMXTPmqtlXzG65SxPtQlv0drLltmAMoI11AdS6ZBmRhHeyF0ZWhIE3DgiKTN6gdNkeyBWbgeCQpJVCabnNWoj6/3Eu6vpkj9ZHzc0G68yBJe96ccv2eR1X2vG4vr4OQiEi72sKJWwifUujADMIF3XGiRJxFs5h38pnDbBVzouvC+3+PrAK1waLyT67Vqykxk44OOEjGMEy6VRVBeDIcqwEhEaGPXbBMythYMqaynRVZ2CDymzKBSGd+f3Pml1YKD7fxoX3JhoMy2Ss/jkOO0uwRPk1pcHlSCHbS9QSOr33jWRMumrp/TdB6wRW6r3a/0sjcnXM/Qk6FBPmp63qZcFnUqoRjtsF0HozMMiwuwD/cVk/MJY5IaQahTHPTXOPfNO9oZmS/GGJyPL/raKPCWPNgpWWOs7ngOgZMUzu375DAepUBKVuyrZXJ3Ak5lmXs1C02Vmwo3xvLTxHo6NXf1/xydGSZDoIJ42EGeSXsEad8HvE9wg25DpIBaXZh6YG/1MraeIc0sY5RT7ZeEKQgTvIHRRWivFO2Zh0NZC/q4OIuCQSwqLBEbkbOiIihh4UjhikUcoNLuopuv7AKLz9gR+9liv2g9pbY/OszUnEBHf++1hoK6nNA0ZO6jZa5njhLXIMsfRZqTdu8MyrYztPYM6D1CXtNHBbn09Iq91hHFhNwdj/9BGTu1ht0vgI0X9tultFa5ZihIKW+ngQTiRK4x4ab7yKIl/vRyTnLSUZHlUzvxcx81SP0IsihhsNL/mO7snMWtqzKo2FK93E2Ck6FETFYMr1AweCCAyyk9m2gz1W6rT/ByZWJrKkycXzy9sQrf8CR2eZcV42rYvagPWEivvp7pK2Ov9zc9v+hAeIjz5mwww/9Xqk0YljQ5qvWQWEidB/IsZZhM9kjkcxhR4CWPONuKnZot0NloQFDoIjy33UpZ34HwI/uAQgfl2qSjy6SNRa//f69aTdfKd5B046vmmI3Q5U8b9ZkjwXv10dMrDSHXzh4OmZUHTIM9yIYp9QOec0QBrnpvJDkUYFCybygE3JOwQbYRAQGY6Hz8+0GMX2nQOiifZdDDZCTQvIL+oPiWOBFLUVZp3LaQY7I8mAXyP2dX9S68Tv25Y1oS73V0AF4woJtWlJy4I9KRoEVrYxf7posCTX/dQ9k8RKB2m9EU08oBG1KVPPNoswD/LjmMtCKrDZ64GCDPBI08LkxkcQMIa8frFEONPfk9z3HBDD8tXf4ihM0HvgxLJZWZHmuYRlUVjwgHFHluQCNAYrRAM0aEZdu6q3VqZGJofXRc9Q2AOSFRK2+p6j154ovJSdxxMEoxgd3uI51RUI65uG5cBwqMG+dvEISuWlLhN8y9hMHS1aW/ICqIQaMGQb9T/F3GBpLKsHpvYPgBxzZOV638xMH4OQ8cOuRaimiw6PBolXbq04/W6QT/IXbNt5HAwbCIvBYIqVQKbjdxpANDV3rspyW4qhTnHYdvJqZNdcyBcNFOPLhoj59/5wzovdI+lcXd+OzIUGjpwbdI2VDm2LKTsAlW1Ihw+KDWnVWPLGreGWqmZ5pQrRD8XeYUqj17lOREYSJZUWkoRKsAQ062DqtkGiQkPhOmtmZJCremWfNYzb3MzpjiPBrHytjy2e/fu9Vy7VIZXHtZGObkuwQ3b3lXFrjQKMkSfhNRAqmIuMeWWVY4LyOZtJSpI1bqS6em3Tq3vgt4suCs/ZfSlEqrRREI+YrZVIBXrVq8lyKj9FXnItKTrQpDp2UknfxwBdyzKRdVlu4RBuELehsXFz8/5tMowTmkBYGEQCdbOBJKG4Gjzb1mVw2KvA4lI1tfoXqRmjkjpBDWZqYQoEO43kMM7KtwQKXdo+mb6ewJWYUO/RHvRfb9mC0Y/VYl5Um8MOiPNIdcXgMLdNQmbVwbomG5LODBUHASwV42JDU8EnDmsH18WF4Wf8I2ylwhsfZIBcD9wnl4DIbuOM7LlIS6QE0beY5n9cMBRcl0py6g6J93M24UdxFPb58HDVwNHCMTl5q/zHUfKZOwiFmI6PgxcArA7pR4YUnMEMCVobjX6y1uJkQJFxVc9UJCiXTeHVzMh868AT6XPCIley+aM0z1we/SWJh8RZ+5XBbSa+1Cz8uR6enh1rFVkB6Kff3s0Ws2TK9dRwlSas9ak0UPjQ0SvstHLsbGBvOPSpDRjjo9uCiV38ci8QXzgrc/wCwtkc0F7oS2Ka8bngXe28381X/1ckApjB+ZlGAp1xZHm7INvwKWIe5xsjfG7l6rSDC8j4VhxlCz/Jw+FBgUi/Xjr2D8ce8h4XR+zUJS4jhWg85eIfh7x7cFVcAtbBhG6QjCXEwtLZdxcABB1dhBdJIbz9BDXLPi1WZCQcrlEZgisRY2jiQmKYHtEVU65oBcEzgThfSBBgxO6s1C0Z5kXvsH5GDZV0uY9FhEZnTh3E7Luzk6tY7lM7JWkLLYZ6awxsiprPfgScgTYXU5ugVy01GP9MDuk2no+DrYi4CEXSGs5EqML1TBdAROlltqXe4JN+GjLlc1OuYqKBLTfMgGIIiXr962o5vDoBCMNBjBH5YvGHp743RXJLVKim31VI/NXewYOBbc2DiF/b827IYnISbmdhWSmhYfLPBemEz9NGiZPFZ+66zmBtGXtpVr9r+sCL2AZ/LgaY5M9mQ2ewoukGzgkzMoZOw+ngaE6EZDGf8YoG0wRIAOXcrnDDIwltVygaYQvbUGhn2Y/HH3o5nRdVOhkgieGj/PDjmkQDzeg7Ke/YU92YuHVPiJbTHKmrQ5RIZ7FZ8l34BAD43J0mN6siaNDgTdVBVMeEjUaNv60ajyvDbYNGyyTjXoB/0rsbpAGx8N0LRhGi69VsmzAdEm6/KjJseFR+doGp2ddmxGLQdpeH2W8/WRIr7cCuaFtEvhLSd+Tt4AzbjHwYbUuRg8mVAjEprH8jXUKZG9oqbU6eZxCNBGFrJXjremwOTr+bgwsMxmtg3QmiRH1CqaKD8l06DV7haDDSX8YhYI1bP4/4XBwK8qWuTwd7/4wsYcpq/D22NRM12VjCTNe8jGOepxvGLBXfEeu/iT4VY+K8km71WKUc+phGAUtTIyTNvFj/dEJ2DXGUfFORlSoD9zXcfD4WG/T7SYDQTKYx8QnPlP6kvJ1dj6+alJJcGohS8Cv9cYme+3DScmQecxgncXLLMfNH5Q7iLsOUTaMBiMGqtDwgbuTkiqnftBB2c69/ovSnLoNtaMHr4bALoV1i8dHwMD5uiM+/9ghjx7Mcp1+sslDZLQ5OCpq6ipe7xTxchHtlQx8Qdc5NtKCUkxbZdxsWiavsdtGafHv47Q/H9BL+MrmSpKhrEo2xlElKe2yOu1vzg+mGkfBI0//epjQAXAnuQxwgnBWHjZayEUJjsywSN98i0aa1OWD1/sNRI6e/40HuDOTk9qC6K9EHigvF8pirvyn9OL+EFN26iWXgIPzbZJI9pDMTWJKfbVMER+5kGt17HgWTY2wFB9Acw33C2KwZoqcK5vSEzp43Z1t5RNbJA8a3QFv4KfG0uRJK1k6hIhh2I24GyEy7X4tOV/oB8EhXkcfD0dReN9lkykIByDH4rzuzPPmr7IYdTvvPHRnh0eBCWk4qE0pHgtryxKa28pjAIwinR0HItynAGDI3Iw5Rx2PlUPpslnl0VcxnV6+FGJ+7BJ/FaoiuglrL72wIkohM2KPiLfJeDptAn7sFbbQN4wZeEGDmjYcy+i+kBiwREzfkCjsEEae+VK3U1hGvyGJTZV5r5WBodO4qvfi888oHMhKhTuKVn7Qn2UDI3hUafyY6yDqjT3RD/1U2CbCnyF3AywWMxkXgy9jHrdGFZAzCMZP7m76LYJe/jYhje3Y3mgz6UpXxB0yH8hlM6L4lZHEp357BsRyfCs0zBi4bqBN3sco55UJw1wRGgqEogLuuwuYGSSLUk4JcjVWvGUAQ3GVFmsGPkr6S5M+1KYsOSILbGGDPSFMOirhrLqFlU+b7GwULYNxNXyLg9ytV9jCEMsXk8ynGJ3b0jGI8/N5F74z7m9GfwV0/oI0RGD4IkBDEfboiCUNReYp/GMY0d7vXPlHpFQv+KR1sRTV+TN3w8A+RUUgZDtIArw6NhFGHcBm34HQymUzipZaNOKDwUB5fl20Q/FeR/uwB70xwbHNlJ5qA4woFHgmOEuNd6JaWBDE5Hk3AypJeSa4BCN5NMRqJ6PYVArXYvGZLyk9sLxNYPnAukQZjNsz1tl3P79nNdXRySpATHAUBTvd84xoTLmgaIecIRxHXk62qmFaLTlkQD8cR3mdkt3DW6kmUNmGLENVg5wfgPbJGeZaFe/tXXKt8Qd5ixS2hPNCW8Mfk3ZLonSVJoOvhsaCTijZNSm8y9wm5+211Jil78Z9E4lCGtgQjSPi02rjwrZ6yOil5HD664yGUOTBSm+djT7G0cqMz6HP+rrd8PCvDdC6kevctXzOTHdpLNk8gZRqdinxZKhIDdeu2oxjCzDShCFBBhAO4h93uFJQ3xCRrpSH+lxwkZqSWDgGR5tv5/yYQSsDVPT0qTs6QLg9k9Kgo3Edwyn7Nc0YqkA2fhlTTBaKXkNCL7uYCcgGVvwFAD8xT7We4UV5fgJeDuuaQjR2Mi5o2suXrtpXfsBYT11nwb/ZAN8/XhFCcd/XReqQCmibq5QRnoyaR1JFuTN5wQofLqvbx4bwV8kjbcdItclvADq22t/m3gko+oKgnz+/o3NYLAwx9Yk7JeL90BhsNcJOa0GVVilli7EXtnz1zier+dg0nchptMdNDqJy5cgEx4Xd2PWkUILEZz2+4EugMjreLqjipNQTT4JZF3BNRhNNrVEJoumE3sb9DZoVGRRgWJ1BKNMAiXlk/x/9Ez7yuA/gL/uCAnzO3Q5dP6gkJJAS7LM6hVI0oaMHXIWOMOY/+ngeo0JoIF1bOdF6TO0P03qOIB+0oinJSqNlXU6/e7WeX3i6BxWyOUeqC5czgyNrpH6m3QQT7ZjuWeISHXYAU112I0vAk2cHd1o7fAs5Lim5rTbz4A8Y9/6HkYKvSMlBW8dVBV7Z6pxn4bnv1RgBc3QnT0u+aHCIVhyz5D5nbOiB7p8T1gd7BirhXn8gaXCe3JzZ3cZtwzIpquBlEXpPqRmhwcQ+K3OvNZJ6p2Slv4t50wnOz+nDYKkQpNJ6Hfnp57AuokG29lYVIH5cVST0anbqIa84mIdJq9mB8jE9WMApJFjiVgEh4oc57PyEvh7TH2IdOsBNb+RAfHFMHdIdJomRvOrX1n5h3hy4PIp1B9do87kV9+2LhCi+b/wt//E/Vc9WRxOw8AD14aEvqQYz5dd/MyvUmmIj8GVldtJoS7Z3DW5XfDHxT9TjGYnDUzozNA5xc2yn8Da9NDHtrkSlW1dSpu4Hv/QpvFEuK27LixuFGswMBPHJmJizhUmfEd8w/F1C2KpWfwcmeDlQyRRIOAK+SrVFkD4vRV7QKF3x9HFI7dyT/909hb8879YflvBKZljYOMKlZpYc+D1u8hCkCTUnDx8zOJEpDFbCY+O08xm/qHeJZTc3+BzZLdfT2cUV3eVJxCbKQEOs8fa4GLMYc2ToeJYSlSL2oEt2SnArpuk22/bDMpPn+PIBmDOjs8+8Vn1STDLZLge57YH9/x0akbyTztzRMV5ojzCLQWqe0jCERrdmnFmg8fo18PJhlqPngrw6AOd/L+jwj013QNUO1QoH2oXaMgBCi+h1QclNcbMhous6rz/JXZmCLP1mdvwC11dqU8B2tvcNc837wDzoMPsROswfeJ3obrbpPc4vJSuc6FMPY/QaSyk1tjl/fBomapNUgDupP4DK8zT5PXB3CNUlrYxEWRgKp2RmkPC6rvibReyrcUWMJuRWN64z7DQSyWL6fWTvtDfVKYv6PDee2kv92urMgeg0FkR2REsuYmTY5/4CK/qmI4cBbgWkSid8y/foJa6oTRgNQ1nKa2fbgXvHBcslbsL0UIK5k6UDPCtsSxPOh7VqF0XIrx39NUGoZ5xOIKDiPNVX1HmNJek/Bu0lTBmNFpIiVLaqbs3OBYArC4/4JHI+cXK94ANvQhzd3RMyTzkk5MXJg9xJG9SsgZotOfMB5ajF4TZ9tGP+DFuw3rAfq+PeM3u1Spur1UMaH5HCaHNvSFByGFcNeLcZglHVm3dbxfwNcqqdXtVN3pblXWjoTwPdWRGWgOa0l8mMFjClYkKkNCrD9gEmysT5li4jPtO6WFdYSF8hlDKCfB1+dnOswF/3z6Q2iJQieGPv2gNkf0fAQJgah7m/hJEstM70jbFTDhywrxROInF+fi6Y8RqJVTfi6RhqZ5IL7duyjc4mJzWoASeeE78L4xFNzmh5HB8XJRThU4S0nN6raG6klKOKjdgec7QXbucvq1qXDIZgkVBAJrWC4R4tF7pnmCoFLxrBcFeU/rsRXK9GUdCKF1cf7uBNWnlClkFELiyZWIocbvDZsVJxVZQy3UxsfLTYbQo70fmXknohEgLXj3rAQhH/IJxuEs/j/8ZEQGWkj/So5F7qaKnp5Fddx5I5RPjGsS6SxO+FvalFxqj9+wgUbWDNe/9l2wPBFbzUbyT+l8ATHo3sxpDl118SJIzIBkyxt56poI0Lod6YfLWBOWUDfEoTeAgG55JSeztd91kWOknqqTa+rO5fyM40nxCT7pbLhPHQcuH/sc8bpkwUqEwRgItLe3UQ9aITPjpCLefpcm9S6eHeuBVm/tJZxJakMEBU0fl8w7uqKLpkYE4UwF/ULl690xrUIBpPUu6Xniy69Tp1GyHoxv9CUmCVOVWDpztg01BhhmA8iiC7fLmveKFtwAceBYnSd4C5Rg9Hg2T8QV6q+H0zvzrAaXV2SdLT0vEjetOYoKUiWSbWfJLn3gM4nfwXAqklyLZK1FccW82KHKxeT4uzf6gLFhSoFhRrbjLKVxHMVQkgCnczQhm5kRjzFi5Mr+tg/1my/IZIIN/pPRNTJNT2qAGXEJyaCl62+l6ATggE8WO/HVuOPqfyI5PR+Cp4oiefWFKCh/mxexCnkS33gam9rnfsP3HsKxeMYxIScwnIWmOQ1znd35m2uwKeXYzphi4WyJLn2sBplLWL/7VszeeMc2es8SQWujAVOZWHxxR66QLOEU/bALW5wpKQ+z6d4p6QBKfxlU3wMeThoNvCNCw9LFZMwGACXRmrOO+39hWwapMEwjApWd6sPsYK/fUYrrH+McFGwBSYY1k9Kbg+5IIKdKkQ0dtQ62UUSBrLCuXLXGYSg/ZbgJTZNvSkglDSSv6Z6MyBVrtJqiQHcSbK9bAWkh32q0NawP6Xe9bAdm1myUYuZW9dnoOI/CmmjOtQclxxwDXrwkPT01nA84sNC+oUondsAIQ1XzTPo7HvCcXUZNEHVy9pMuaZXbxkbJYUO/3yakpA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-07-29 09:16:19,923 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:16:19,923 - INFO [Shibboleth-Audit.SSO:?] - 20210729T091619Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_5fbd9248-c237-4f6f-9352-764078dd673a|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_cd55d6dd4be2fedefbd3adf5358a12a2|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxtzKyQntbcNodTt1Kb3Hvbcbp5Z16KI7Ch/++pxd+enaL4TjRqBpdp+Mw5+VCS8wwmNw3IuOWiD/tE6b6zWTB7VL8EylDI4PxG7NR/80R+/6Awp+UBabmEkih/YHUO++wEtzGpe3U|_4dd091ec1d4ad1ee67fa091d02049ebf|
2021-07-29 09:17:23,338 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: xh5Mag3pQZ_jUujXrGcziDqJ69K0u4KnDY4tRQ1115EfFoJ4UHKJUUiA
2021-07-29 09:17:23,338 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:17:23,338 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:17:23,339 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-94eb19efe343c5f094dbc910f18d14c9e0b0e741"
    IssueInstant="2021-07-29T09:17:23.284Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:17:23,349 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata' from origin source
2021-07-29 09:17:23,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:17:23,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:17:23,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:17:23,351 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:17:23,351 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:17:23,351 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:17:23,351 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:17:23,351 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:23,352 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:23,353 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:17:23,353 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:23,353 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:23,353 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:17:23,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-94eb19efe343c5f094dbc910f18d14c9e0b0e741', issue instant '2021-07-29T09:17:23.284Z', entityID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:23,354 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:17:23,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:17:23,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:17:23,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:17:23,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:17:23,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:17:23,356 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:23,357 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:17:23,357 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:17:23,357 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:17:23,357 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:17:23,357 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:17:23,358 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:17:23,358 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:17:23,358 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:17:23,358 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:17:23,358 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:23,358 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:23,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:17:23,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:17:23,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:17:23,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:17:23,359 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:23,359 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:17:23,359 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:17:23,359 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:17:23,359 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:17:23,368 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:17:23,369 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:17:23.369Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:17:23,371 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:17:23,462 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:23,462 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:23,462 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:17:24,787 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: M4XL-NStNHEZ63o4XyK30mbOExSD8C72ShOODn4eVGjujZEyJnCVZMSn
2021-07-29 09:17:24,787 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:17:24,787 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:17:24,787 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-da3e983f1ae6f3f9fd3e4d4184c6be2be1c7dd61"
    IssueInstant="2021-07-29T09:17:23.953Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:17:24,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:17:24,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:17:24,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:17:24,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:17:24,788 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:17:24,788 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:17:24,788 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:17:24,788 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:24,789 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:24,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:17:24,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:24,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:24,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:17:24,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-da3e983f1ae6f3f9fd3e4d4184c6be2be1c7dd61', issue instant '2021-07-29T09:17:23.953Z', entityID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:24,790 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:17:24,790 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:17:24,790 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:17:24,790 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:17:24,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:17:24,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:17:24,791 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:17:24,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:17:24,791 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:24,792 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:24,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:17:24,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:17:24,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:17:24,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:17:24,792 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:24,792 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:17:24,792 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:17:24,792 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:17:24,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:17:24,793 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:17:24.794Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:17:24,794 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:17:24,887 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:24,887 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:24,887 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:17:30,113 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-07-29 09:17:30,113 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:17:30,113 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2056390410::identifier=rick, context=org.apache.velocity.VelocityContext@36d4460d]
2021-07-29 09:17:30,114 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2056390410::identifier=rick, context=org.apache.velocity.VelocityContext@36d4460d]
2021-07-29 09:17:30,115 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:17:30,115 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:17:30,116 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:17:30,116 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:17:30,116 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:17:30,116 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:17:30,116 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:17:30,116 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 674566c729ba1e45102e1050fc8ec9177cfa783002261986c9e10883b605fa53 for principal rick
2021-07-29 09:17:30,116 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 674566c729ba1e45102e1050fc8ec9177cfa783002261986c9e10883b605fa53
2021-07-29 09:17:30,117 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:17:30,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:17:30,119 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:30,119 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:17:30,119 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@19819520'
2021-07-29 09:17:30,119 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:17:30,119 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:30,119 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:30,119 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:30,120 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:17:30,120 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:17:30,120 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:17:30,120 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:17:30,120 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:17:30,212 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:30,212 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:17:30,212 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:17:30,212 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:17:30,212 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:30,212 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:17:32,154 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T091732Z|http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659086252154}'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata]' as '["rick:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata"]'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@19819520'
2021-07-29 09:17:32,154 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:32,155 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:17:32,163 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:17:32,164 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:17:32,164 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _76920fbea30243eb3c74110975462789
2021-07-29 09:17:32,164 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _76920fbea30243eb3c74110975462789 to Response _6856a63409552f629cc86ddaeae1286f
2021-07-29 09:17:32,164 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _76920fbea30243eb3c74110975462789
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:17:32,165 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxan8mu3jgrGdu2jzPboF2lE0Y31g6lRXORz34jVJJEUh7Gh1vECg8w1yOFIgeGMfCVhqsDpCwI7u088Sk5Sk121zctwPxckk3rNmAkFGTW89Gf0b2URccFeUPGQQ6LU1lQw5LllxUQWLnw54nWl9oAxmJxN/A/ItRFafyoqDgTY44N1UvI8oZ1TpeXXxFCPE= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-da3e983f1ae6f3f9fd3e4d4184c6be2be1c7dd61
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _76920fbea30243eb3c74110975462789
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _76920fbea30243eb3c74110975462789 did not already contain Conditions, one was added
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:22:32.155Z, to Assertion _76920fbea30243eb3c74110975462789
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _76920fbea30243eb3c74110975462789 already contained Conditions, nothing was done
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _76920fbea30243eb3c74110975462789 already contained Conditions, nothing was done
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata as an Audience of the AudienceRestriction
2021-07-29 09:17:32,166 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _76920fbea30243eb3c74110975462789
2021-07-29 09:17:32,167 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata to existing session 674566c729ba1e45102e1050fc8ec9177cfa783002261986c9e10883b605fa53
2021-07-29 09:17:32,167 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata in session 674566c729ba1e45102e1050fc8ec9177cfa783002261986c9e10883b605fa53
2021-07-29 09:17:32,167 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:17:32,167 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata and key AAdzZWNyZXQxan8mu3jgrGdu2jzPboF2lE0Y31g6lRXORz34jVJJEUh7Gh1vECg8w1yOFIgeGMfCVhqsDpCwI7u088Sk5Sk121zctwPxckk3rNmAkFGTW89Gf0b2URccFeUPGQQ6LU1lQw5LllxUQWLnw54nWl9oAxmJxN/A/ItRFafyoqDgTY44N1UvI8oZ1TpeXXxFCPE=
2021-07-29 09:17:32,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:17:32,168 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:17:32,168 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_76920fbea30243eb3c74110975462789"
2021-07-29 09:17:32,168 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _76920fbea30243eb3c74110975462789 and Element was [saml2:Assertion: null]
2021-07-29 09:17:32,168 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_76920fbea30243eb3c74110975462789"
2021-07-29 09:17:32,168 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _76920fbea30243eb3c74110975462789 and Element was [saml2:Assertion: null]
2021-07-29 09:17:32,170 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_6856a63409552f629cc86ddaeae1286f"
    InResponseTo="id-da3e983f1ae6f3f9fd3e4d4184c6be2be1c7dd61"
    IssueInstant="2021-07-29T09:17:32.155Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_76920fbea30243eb3c74110975462789"
        IssueInstant="2021-07-29T09:17:32.155Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_76920fbea30243eb3c74110975462789">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>C7P8W+zgRB8wZwkR63VSH7mOrUqXiwWvIoVJbihUnzw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>P1JSfguct3AANb4IbNBFdaH37168AUavZ8UBHmR8qwK1cB0NVLfPb+8+FSNShJtCDlGp4e1kmvn5ar7L9KCe7KSaNFmMDVAMGuSpou+iWcHjiQP/GPPkpt+IfbI6Aj7NQWm9PzXfVD7OKcPq4QJxoVn8bRKpAgdnvg15TvkeqlFDo+kfYVnKruN6kT8/X+CdZeEYJMiWGqTMa1MfuuW16sLmhEwJz+168qeb0jcc8u4ZdNzlsL4cKHZyer7liL1nqrKJ7MoBj9PnQhd0/hJTfMvQwh9Orw46EvL+qq2dbq+0dKrD0zQ3t7qfbvw1EbJeoErqo2ipyYAVcTp4bbbznQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxan8mu3jgrGdu2jzPboF2lE0Y31g6lRXORz34jVJJEUh7Gh1vECg8w1yOFIgeGMfCVhqsDpCwI7u088Sk5Sk121zctwPxckk3rNmAkFGTW89Gf0b2URccFeUPGQQ6LU1lQw5LllxUQWLnw54nWl9oAxmJxN/A/ItRFafyoqDgTY44N1UvI8oZ1TpeXXxFCPE=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-da3e983f1ae6f3f9fd3e4d4184c6be2be1c7dd61"
                    NotOnOrAfter="2021-07-29T09:22:32.166Z" Recipient="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:17:32.155Z" NotOnOrAfter="2021-07-29T09:22:32.155Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:17:30.115Z" SessionIndex="_c5a472cbf1331db64068aa5ddeb5804e">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:17:32,172 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs
2021-07-29 09:17:32,172 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs
2021-07-29 09:17:32,173 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6856a63409552f629cc86ddaeae1286f"
2021-07-29 09:17:32,173 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6856a63409552f629cc86ddaeae1286f and Element was [saml2p:Response: null]
2021-07-29 09:17:32,173 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6856a63409552f629cc86ddaeae1286f"
2021-07-29 09:17:32,173 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6856a63409552f629cc86ddaeae1286f and Element was [saml2p:Response: null]
2021-07-29 09:17:32,174 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:17:32,174 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.108.141.203&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;cdpidp-cwduo4ywdbqaz7a5wufv&#x2f;saml&#x2f;acs'
2021-07-29 09:17:32,174 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:17:32,175 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'M4XL-NStNHEZ63o4XyK30mbOExSD8C72ShOODn4eVGjujZEyJnCVZMSn', encoded as 'M4XL-NStNHEZ63o4XyK30mbOExSD8C72ShOODn4eVGjujZEyJnCVZMSn'
2021-07-29 09:17:32,176 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"
    ID="_6856a63409552f629cc86ddaeae1286f"
    InResponseTo="id-da3e983f1ae6f3f9fd3e4d4184c6be2be1c7dd61"
    IssueInstant="2021-07-29T09:17:32.155Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_6856a63409552f629cc86ddaeae1286f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>hPbIyZzidNNLGmg4Ef6Uk6aoRw6Nui9RYktgNJkLIiM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>W6HETIi73ri2pCvk5+86PGrT8wLGPa+fhtnvoB6tIQNFrDtKQEpdt899NfXtMOQfqiXSfXvCFVZZuqy2tleQ07APD7bEwZY+ZCM5NXPNPZdA9uIZcpQapG/M0HV3vzDzO22K8fGARQEoW1DZihHKGY772+2P48hHMILksLwl40JrQpEGo+9SO7f9HhoOrDZOoFmJuE4Iu/xhU0h9ZrlC6hcPd3G/0EafylDqHsc8CdFXAs9GAArDxfggYLqyIMlvVGui1fGamGxYnIrt2P+l2FfyNj6JUOsswJ9xVqKNtRutiqMnCcKMRRTwxfOij9rcivS9/uxHF+cZh/Cl08M9FA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_68e49ff4083626f6e5c9b1211b3269dd"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_bddb077191843c224921ca3f7d93cd3f"
                    Recipient="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUHsK4640I/F0eowKScH/+nxpdvokwDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA3MjkwOTEyNTRaFw0yMjA3MjkwOTEyNTRaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC+3dL8EQkUTd3XH/eFj6Wsls4YCvEszZIYG7zfAyQ5w9WwX4WWZ1ZPKgaivPvj2Om+Xu8gG3Qg
IA8wk9Feh/2mMxs82Xq0Th4K4p3sK3nlFqv97x09wFYS9r+SYHHax/pm6O4qA7mKbob1OzTO8C5L
+dcvkJypX6+xaF0wihfRPdP6nXMFGTow38m0e1qh4mdwqZZzEJh/GLaWUgIffV08+Oc3poffymDD
07qHqHfF9Hmd+82YfZyTUfG9gaRRQQ+Rgd3pnT++/yDZkC9LlfsmjQKlk640U9z08+nL7eFiAgHg
XuDMkuv2j44JjNojLchf2DFWIt1ydYHOIAZ1yvibAgMBAAGjUzBRMB0GA1UdDgQWBBQJ35Ay5Jae
2AQ3TAxFeTaowNahjjAfBgNVHSMEGDAWgBQJ35Ay5Jae2AQ3TAxFeTaowNahjjAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCoLwfDRKs6jY6i/rOk2MCWYebnjbBLoBl+7RTvg3GN
ZrHyNe7nmeTVidLIrYXxbrIqxD5YYUZmD8FSqQFAGmFmrMKtjWTgWUCkthrganLeBF3sT0qYoERg
+GxNcJUeZeIi7LBZ3BNFqDSc5bEQuWsxuPPPG8N8NIW8NGJCu6h5505ZyoUsd5fv2/QPRt9pt7rG
9byldxAkblnKQi9uwVZYcL4enEwtT/slYCm//bTXc4+TZjfnb3+rSvANSQE1Ine9jb7NHvkW69IP
hwuCu+0vDejPA7T9d+wswwi9lh4jQMzykjKclzXYzyPU9dtEHo1Yx8T6ieYzGuzjy/3f3G4U</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Daxodmln0yO2CZFEsc4fCl6u9hROZ1/aCUbqzr0gWQDAjQge9L2bK/hSNGQAqsTCmZ0DZJcjABj78VUcPnMehLF8pjZ8E5GFk6T0SmF6UQ/Jvf7bD26mY040T+aDcI7RF0/n2t6NAk1WNI3yyf9ArZrYvGIpu8on8UDyu852Z2bFCCiewCxpsqsUVnpUa8H0NgvcdY4OXBZJSBOrmGdhcFMUHHr4qKf2ur8kppelsP6JQ8/ocvTaM2oh6eFY6QGx5KumRo6BbH4OKBo+YcAhmZbeZmaB4crkmBls0tQfxw68L8s+l5U4NphlqzngbBZyH2fm67JXfavTzaaMu10AEw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>c8JoTRqpDthC8lPWX5GMIce/S4BLWFUX+pVjeiMuiIYPz0wogQ1/rcioWf6kvPUA1tEwUznnTfi7p/ecyO/1BC8EqT0itgQhOnPjii+1tFdfVF9AQvsabwzXE84YhMWVeTJF627qkQp2Yn+q/NnBraBbMpM3wO0AXqj7w8BVRQiEWqxfbuzsRiUtoXuhIv/bVVygnzug3cnh6HwYzgMtmiAbB3C11SnynqBnSfRe8U1/2jRDeSJZ3Ix/2zWdwOAoF+q2GeZxyKiIQb7lpCvndud2Avs55gTa2lCIFgIFi0z0fyDDDs7kVorV42Fscg0u8P+xlLIyXKYURhjtlTIwZzJTtYVV42a67zkeVbWdSR9dP0sGv3LNIE3idlItf5PqW1gwmaRRMpRX+1jRm6R1oqbRr+Fpd7Uhsm/pa1nMSWVem0IJmlTn5Rmi+W2aZF18iz9zCPWjJnqsh99KDz1Mvt4DkAYcqRPRLf6zG+pedtqrRdP6JZKyGO/abDtAgMg5issKNYFH8ZEOHh/+sfwXMBAtorZJCd7QGYVtfp8BZ2a4fdvazdI77Z0TvcsNrdQKBzD/nTDhDzhemiv47rmah4bk4kxpj2sGRVD+lwEtSkuFJFQ3exS/8bED1WXXjHH9wrOwP8iLzjCACCnE1Ios7m6Lj8Th5/Lgf7/KLoe5QWWMyQVCEYSCSEJwB4UKvA1RH1+Xc8Oy9xnxmULJcmNJoXrmGG681Mn+s/JH37IXfYknvtoa/EE6QS/W/uFNJkHl+3f8MhK4Mx4PDOuJtTTet7Q8yqj4viEPLVol0b6bqWdu+CVm4qIDqEcQd0qiiOwouqxM5g8MzGmRYYrhTLXZ2QW9Tm6jlXY8zAZozcNbYBaL9TAeHJYcpUsWlU1mzUWYNCyF+VY0VWHT5GlvaXAihqrRm5X1lhB2L+EuRmc1o7yGzQoeDj8fhxT93MFfN0NzGWhO0zOJGuHXicxzmXewib6+Dso16aJuOaN9pNcQYUNVKr0r7t+QCX+l2FbNFhoW9W9J7c+7pL6diGAzA5oI6wln9gWJu1tbdybVWIA3TMMR0oHVRY4KDvH0fnHXOOVNt1GQ0C0VxsDZLGagOSh0YO7plamF78THqtk9x9pXXPn2A3ijYhc5Kzx9pfilc3h0jIXzLKclNPDRbzEy5Y3UwpQxQfbXVPINUH/wPS7EkBbDes495hXOGTFmTs2VXq/k/plH3dFliFfllzF6A+/2xd/lNOMJNY0/kXAsAsba1JthPiRv5eNTE7MAmU/DkJASfP7Teq257G0qvHvcfAkpR58MljSb2IUKua2WSVHLoNnf9mSavhZhpOAwUNzu7mT0PHU2NxVBfOv22hAmvGz1vdFXUT1eNw8a/16FcPLw5HP5NWXe9eyC/8AzsOMMSuBrr9e70ojFZJ/0+jxHeKf7847dz1DT3r91S1Y3F10R0QZPuB+Hn5E7Bm+qa+o/zMZDUtFzKSllbCYGA+pPg3tISvqfYAFaygKq6CgZyTF8apfvos9aq11MFv0L4mMHQHrAZFe+cDVknm4dpbvVb0rTsLwdRx0w2H7JhGWlkHJdKCiKm1+8d8a5JLPzxg7VxKdKIfJgqr1vhY6UeNDn6vOubjlwhKqyegPIjo8ht3zqLOTPxObsXCgp803YZTdKPAaPrHv62QNR4rmV+0vZDPxuv4aT/WzgoDSpEHHsDEmrOUDskimFzioc4I7AQimT3y94zg+jfmhegxewbB14Huoz+uwp7eALIyq2UiyM2+xHgUPX6ugJqCReBc+seKMMACMP4zNtlOJHsvznDUNfr6vH32LGgnUp209/zRevaNeAlZHxKp3XHTlW5u67pVJUxRbNDL1DF38OIIp7rPQXUuMhDV1nNRX6+Z+42/n1Vfv73FcTYAJnuT9soJMOsJ3rHh51zuSjpQ2wnmPwC6M9YzyvrLw0wRG7G4wLKMUMpC6DbKvazUowbrGbFfBkX07aoq5Y2osVtpclS6Npgc9zX/iZ9LOBHg1Le+4F94Z4wMJP7w9iHibaQVInjQsVaa0c0PJyho36q70OiYjAagHYM1iaHO5EVkoBkE7gxBpxFlAMyU2eLWZywpMKs2BfGPCE3ef8q2/tW3BP0tq5XEepb+Z5rva602uI1J4S8Dyk5yDrz5835jAuVnpS/+27LPVJdK4K9hYgitXgt/9TnynR2mFkRU2nUuKU+6Y+B218Y43VrPyUq9Q4lzKTjWa4mseV/mErNPjCc6c6s9uHn6X9/58cZH1HjiYYWYzD+xtKuk/z2C7cRD9Vk5MbvRQ9Mu6xoRbPzCUfg4PgBLKThpf9baS6IceL+ReZEXFfj9BpaX2HTeckmopG6+yVHTFqa+k/tVEfh+Q5uS1WzSQWTuRudZ5fl4VdIS+D1WPmK0/IrwVfJ7XEHXO8FMYRliqMN6/VtrkaRoxsqTW5Qsgk2MEMNJri8eiir9A5otsMoXpbf406kFTq49wm6tdc4CxpBkIyHBtCWJX6dKuo/cPu5EKJA90ZUYCz0izCcNswv+vVTM15TP2OU5HD0r4YNkzd8yUhiewgdo0TYM9bg92DVoYxKRa8xL3DETOYBulduOGpXVHeWJXDrJH/y4HWGAS6y3a40M1KMlWb/LCPAQQ8h1TwlLTXXco7WmdT0GhFMvQHTSR9+q51ANkt6mKc42/u2WAyISlZ8CBHawIhAvQ792AKEvKkTpT6FKwOxzpQZGwI0S8HsjjZknnGVddZn8qOjQ0jS4Y3vSe4Be68HBb3dH+Sdcgzdq0zfyoaziap65G56641+5vY8+WzNovmbayGkCAVxTECJ2WTD95RCobrBw5xeNLRh6hXbcTio7ddMmLEpMgL4/umiN7Np5PaSNMe19Tx7Zlhhr2tJwz9/dBc0Zeb+NWKdEaXyokcvDANPqADrDBdtQNK3TcAymQeoWqofHIK9wDGF1o9l6fiYjTHOWhEszgSl/ibZzbkC6bOc2zN+ZQM41iag8Tgf3YIA3/f8okaNAkXeoe4tip8Tj5rhL8FGs6Qsb4LiVXvrqH6utQWGcgvV7dDEHduKkX3Cwlpl9MIaHyvmkcQkn5YX/nj4CP9+AwugjWviqyqKhB3lkq1QkVTYi1MtOiNYgnQIhqYipB9eVNtujAdLLNrTuHjvGnOT7pZ97yPKsKQYzh+ZxnieckEXcGbuL48UDRQgmlrmXsmV1CNlV8Iiyc6kF69vaPd2cfCUYooh6qXNzVDvEVj8+cjgNe5Enhp4thwNzKu3wchWZZPMhItHJBryvqaff1AC9fVNHYocgA3yAUDYSmsFxBXnUTTWEN+3jGjfYn7R8kfIFtgaD29XTrUUeBeHNu3Kf2cnaOlQqTuPLeKW24gT+YyGbh54yLo7odvGoz72GUJu+Ui93cZqS/iCiKHIu1mxXHEvGv6rukSjKTGUBzB+zGuQI6wslPVfzbRwHZyT9PxeOG4zWCphRmTb8/HV6vNw7mA+YzEs1fsoUUGrPkX6AWjP7Ex1KB6ynorhSPhhcpoMt6SISnMYE1dVmJi1sQJWciKV32+llj0F8YrkuBOtIW/qkUW7LuY1x5bQ0ccipAmud6s2AH0kiE4f6ooIf66yzv0OSBbOoHga7p8tRfP8ssCs5wAJ0GcdhGADw2tDtbM4dYaoDtwe9WVzquupYTccjuCV9p3MN7fXCvGyJG9go9UR2v4jyC+SG+kVQmGVdr0kkc2hdiVdXbgGExZdMiF9sDtxfOFcPEIlGPfsUkqBXkFEqknFvYyWKEDSOF/bFoScJxVYMrin15LMHHB3Slp5RlfxQskGvaGx5lGMuBjft4vGlFV9rEPu268ltbZtcZRLjC3ywHloY1BTBds7z8aYk/mzGuEJng5BALxec4d9Sxm7Mcqa/t8rbSP1XvSFOuzBfv407BfAbbi0Fbj3x7Z32isXvaTiSI2PX+YzZa/ROhEw5qxiltcbMfhoeYlgajY+5LtFh5Jl/iDuyN8tvD31xuY4MueO38Hf+950MUfO0rYIkhW9K4+qNuiz4/QKQe46FN3s6yBy9tzxPaoySpE7bRRSrz31/lowwHzKDlsZx9hyZBH41r4M+xoWzIM1wzbtNFunHAvNcTCIEDP+Dph0wf9JtWwpZCRNd+rWjrX6JXShyU5Ys19xIpt3IAW1Xe+3dRDScqeH2yCw8j62qAvwcG3aBMs7qyrBAtxh5WNp+X75vtTl8jKkfBbepBts+c8ZqNJbkG2ALk2egPjXV8OBi9KA3XOMo+csppxpiSvodn54lVQVrlyDZuTLy52iOesjps6JjzZcn+Y0MvESQ6RbrgsC439oV4ccc/VS0ToRdPrqLrqnWUEbYhVkPo4DoYAulD2D7Z9MYVaik4vTPsCYf4wnZAraC1Cwhv6uM7XG3CLgqvMFY9Kty1S3sKqetd5bY0tc3L5luj32iFvcw+T+sX+3312AHAAyBj4cybDxf5OYlFuVAQB7KVsLq5pkyT/oUo0jFGro+p89JXxfhC5Vu1J1+1iMqhrjvR1SEVvT53toXKoMfHMuy8BN1aq1UIBUvoYbTay8W49Kvu4bhIP0Im6qb2mCfCPgLMoWPEFD/nOpjiWRGD4hgr38zUW+51NZtQ++ytrsJWQIKMWKOopkt/kN7FsM0ySdUdFJwZVALY887VAfOyXdb11uPElCumzZL4fowxwiRaCrMCoygPQxeX4rYpWDGQ1M/IWlZ/lxuBlAg4h/+HQSOt1Au0nrUSgnU2k42Dmaxq7WBsDokYKLeStPqASGCqkz7MeeMYwAj0AUs3SeicRstmpN9uYPayk5TKpXs6aTmxyNdsPXdWmq7//oPDYyknwXCQMJgVorn4RGp91DwHUb2+xuxJsbPAFF2+YxDJTAbmLSLgjIHZiHqEk29qCvmlhk4dFJWWpqoYMBnlpKOoYNYSrM90SF2HxIFgjNBqaA4oyWCoSYZy6WrghiY9qCVL60egg4btwctiJpfEIwQIOxOxqupzkFoGBtc3qwYkO/y1rMHDjXJxlMmFISyM7CLIlLtNHo+SnmRek3LLCMuSnwO4BwXuDL8i0DeBh4qoKhvGbosqTEyQXO4aAHIDIBtACI2Fpr1mcZt/O3N0WfLddfIoqTkpO34fdeEFtLEQYq279Ou4+ZrUcHIV7OS0qKHwjFTCzKDpgnjVRXCW9Vs21Zpfw1YBGjJkrvEhWBMnNxsCL8AuuyySLMDH7f9Yq7X5Yk63gRhJV9XeHc4g28Vhu5HRVsTokqeMOHx5+7AErNMHkkL5ymgSKB4raDWAeFtxmjOoXJ5+t8S38WSlcgDp67ac5q8TOu5kibiZCDt0M+kMhr0SPVkRQK4aB8BdJKszzJkKugkHzmTV4HY1NtUKKwyRHphcnvkZi4lMPZuluJtE+KHkjwt/8qGd63Bof/0JdXs+samwbyMSKaP7Z54zKxTKFeweVV1xUQjH+sVNAqoaeIDoA/Gbb+UM5tgCddOuy31F89E+LcfLNXzzC52cGKn/xQZBav8XOhs8fZxbuQMa1SKWbRAD8LcFNM1eEKF0SNXnTY+O/sbDDSqO6JgqCiBen2XjTZP6NHJGK8TNOE71mma6oAxHaqi3kLv0i7apat8cTWUoISK8xrX297xJPS5ssOg5QiZMud3nvQORoBeSToZnIKlsPZ1SN6rXZ1XWOEf1sKpNYERTe1059HySgQJecbPW/O73fmSF9BeU70D6tavI9I0/9O9UE2TZldnS1LCneoLHRx8Gfy+xtON1yrsbcB32ozvQHeU/Og5paf1WqGUJwXRWa0Yd1SPt2cZSBqVee8h+XIVWf09q/HtUjonDAZTpmXmlgtzy5KxmPij6ZS+Wq1PCz09f0jXV6xTgBFa6l5IdtE1V3vqyOcgs7/sc3rNGIXaIVOypONukY/th5uAv68cTY00EQEKhbZ3MlGY2U/Pys54iNi1V9DRNnZKqokN8WZA9XwT2vuCmgyOFiUQdtliKMEju2DPF2jhuRRuyUh8JH3UgTH/bdnF9IHy44Hkz1c7mz2562h57h2lqMjk2QNXqiV5Gpof90UG3vLVxUrjhWfwfb/AXC/uVcE+mHq0tkupFt3bNHjSA//P4y14IPmLi5iDOVUxa/Alnx/TPLalR+bLICWwjXclJZ/uEontp/JKQykN4d5Io0zEmsLxoRYOMqEexUxSqlQylwJW1hAbAyJUE+U53siYmF/QIifvWi/cv5lghpqvbA3hSJAvXVvKcKjOswzoIB4XmtLtbe6S/tP7Nqt0qbh2JaKZXxgint9M8poTLbHsrzc4MkG6MgFTA0xiqxIVrd7peGuz6hFNGXNygP/GCWvn5mrkhXJwnQgB0pxl5FeATLuvooYtzg+wIgCdkP3pHXac379sCygDzIaPLqxLAXosg/z9+yasENR/6oBzzy4oenvddGFN4iEwlmEboHkILsbohAqJ3jx0t5b28pUc1rVahWxbU65rcZX5ZoXrzs9guV4NHNsuizkwV0PqrZ7GeGJBdH6jRwgQ9WHsT8U3zVUVW8dhUhT35Pb/C5sdHE2lfnv6yy1bDIsS1I5N2dnJVajr2aK7VlgHEhAtLn1uhB3RPkUVcsvjUvOOgH/0F89cretzTA35mj+V/JnzswdL6LlzeaZoPXU9kG6eWd2r1UORrxhHqV9r25T907rBokOl0vhCHLnAB0NZ/l5A+GW8o+EEPmYTVXy72oCD2ozKuHLdHa6Dzy1uJGR3CdiBatO4HcEkBESCyZPvNMrCVtN5Z8WdxYW8YE0OuvDGQNHj5/ubbbUEQ0Hxw1RdLVgtylUZeY16KD22KtwDSGJaVZwME/LcvsV+iIxMWrw6tv7flXd66Zhbc14lvxJYNMtnU7GO2KEu63b/UydY9JmWcitahHPkEb3t46Bh9894uk3zD8wk7E4XOECGzx2XRxV2o0P+NmNsbpNFhrYXe4g3vtBPEThcRXksHs9rrWw+8kWhH11jlDuegNVvAcVLUNai+uuJVeFSrE6IJbH1ItH8nRRWyGuzI1lbDt8IqocN/omo5EpjmB1jvo2ImdvgCqpvIwCNIwTM8/ydl3bXIAXqMzmPlqSuD01skOhj8BmOrw3Lo9EW9d4ZJHHZ4BCDC4Cr6emrTZ8K4cdVdtNAW6ZkhXwBo+FRKDSgYBblCqF22iJbP8/2AgUxTEt3AbzjCxEIEXVMiToaXkpmpW1rVY+JsNrhLXB8lg3INjYunlj06bH5jfUIWpoHI0XTqvQfiIXcabZ9vFHbotAX8VZdw/rnU9I9AmdUojch5PQoWF0YrXCfZAq3iyenXgtAaGV2y0HXH3FDd/FQDg5WmVMOwpbQvCenyQdObj1VxsM3IdTdR/qFTP+c032nra5d4A45KAQbbkHChgqwcSbSshXNYr06kDaTe5JI7gm+zF0B0wJtoaX6cbt5sjNQjhJX303q6rdUxroIsV3YALAWLMcNzSkHh2v6TUYe5uev4bf4mqifHeorY7nrJAQZwETXm5PLwiWCxtplQSXd7l+OJsiaIB6nKhXcNVyjcyumG/WKV6ieFOcBoWSeu5YoNYgtj4nqnJoBdvRhWPWCFFCUHwUlJXNCVRU/EBG7yNCEJoQOQnO7BfPBegDR4j2VKg5fxFKrJCzPy9KHZyD22coIAw5A7Y7HojXd7lyfw+tFpwn6KYU+qmS4RghX3/HRYuSLCfcgWXz6F1q8aHB53mDWeEHfQNv65wTtzEIp/oDdcIerreMF2RkYMmU2MoE/79sEe6TEUdaPx+wUD4N9/9FL3gtfj+EjOTulUJJtC6gOoIp7vI7hEaePhfMBMjOg+r5K83rUnqYbJ1Y7/3GIkap4o3f0FxD5j6dTz5bxGdwGdNc9Us2rv2nPvh0XHuxDmrgh0BcDtK0ROnWDQd5vkN+Csz8iwOxkAHK7L4zYxkxg91dD+mGx8Z3dQFCQvt9+0a9Ck3iPaP2rHKVsVHCm0Y+EPvPmNYTZU7tb8bVexnHVhHTbF6IsOm76f4xPDbN0wnASg6MPC29EBkl0Az6TZ5EX6Yc/LMBbEY7pJjT8sEXBIyNR/XVtyJLDsUKnnKuR+ImH7uo9GAKwnvsZQhKb1NCNH8xIZtucHFoe9nZPm8HXUULAQT+06XoLN4kIizDNF+f0D1W4DH2M8FaMj0YZOZ8XxZ53iSvA7on5JMpBPyHmUn/QLbWtkjEFJwV4BeXXSWn6J0inZ8qx0Q5KrLN+wPi4QRjzTdu7v2bdO2zBiyb1XQBV20SzoxmekNUmR2xpVgqFaVlbFGNH8pAS9ZVZFWPFNJC2T454dpNk0d5AkuHOUap3p4U7zedjB3CCQSxZJjmbtf0O4cVaLBrvX1fwvNcJSMK86sxiiKS6oAr24HEiRJTZpK8yGARHm9hI9FGhMVXwLQcy4RkqGJ8c3AIlo+4v9hQ+dvJQHnxoXC4WVXiWnreaJRoeiWbzsiKMt11PKjPBkl4CgdGkaSn/TknyzPs02I0tg2auKQSVL3PbCC364r5B58F2jb4bt/AECYz1AKSlQgMRA/1HTiSjSXrNJzZ5TV8bk/9Dyr2RrsrhcEjeb7sLcCk7B1rjI=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-07-29 09:17:32,176 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:17:32,176 - INFO [Shibboleth-Audit.SSO:?] - 20210729T091732Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-da3e983f1ae6f3f9fd3e4d4184c6be2be1c7dd61|http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_6856a63409552f629cc86ddaeae1286f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxan8mu3jgrGdu2jzPboF2lE0Y31g6lRXORz34jVJJEUh7Gh1vECg8w1yOFIgeGMfCVhqsDpCwI7u088Sk5Sk121zctwPxckk3rNmAkFGTW89Gf0b2URccFeUPGQQ6LU1lQw5LllxUQWLnw54nWl9oAxmJxN/A/ItRFafyoqDgTY44N1UvI8oZ1TpeXXxFCPE=|_76920fbea30243eb3c74110975462789|
2021-07-29 09:17:38,622 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: yI08dY12OEUgqjy9NFLqqh710J5FNfkzmgirCz4DD5TjnHQkC0Zv48F7
2021-07-29 09:17:38,622 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:17:38,622 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:17:38,622 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-5e33b35f9bdfd36d1aa2ea6368cbd6740afdabf5"
    IssueInstant="2021-07-29T09:17:38.567Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:17:38,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:17:38,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:17:38,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:17:38,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:17:38,623 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:17:38,623 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:17:38,623 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:17:38,623 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:38,624 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:38,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:17:38,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:38,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:38,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:17:38,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-5e33b35f9bdfd36d1aa2ea6368cbd6740afdabf5', issue instant '2021-07-29T09:17:38.567Z', entityID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:38,625 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:17:38,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:17:38,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:17:38,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:17:38,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:17:38,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:17:38,626 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:17:38,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:17:38,626 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:38,627 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:38,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:17:38,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:17:38,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:17:38,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:17:38,627 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:38,627 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:17:38,627 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:17:38,627 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:17:38,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:17:38,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:17:38.629Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:17:38,629 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:17:38,630 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:17:38,719 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:38,720 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:38,720 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:17:38,897 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: KQuVzgseEUq3gio-fbCdMwcbGJfAb0cGP7neyNUd5E7u4EjLoq9MRrV8
2021-07-29 09:17:38,897 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:17:38,897 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:17:38,898 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-2bd293f88432ea72178f1c8d441be10693697e1b"
    IssueInstant="2021-07-29T09:17:38.833Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:17:38,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:17:38,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:17:38,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:17:38,898 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:17:38,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:17:38,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:17:38,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:17:38,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:38,899 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:38,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:17:38,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:38,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:38,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:17:38,899 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-2bd293f88432ea72178f1c8d441be10693697e1b', issue instant '2021-07-29T09:17:38.833Z', entityID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:38,899 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:17:38,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:17:38,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:17:38,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:17:38,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:17:38,900 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:17:38,900 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:17:38,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:17:38,900 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:38,901 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:38,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:17:38,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:17:38,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:17:38,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:17:38,901 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata
2021-07-29 09:17:38,901 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:17:38,901 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:17:38,901 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:17:38,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:17:38,902 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:17:38,903 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:17:38.903Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:17:38,903 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:17:38,903 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:17:38,903 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:17:38,904 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:17:38,904 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:17:38,904 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:38,904 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:17:38,904 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:17:38,904 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:17:38,904 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:17:38,999 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:38,999 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:38,999 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:17:42,142 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-07-29 09:17:42,142 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-07-29 09:17:42,142 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@210870087::identifier=morty, context=org.apache.velocity.VelocityContext@2ee33c6f]
2021-07-29 09:17:42,154 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@210870087::identifier=morty, context=org.apache.velocity.VelocityContext@2ee33c6f]
2021-07-29 09:17:42,155 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-07-29 09:17:42,155 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:17:42,155 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:17:42,156 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-07-29 09:17:42,156 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-07-29 09:17:42,156 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:17:42,156 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-07-29 09:17:42,156 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 36dff459b648247037dc85b0699a57d0f0aa7b6d23dcf9586ba1e01d4ff13b52 for principal morty
2021-07-29 09:17:42,156 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 36dff459b648247037dc85b0699a57d0f0aa7b6d23dcf9586ba1e01d4ff13b52
2021-07-29 09:17:42,157 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:17:42,158 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@71502d6e'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:17:42,159 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-07-29 09:17:42,160 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:17:42,160 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:17:42,251 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:42,251 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:17:42,251 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:17:42,251 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:17:42,251 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:42,251 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:17:44,180 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T091744Z|http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659086264180}'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata'
2021-07-29 09:17:44,180 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata]' as '["morty:http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata"]'
2021-07-29 09:17:44,181 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@71502d6e'
2021-07-29 09:17:44,181 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:44,181 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:17:44,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:17:44,184 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:17:44,184 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8f9e0173a3b42b0973852f83585d5a61
2021-07-29 09:17:44,184 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8f9e0173a3b42b0973852f83585d5a61 to Response _2e5f00ced53133618d11785c5ee36af8
2021-07-29 09:17:44,184 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8f9e0173a3b42b0973852f83585d5a61
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-07-29 09:17:44,185 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxbVSr+iX170mUp5YK6PHHXbdJU2uXgM8CT4lXxigMmN/3m45h0mL1AmRUgdwVfTTDbKU8mI7VCH7NWQzLne8PpPwEhIxeryNS0pWgu2I3mD+WCNM4WXzFfzS62g4ZGl3f2dCGRwcCrugWZOiXE/vzA+rmnly3w/e3mSiwnZRl9tc8VK4P0m9iAXOtUbruKiaU with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-2bd293f88432ea72178f1c8d441be10693697e1b
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _8f9e0173a3b42b0973852f83585d5a61
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _8f9e0173a3b42b0973852f83585d5a61 did not already contain Conditions, one was added
2021-07-29 09:17:44,186 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:17:44,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:22:44.181Z, to Assertion _8f9e0173a3b42b0973852f83585d5a61
2021-07-29 09:17:44,187 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _8f9e0173a3b42b0973852f83585d5a61 already contained Conditions, nothing was done
2021-07-29 09:17:44,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:17:44,187 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _8f9e0173a3b42b0973852f83585d5a61 already contained Conditions, nothing was done
2021-07-29 09:17:44,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:17:44,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata as an Audience of the AudienceRestriction
2021-07-29 09:17:44,187 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _8f9e0173a3b42b0973852f83585d5a61
2021-07-29 09:17:44,188 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata to existing session 36dff459b648247037dc85b0699a57d0f0aa7b6d23dcf9586ba1e01d4ff13b52
2021-07-29 09:17:44,188 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata in session 36dff459b648247037dc85b0699a57d0f0aa7b6d23dcf9586ba1e01d4ff13b52
2021-07-29 09:17:44,188 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:17:44,188 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata and key AAdzZWNyZXQxbVSr+iX170mUp5YK6PHHXbdJU2uXgM8CT4lXxigMmN/3m45h0mL1AmRUgdwVfTTDbKU8mI7VCH7NWQzLne8PpPwEhIxeryNS0pWgu2I3mD+WCNM4WXzFfzS62g4ZGl3f2dCGRwcCrugWZOiXE/vzA+rmnly3w/e3mSiwnZRl9tc8VK4P0m9iAXOtUbruKiaU
2021-07-29 09:17:44,188 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:17:44,188 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:17:44,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8f9e0173a3b42b0973852f83585d5a61"
2021-07-29 09:17:44,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8f9e0173a3b42b0973852f83585d5a61 and Element was [saml2:Assertion: null]
2021-07-29 09:17:44,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8f9e0173a3b42b0973852f83585d5a61"
2021-07-29 09:17:44,189 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8f9e0173a3b42b0973852f83585d5a61 and Element was [saml2:Assertion: null]
2021-07-29 09:17:44,191 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_2e5f00ced53133618d11785c5ee36af8"
    InResponseTo="id-2bd293f88432ea72178f1c8d441be10693697e1b"
    IssueInstant="2021-07-29T09:17:44.181Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_8f9e0173a3b42b0973852f83585d5a61"
        IssueInstant="2021-07-29T09:17:44.181Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_8f9e0173a3b42b0973852f83585d5a61">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>awmxJyHLanDGndA+eDzgIxdhtdJL81W58w7r/Avzj1g=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>EHwGIx6711mo9M5SWEFKqI7/ggARCk4txTewAeRnEVuvI0CqkM+gbhv+W+4k/tbvHTBm3HdwAlABGwsa9sIe9s/miZup8CuacU/4maMWPKUWUndBw/Cj3/qGdDG/VU7lgDQahTHTtR2NlZGx7VRJ66dCJfrjiRikjwMdUdydZbYIuLKKjFgKn3EhZj/wg8eGwU2ll0nm/Y5aJ0EgyVR6mHszzzPxsxNUyK5L+j3FZ76yIANcigqDIVq9LkZzY8e+EOjsdhHaRf3bxPDd8hIGkPoQ36wNlkyYAEGfTeaH9/U2PIH0RGcKwXq1LHgm/fyhSXqyEUoMEzBlpEFsZd+KeA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxbVSr+iX170mUp5YK6PHHXbdJU2uXgM8CT4lXxigMmN/3m45h0mL1AmRUgdwVfTTDbKU8mI7VCH7NWQzLne8PpPwEhIxeryNS0pWgu2I3mD+WCNM4WXzFfzS62g4ZGl3f2dCGRwcCrugWZOiXE/vzA+rmnly3w/e3mSiwnZRl9tc8VK4P0m9iAXOtUbruKiaU</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-2bd293f88432ea72178f1c8d441be10693697e1b"
                    NotOnOrAfter="2021-07-29T09:22:44.186Z" Recipient="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:17:44.181Z" NotOnOrAfter="2021-07-29T09:22:44.181Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:17:42.155Z" SessionIndex="_dedf1390d1886fb40995d9dd7ba4e8d6">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:17:44,193 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs
2021-07-29 09:17:44,193 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs
2021-07-29 09:17:44,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2e5f00ced53133618d11785c5ee36af8"
2021-07-29 09:17:44,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2e5f00ced53133618d11785c5ee36af8 and Element was [saml2p:Response: null]
2021-07-29 09:17:44,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2e5f00ced53133618d11785c5ee36af8"
2021-07-29 09:17:44,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2e5f00ced53133618d11785c5ee36af8 and Element was [saml2p:Response: null]
2021-07-29 09:17:44,196 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:17:44,196 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.108.141.203&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;cdpidp-cwduo4ywdbqaz7a5wufv&#x2f;saml&#x2f;acs'
2021-07-29 09:17:44,196 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:17:44,196 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'KQuVzgseEUq3gio-fbCdMwcbGJfAb0cGP7neyNUd5E7u4EjLoq9MRrV8', encoded as 'KQuVzgseEUq3gio-fbCdMwcbGJfAb0cGP7neyNUd5E7u4EjLoq9MRrV8'
2021-07-29 09:17:44,198 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/acs"
    ID="_2e5f00ced53133618d11785c5ee36af8"
    InResponseTo="id-2bd293f88432ea72178f1c8d441be10693697e1b"
    IssueInstant="2021-07-29T09:17:44.181Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_2e5f00ced53133618d11785c5ee36af8">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>OSsYmxMsYF7Mbr+QACG+di2JbqEl240s4SwJqiDGGW0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>nRHxJLQ1bRo377njgVMi32P+B48krYH11ZXrVMVKCZz7esqY6xIzAW+MBJa0j2KlnPk1bHCd37W7hXr6lyzAB3H3FDzoswN7kul4yCnsI71WtC7dMg7PVq1Embt6oHXpMPb8Ma+Ep1PhWHgfY2ThZUKra2ODVq67jEFWUQpr66No1ghlNOHEc/PR1YZCGmJ0gGref6db/eIUi42m92NqKArfS8b63EdHAaEPjbxK0vva2hiIIDHnOiGgfSYCSu8ofS2Pxqbq7cBje9huHXALrBoQJvAaOQwGOeIkQARwAv3vafwDu5X+qQOCeoO5ItTM+S/EqqQ8kLueIEkX5UdgLQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_5f2699dc53878a30864355cf5d0f032a"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_832e466303a372f361570a9e232728a5"
                    Recipient="http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUHsK4640I/F0eowKScH/+nxpdvokwDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA3MjkwOTEyNTRaFw0yMjA3MjkwOTEyNTRaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC+3dL8EQkUTd3XH/eFj6Wsls4YCvEszZIYG7zfAyQ5w9WwX4WWZ1ZPKgaivPvj2Om+Xu8gG3Qg
IA8wk9Feh/2mMxs82Xq0Th4K4p3sK3nlFqv97x09wFYS9r+SYHHax/pm6O4qA7mKbob1OzTO8C5L
+dcvkJypX6+xaF0wihfRPdP6nXMFGTow38m0e1qh4mdwqZZzEJh/GLaWUgIffV08+Oc3poffymDD
07qHqHfF9Hmd+82YfZyTUfG9gaRRQQ+Rgd3pnT++/yDZkC9LlfsmjQKlk640U9z08+nL7eFiAgHg
XuDMkuv2j44JjNojLchf2DFWIt1ydYHOIAZ1yvibAgMBAAGjUzBRMB0GA1UdDgQWBBQJ35Ay5Jae
2AQ3TAxFeTaowNahjjAfBgNVHSMEGDAWgBQJ35Ay5Jae2AQ3TAxFeTaowNahjjAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCoLwfDRKs6jY6i/rOk2MCWYebnjbBLoBl+7RTvg3GN
ZrHyNe7nmeTVidLIrYXxbrIqxD5YYUZmD8FSqQFAGmFmrMKtjWTgWUCkthrganLeBF3sT0qYoERg
+GxNcJUeZeIi7LBZ3BNFqDSc5bEQuWsxuPPPG8N8NIW8NGJCu6h5505ZyoUsd5fv2/QPRt9pt7rG
9byldxAkblnKQi9uwVZYcL4enEwtT/slYCm//bTXc4+TZjfnb3+rSvANSQE1Ine9jb7NHvkW69IP
hwuCu+0vDejPA7T9d+wswwi9lh4jQMzykjKclzXYzyPU9dtEHo1Yx8T6ieYzGuzjy/3f3G4U</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>tv1GGplpm+i8NUS00mPS72bBI4cM7NhRxCbocO+O2ozmixiDAvEIEEgsqfon7D8XtvnPPAoTzX0Lii67NBeykayr6a5D7l1lDG1QkVLCf7XY6SKlg7qkOvPZLCyhwzVshxrHCdb52aLw20Bze6zKgmilc+uQVuHn1BB50bXpEHXTm1cI9JBXncUYeCRbTC9C+Xts9tuB0QI/QFNuKbAOFyfFeItElN9jwprRe5WwMzKC/WwSN4W8HPhyYGeqCw8xCsSuWLSz0P4b6l8qrGbmjS3fZwXFVmNxVINEmgMTY91kXwzvAgmwkj86JvekXIf4K4rYF+BFtSdeX9sAVyOnqQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>Vnl8cpA9QHNHJ0AGvwkHXYu1E2oUT4J9W0oFEvzUS+QAP1cP2R8KkpiOw+lD832LAL+UZ5MwmsPkHe4JzSDJl3OKgaxrKVZL8D1y9jHGJtrBEtQWU0vQ8boTZdXCcsEKT6WbFT5q7pRjcIKFEaeOZKZAeBinZ62B0LfjMGWWHlQFYvE3RU0whcqUFULCK0gmxeEmxAOtW2UcfcLvZO8ey2mXXtfu8n6cl1lBL0uB15HJpcAxDrvmyZMfd7TcK2D/MrpR2lcLRvP4N6GACkpOIVAJK3xDnaRJWsRyg0akn6bhrNNBp88EkH93HwTdlDCVFE65Oja4m2hLeiOUb2FVkLfK0YOiIBYrt6yskzCc3rSieoe8/AeTVsZMbcRD8vH/CZsLRfL6CsmQTyyzk4M8QoKNgcY6Jei69eGr1wZrEVfb0VMXzVspQiWhZA3wVtCGJq7bKitn3flLnXlUBODED2jHciukIYIWZvfolRxdn9Ao1PJ2fERRpcVA11Zwr/WOkv/ifd6pzmeWeq6jIrfLDGGEZbKqVIXOIt3LTvVrnQPAzOdzPu5pYsfSXbd7f4URG+v1qYkIr5o4CzBQg2K1/RU1y4wPEMsCHT95rA1Y1FgfqKh0o9FhEWNDWq+I7VoT4tfUOlc/chsIxey1Nxzx4Cu3QSH3Fb5E0p0ced3Sp8BLwjKjCtXPIS40dKRCwDsFtFTD8jKpJiI7zen4Ls7ao1OZ19/HEkTxT9UBXotDr7mNgZBl5FyNExjNywWBwBEQ+b03TYjbi/hP+0xX7MuhkC++gbY7zltyUhy+TyoSfs153y5zxzXynNWm0HPWwyETylhhNGyy0TZgFYsctxQC09WyXCDc0TqZBliXuyowqNbcFfX4ve4qYdYkcia6DQdx/X43IyIOpORFDgPj5C5+WJI+iIjxywqGoVMh9hCxEA3YNV6mRnRU5cUH5uDsGSjhDNQQCXnGmYTc0WmC611a61M40rbH2oFr3ZxQmnF3jKlut4R66zIXHPsdM6gaQmAcsfoAaCaqdZDs0VtowKVcHSqCUsVr6U7LwTij5rjUU/EJU5YO6ZYW9AzzpmnHa1231MWFYUHmdN0hxVB5zOfVqHsHGeUZaBg8voMuezzx1/EXHuHXZoIpu90lE6UbxuZ/cuivbzVGyqsyl9JaBstOTlV+bPDi64PdpIGRqruLePF4PskengfYjbl3r4DBUL1791ewsCcTlHM34VMswzGcZnsdKualW8VVAc11+3PZNtY7BAKPbCDeAOJ75DYytNGa3IFoHcS21QQI3/rVd1hzuHVT/7dOGrPUqLpW/2Ff55AOtJnkspIe2G0INzcooU2YY9P8mLvEenScLl0f49CFI5uuGrhJI8r/mMwk0r4A8d7Ksrg54u+7N2cyPOuwHegzzbPdFFayIzIwLzIRy9axCPS8PS4wQlnNt9R3NB/xdPFzxxVR4LIiQFj2Sk3e/qtYTAjvRNUGMfxEoBq5Y2yN/MG9I1cjuGu/N5xsnLyiG1d5VTKXbZoB9ixWLbiCCoP5N4zZSMgVk+d+uvR4V9C6NoE8Q6Nw/Qhy0I10Azv/oCA7x9qorLfeOvKAQY1zoEZc4c0fgcIm8d0XX1jFJ6LiBgupXHqKUGuF4zgezxTjBmgVvjpezaSV832LBrVIVE0swWCs19EZI9RIReHU/VciNtvx/jyMK8ZFcNVDYDjMqCbOvgujAu7jXZuzvNoVt09fiLSj0bzNN9QLJlUAc87g6nPKdPNsR8IatEFey3F4234Z+mu8Mr52b03uWAe6w5UHtlmPWYZKHbsceghsThqGoRQqW8jHa+SdAhrSaQR/jDrcNvUyxgAfGsWu3UJSodb+YR93amqUWt9bij99e6dV9UhtaBci/FA40GB7DqBmhGjB2cOxXGj+oH83u/uRv0sRq42JhBloLNh7WNyRXozUWzIgwH0Pw3Ow5nyngs16fW8YU67WEUxFDTb85hmGzzkXfZQCNrnQJ/yTuh1iK8Sz+386nl31nhH+z5IsFsZ/xdErWKB//cefogqhkJCHt+V4n/MpYbthK1ZgnC2sI429Ij8Q1hMv0phqH90C3XuK3EEI8EJxDblfDmDmlxAihoCmdNS7eESCXN0DBTL/X0fwmeSsc0UwXZdPDa5SWy8KB0vG9oIzBP6Mlkpv3kn0UIySrfrg3/TvfNVOi2oCAgdlwcLQWSm/Phuihh/hy0UgKFtrBqAcCZq1P3Gv97bGEN/OIskqx+s7MA2gM6CfCRY1TEHMcqWlYA2l/fT1EnEBusnHYX9OJV6Rlq27M+JOuCjvG/1D6K3eMi1kXPfjNJmPLLJdkauwhU5SiA5Cw4K0OuacUpJYH0+6S2rtc65HzBg5D0tmzSRnPxqQHmRgiWDNq5QjHzJYM+5Nbg5YyO2ZLWvAffpPKGWks5rOMjic6sf98KEs6ZyTx5JEc46heQFDh8lU/7X4iU8a9NzPb1SzxxxFYMyrpZVnwd1vpthQaytGjr5qFw3dXI9PwW4JGdtjUhZ7YYvst5F8CFlrKZdtM/t1b4sYE2HvGim97gpx0BntXMgYCaDl9XJ/xtsnCDxTba1JwhKMmPOsH7G/yn2b3xVvFtc+FShJmKVYnl90LI+8T8y2/F+V5R48dTKOy8qQ6PohE7PNgSkyjTd2G+GXX9EBB2f7h2Jem46AZ9V2+bNYCY9yNuVqOb1el6I/p3Ld7i6InnYZ48tBe2ItjwPG799CYUkosUQmykDSPl6x9Z9wBS/MwUWieaccXiJYMZ4tZ/emhTtA9VdQxPYFWtRdlErLglWt2zG78NLjnbZPrkJ6u/W13ZV7uy2wddx+dNlZ2KsoOXYIk5rHJRRPLO+3pbK5hRY2Zd2Dq0MYju+CP3e5btQyG3aWzW9HHb7fgSixIUlI3RJWLdk28X21TWebbhbT++mBg+waGpYKBlop7nZOCFlR4InwoEbsjKYdfjF/LDrbvWnaPCdEUcRcSoa0ADV7JpFkzIA90xSJ67BE+4WD+8leUgw0HlQikB+/Nbho5hkLdTdPO5vEgG+DCqtP6KjFEQbsnQi/TsX1a3eW+SPE59JIULO9axjbwOWYMoz3xfQOt1sN27W92BD3BHofGkQcIcOvi/HXfF1loJiJQyH2OVUOsue/TCKSWOAwk0+aqVnGst0elF9Y7uXq2bdLulCja7RQnTQhY0p93gdm45s67If/tTkfnUjN+Rj/jH4X12FLLASGfEVWo6vEaVZ9DC4bem8Vo+J5C7pA14ErAe/0PBt5TyrtOAXD9OSpwqDLmg6j6hlve0H9ojg3lepyriU8s41vDDz9ggOnTJXRHVW1ZkvCVNVJFcvpjJ4PI1n1U02ogYrSqZqBkyB0MSSXF8vj/LVa+8gIZ+SKsRmAR7y+IKUzknyCWyArSlKz+PCIyjks6MoSFG0nsJw8SWlZToVgC0tS3/qorP6xu7/zlc1LdJK4C0Mm0hQ0GDyIVhYldfH6Ko66mf7RPDUSrDJozosswt6dQ/KEnyPqt+3hL/VL19UCFPdxDC8kxyTcXd1nnehGR1bDxjquY+kNtkP1EsxBnZ37IWv2eCL7It2IcqRXb/b6CxLxkvECbSMhFJxWQ76THR3Reo7WDYWVKtX/ucfqtnxq3C0dNgLa1MlsyX2HlaaT7tc4uPKuTEcH0rzDvCDhKrizotSUZX0aCu4FCiS88ZkBnUIw+8wk4Svdblp68lUxcGCw3PUVW5K/wQh/tgtPfGcFIKMV7KQMashClqwojKT4Fz0CvDMC1nTdSnMkvUmxeSiJh5a6GJZ9AzJzG/O+5us2CGFOnLdPlsGi85VrjMXZIY0cxaRJgeURVdm1HG+nBvQV4xAi6Ayl+R6og5oSKCUJzglh/W/qGvUsKdeP0hKI/ut5wfwvOkmEZ/M8vR1SYVb8xLize/ZyaRBk7b7IEOPuVuSCYSSv6JrSV31AF6iiZxF9l7FtPfp+Zj3nzKmUMNJBhc8RW64W4VYlb6bmDRr2cuOoBU04bDdHc06Q9Y/hPQ1bZTKbXN6ZyhDmCJ46KuVCWM1JJd3opcqLr5cr7MbOZgJZuNz4YXbFiKK/AZrdK5foUQS7WWpJcq6TFJEWqslz+avQs+tspmK+FbGgB4hJXvDc9UYm9G7VMppsJzb9JOSkfPE/I86CcejtgqIAnu+CpHJa+A1ms/fVh38vy+zKcvhE9+0U7Qqtn++d+tkNIiIFdIysOff7Zw/OHti8NsUE/HYZZJWnkXnGegkpy+IkJ8uLxN7kwpqyKKDshpL30OJqM/htJZPjLVGvcK4zPo1YmXADkdjmAJvCxhEd40m5zZGvPzloBlWs5SkIjnFEhmq0YTywxNUOkZ/k/HEy0yCIteLT0MuRaINXJxV6lyRB4BcI7+M3gbxCfnOK7ZQpCYxtOWmb/BNiOSYLcLqzStlbB3Vzu+Q4AbQwh4yggaGT/fbHpsGJ94jkRNDlSULNpfu0ERQWQLjEvNXQgnqGXjgnFrK6wx++8o8cu2w9ootHNRH/YP7Unddb6sKTsMEm/obSw5YI6R/EOGJ6NoG5+Z+twPcQBpIIXw4/+dussDKw0Ow0Fu2jlGmeYWjtHyRpb3E9Bg8O0Aco7UQyRrkMdfEoJldNKjDk7rUYpqny+JNe1dkFSv6sPES7Ljq0wIMbLKuyyqrZ3CkdOa+DBrt//JGQ4luM2ZPUSwQr9hxZsY32/NpJ9xLeoLXxKTJHhAf3lldeFjM8v+WEFuvQc4wZ1VfZs2qXA5cBDmJOW8RdgqpU2ljGhnX5ttoARqEUG9Jg/BdbHtdx+JwVIfuNFUGxTFvH+QgT/DwEPTbT0q/93MHOsiQTpa/pFKdFZgCMcC8EUvOkbow0ZPhIw4a2Duz0OIYHX6f2Ffjgb1AJTVoOB174elR5BLtFdru5LmQPxiy9rZqgqyQWaIsYVDe/ltbfAme8pc+P6GdCnR73Q2TPgC1BizT+934INSg369qKhPtUNs87dZHR/KtkNU7LNekmrs1srsqZTKDPzyeej+juMpZ00Hu4/aduOlVEpbkDYKTr2+3ZcPmXBnZ5t4Q+AIicmUgyV15RzL1QTLc2MYhc/YRfo8NCci+xVR99AFcIkFh/AA/laolViZ4jDJhkwTm96IWH/NeO/qu2FqQAq3wmEFizu59ID83msQr9Mlujnn2i3iiLmr5XiS4gqp6enVqvTpR8gl7/UV9eiQP92pHg3qB7x8qKWnML6E6g36eZgLO/LcxNw3A3prWo3otoVA53ptelSWBkeOl2G1kNvP77Ia4TLu5qWdE7RNJNRztU9+Q7Di2ddX6afVIr+CSeGw6sMws7fIQUikhQmiGisDxaqy8o1ZUdd/Zz4g+AcapPb9qYesoEtMIQT4gSkCz1U3waiaPPiH88u4U5kyk7trGMtvas1dWQgkBV5uYS82UF5yS3LsNy4VLp9f9sC5aSLV3I83KNRbsEj34O1dlvdDqhElb7GrhlXhCrtd3Wg6RqcCTe2V5qgwq9Bruslptz/04d9+GBuAaGjDShc/BZFG/uXXL5pvU246HTMSa4MHa4h48yCSRDNOBpmJqVbVc7r+CdJzpzWZaOk+LQ7mU5OpxSaIQ4YzP0FgetYJNRasZ/JKn8NGYiSe2B4ZDBdCJb7zwb7mm8NsR1LT7gwUTs1e6sDRSALaAzEq0PDNIqbAznNiQSUi8UBewC3WKphDxMt4bYv2BLp7ea16TVXZLrHkyR8NcmnSzjjDDN8ysQhL+tgvpWXw++Dkg+mr4PQpAbEJyJa4Eq8I4I5uOJbvhvYbPTvOTpjELg3fz/QAcOkgV6Q8Yv1ZXQ5hdkGXju9BdzlTDGsetxj+acO2r5NU68U28foKiJNr+vR2ed/8DJ5MlatpK5Vg2Jeu1qY/jKlMNk22Vuy9JACjO81Lfz8DXzjEaElpeuUdnlMF5txKbOBzWJZ1TLXvMSVvnvr5JACIVT6+OdMq6KKa6kSfY5Fd4SpKRGQ2mSHs3Q/fKj7E6ID07mgPTpQw9+8lYTYVHOjVVx8jWPI+hWQiMRkAydRpzx3poSDSYdIVz+xgG8s+rKJL8kupMb2Wu0jdjaVgYtGn6tMGPHPvcwDuj0AgD2tKecbflVNiqdrq3tnLlXTynveBrAErlqc4p9GVaJMSRj+T1Qwb0vU0aZnlHOcO42xHCdRDFfIQ+l1spM6onRQjXw6JZRGAGASM+N8daHvUj/pAJlTaQDeWk/Z+s0WwGDTYpKV2ODyoferUbyEJ1h/e8vxqLG6aThawXws4tfQPCKVMtfaCWc9dmCasLMEKj5NXm9gOaIESItwgHwIdb/56BE0vHFz3Tb42/hvOdrulvE4EFyDMJb1wv05SEMBTLv8K6OzCCJTrpZScnrB5gzji1deImTXLKw8Y9/mKoyc4lgU7HRTSsKF1lhz2S1Z0fh0up9G4ajvnoT5baZS1xfFrdCPqdTae0RTw4/SdXcUwXhoFj9U59MxqUdoilLRjwyYdD0fd5E7gXRwNTwy3G3U0mYtdChpIJmYkrO3G6BfgYy/N5gFvNdfzB18awciWAzNwKRgFvyrO0dRJitSJng2Mr5o7i5JKs+Q92sYDMR0Q5lIJgb2IkSK7GFNOgEzCzJluuZ0AzvbiOT5i0/31jCFMSXaC5X8O/AGx2Jzs7zIKNNsT+eK9CAqr+qi9I7C4xU+njeLzqgz24mN6O1k2ewUqjhdMP0aPlnkJksMk+qrit5VJHj7WYN+sC+VFhg3sKz8nLzjweUFn5fG3hHucs2x3qYue+zgQZRr1E2IO8pm7xZW8s7ZKLVHKFcrVDivNluVxPSG2Q1RmNUXZqD2Z5lf5IRKUJyD5XigrCYr+5UwDY7b0fs/Wx1Fqhljdc7TZgUhA0wToaLrB8N6kPm4M/0YFrnC0zAMbZrzKix5wHk5DuUbQUUcR7cVlSbShIugqJQGEght/FCGSp/hvEU123jtwuxbHrlWgZNC/gH40TVDAg8rHuWUeuZavmB9jVPYdCW/ST+bawR5m2LRtQcYJXgJEcnSThbAyTab2K33PdrWAM/PQk7GFgNqzyFlMJ90PMIBThmvsiRih/IORlPPIq34Jo3sGRmdykKoj3KsKtfsuZLG0Ei7C2BSMSuDkaHo343kJzatwQXrL9lQP+ApV0H7HSBL36pn2pM25aVrCqh+BIgVCLiObOvREyVdj2JAWWWUm4XiB5BK2NVCSgzlKQk/qem0syQeVVXXNW9FDIsCQlRssV6f8AoAb+htrGKTclBLkMlRSa1DgiPD2zyiY1IrBCshkPHXyTASA9OwmtleXr9K8ugo9SQ4d+2f38t5hlOIdGhoUBIt1103he8xCkRTusizZylYsJ4Mnu6NNMp60YRxVnZMOi+2eYJEji8MQOLy103m5KGt0UBaKKUP6/0vvOvqtoHQOQKvW5IkYIa7aYR1UenzAEzuyojFUWc046X7dgdfW9FlSOABNFY0ynZbQE7h4HxjX+46Je0aSRDSPmhQufprtf+RDUJRasjXTCPyXZNz2SWxzo2g37egvVRS5v60RGBYwjQ9EgyK6+IIP0Ws4mupDqNF/og7pO/i7QBJQoVmoUXgXr8EodSwtiPrZiKh8+24y4JAB1LPWsFtETscZoYRWXvwXJfGGirEZM1mGatd5d8i8SOntO/6HFQHMelziAerVYzX/6YnSjIcwbGgl/V6vzJSeWE7jDvs03mxB+KoMQLLW4HiDBxyidOy/uzwXQahR5r+t8imkbLEpMMdEG2Tzs6Yq58SD+M+BJ87hVH1FxNu+GnN7luO9YlVQsO1EwG51ODHJYqpLHuFvJqW4oRDXQLtGXnLhtAWL7lwDq88IH6efqlbfC53ouYmsOwBh5fb4///5Dx4NHhnLD1Ds8NlFKG5F/piYMFHRWlrEtIK5+oqCoCgryzOwqth+OIlBZQQjKFnu9iAVFBoRLlpd3mkX5FslJ3uRZ3V7HBe/1xr7LAT+VXABOA6bWbiUKZYvBnsD/0stOqN91A0l/zrB/YEk1lbyGqXF+G8E8Atq17CbfLSfZZaWSBfMkvkr0U8u7UxzOMFa50qr2ZjemFOVsxvmeLa78yeKyW/+lWaWK6XEv4MJTGi4YqCEXx7QGro8TqDX42YkcwJ/YP+FXEHyNZc3QhufVAjBYUyv11AcHUAhGJ1C5vcCYD7f5034tJVMhF7x2d6A2N+6JRqthYO3CzAPRWlMPr1PBpKRGUIlQmxoZEYACv21xMUaPaG/QCKxOkB9rXLQABqsF40HBQKhN7z0zUbEICotZOtijTXNS5c/cEgSm6lO0Z0YlXuxdoqftgxwsm8/qG2/ToUqPmXJO9P3IcOVKwWvKz3ymHGssMsliEuAPHV1R1itjnv1x4+e5E6mBcTGOC6HwdVKdlk8JFIsJ81qNO/La6/rBV8rbgjibyKjIBsp6DT6TTXelg6Tzx/mUrHURr3mxERp2d7pcgi0wDdiO7eoIgcySfMMyhtrL60CTUh5M6lIv0ZYpMpvMGxexFokQQ+iiwu5+A5/WOMmAQMNdor0WKROqdVjsT1OUABtmzMyNEQTqGpwIUcdffMLuKQxW+RjziRRjXfucQ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-07-29 09:17:44,198 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-07-29 09:17:44,198 - INFO [Shibboleth-Audit.SSO:?] - 20210729T091744Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-2bd293f88432ea72178f1c8d441be10693697e1b|http://10.108.141.203:8000/v2/sso/saml/cdpidp-cwduo4ywdbqaz7a5wufv/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2e5f00ced53133618d11785c5ee36af8|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxbVSr+iX170mUp5YK6PHHXbdJU2uXgM8CT4lXxigMmN/3m45h0mL1AmRUgdwVfTTDbKU8mI7VCH7NWQzLne8PpPwEhIxeryNS0pWgu2I3mD+WCNM4WXzFfzS62g4ZGl3f2dCGRwcCrugWZOiXE/vzA+rmnly3w/e3mSiwnZRl9tc8VK4P0m9iAXOtUbruKiaU|_8f9e0173a3b42b0973852f83585d5a61|
2021-07-29 09:17:56,649 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: Z2rzS_6-iHAqs78FfSt-wNvarPp3L5LRfTLH0GOwJgzV5H5zwI81q50w
2021-07-29 09:17:56,650 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:17:56,650 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:17:56,650 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-30aa0471d2afbf879db4c32b8f6f534438c2eba2"
    IssueInstant="2021-07-29T09:17:56.594Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:17:56,664 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' from origin source
2021-07-29 09:17:56,664 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:17:56,664 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:17:56,664 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:17:56,664 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:17:56,664 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:17:56,664 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:17:56,664 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:17:56,664 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:17:56,665 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:56,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:17:56,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:56,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:56,673 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:17:56,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-30aa0471d2afbf879db4c32b8f6f534438c2eba2', issue instant '2021-07-29T09:17:56.594Z', entityID 'http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:17:56,674 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:17:56,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:17:56,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:17:56,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:17:56,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:17:56,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:17:56,675 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:17:56,675 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:17:56,675 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:56,676 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:56,676 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:17:56,676 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:17:56,676 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:17:56,676 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:17:56,676 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:17:56,676 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-07-29 09:17:56,676 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:17:56,676 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:17:56,676 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:17:56,680 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:17:56,681 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:17:56.681Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:17:56,681 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:17:56,681 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:17:56,681 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:17:56,682 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:17:56,682 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:17:56,682 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:56,682 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:17:56,682 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:17:56,682 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:17:56,682 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:17:56,772 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:56,772 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:56,772 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:17:56,975 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: lbjjYluHZlpYZlpGAk0tHfi5nRfyWGhgNvgaRlOWlQMdZUNzxlFy-CRb
2021-07-29 09:17:56,975 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-07-29 09:17:56,975 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-07-29 09:17:56,975 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-19215bf8caecced885536be27a69d91814beab17"
    IssueInstant="2021-07-29T09:17:56.91Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-07-29 09:17:56,976 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-07-29 09:17:56,976 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-07-29 09:17:56,976 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-07-29 09:17:56,976 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-07-29 09:17:56,976 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-07-29 09:17:56,976 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-07-29 09:17:56,976 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-07-29 09:17:56,976 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:17:56,977 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-19215bf8caecced885536be27a69d91814beab17', issue instant '2021-07-29T09:17:56.910Z', entityID 'http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' does not require AuthnRequests to be signed
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-07-29 09:17:56,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-07-29 09:17:56,978 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-07-29 09:17:56,978 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-07-29 09:17:56,978 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-07-29 09:17:56,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-07-29 09:17:56,978 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:56,979 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-07-29 09:17:56,979 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-07-29 09:17:56,979 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-07-29 09:17:56,979 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-07-29 09:17:56,979 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-07-29 09:17:56,979 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-07-29 09:17:56,979 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-07-29 09:17:56,979 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-07-29 09:17:56,979 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-07-29 09:17:56,979 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-07-29 09:17:56,980 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-07-29T09:17:56.981Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-07-29 09:17:56,981 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-07-29 09:17:57,073 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:17:57,073 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:17:57,073 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:18:00,058 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-07-29 09:18:00,058 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-07-29 09:18:00,058 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2044654354::identifier=rick, context=org.apache.velocity.VelocityContext@46e4a56d]
2021-07-29 09:18:00,064 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2044654354::identifier=rick, context=org.apache.velocity.VelocityContext@46e4a56d]
2021-07-29 09:18:00,067 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ed31812e86111d83b6e3cefaf7751aecb3f42d0e8092c2c65fc874fb2f7ec962 for principal rick
2021-07-29 09:18:00,067 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session ed31812e86111d83b6e3cefaf7751aecb3f42d0e8092c2c65fc874fb2f7ec962
2021-07-29 09:18:00,068 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:18:00,069 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@589ab5bd'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-07-29 09:18:00,070 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-07-29 09:18:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.108.141.203'
2021-07-29 09:18:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-07-29 09:18:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-07-29 09:18:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-07-29 09:18:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-07-29 09:18:00,160 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-07-29 09:18:02,194 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-07-29 09:18:02,194 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-07-29 09:18:02,194 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210729T091802Z|http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1659086282195}'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata]' as '["rick:http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata"]'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@589ab5bd'
2021-07-29 09:18:02,195 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-07-29 09:18:02,195 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-07-29 09:18:02,204 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-07-29 09:18:02,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-07-29 09:18:02,204 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _cb2963922016c2635863a8a6f56ec668
2021-07-29 09:18:02,204 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _cb2963922016c2635863a8a6f56ec668 to Response _632f0d83aa6202816ea98f02ad09447a
2021-07-29 09:18:02,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _cb2963922016c2635863a8a6f56ec668
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-07-29 09:18:02,205 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxUaHpj9WGa+DZ0QOqg76EXe4RTqIVuCjbHbbIVc/JPcETG+9/CDCNoF8bIcvmafUOnlk+rOxP/geRgzkK5DMXLhE5s+6JF3OB6rNWyHdOX9y5siAw+4UaE/lPtKivY7P4dBFyMmZpFT/wQuSL86lPeV0shhEsFcDs998rpO8DgTQUcqjag6/wQ2yOOZouOQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-19215bf8caecced885536be27a69d91814beab17
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _cb2963922016c2635863a8a6f56ec668
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _cb2963922016c2635863a8a6f56ec668 did not already contain Conditions, one was added
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-07-29T09:23:02.195Z, to Assertion _cb2963922016c2635863a8a6f56ec668
2021-07-29 09:18:02,206 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _cb2963922016c2635863a8a6f56ec668 already contained Conditions, nothing was done
2021-07-29 09:18:02,207 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-07-29 09:18:02,207 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _cb2963922016c2635863a8a6f56ec668 already contained Conditions, nothing was done
2021-07-29 09:18:02,207 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-07-29 09:18:02,207 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata as an Audience of the AudienceRestriction
2021-07-29 09:18:02,207 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _cb2963922016c2635863a8a6f56ec668
2021-07-29 09:18:02,207 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata to existing session ed31812e86111d83b6e3cefaf7751aecb3f42d0e8092c2c65fc874fb2f7ec962
2021-07-29 09:18:02,208 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata in session ed31812e86111d83b6e3cefaf7751aecb3f42d0e8092c2c65fc874fb2f7ec962
2021-07-29 09:18:02,208 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-07-29 09:18:02,208 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata and key AAdzZWNyZXQxUaHpj9WGa+DZ0QOqg76EXe4RTqIVuCjbHbbIVc/JPcETG+9/CDCNoF8bIcvmafUOnlk+rOxP/geRgzkK5DMXLhE5s+6JF3OB6rNWyHdOX9y5siAw+4UaE/lPtKivY7P4dBFyMmZpFT/wQuSL86lPeV0shhEsFcDs998rpO8DgTQUcqjag6/wQ2yOOZouOQ==
2021-07-29 09:18:02,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-07-29 09:18:02,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-07-29 09:18:02,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cb2963922016c2635863a8a6f56ec668"
2021-07-29 09:18:02,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cb2963922016c2635863a8a6f56ec668 and Element was [saml2:Assertion: null]
2021-07-29 09:18:02,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cb2963922016c2635863a8a6f56ec668"
2021-07-29 09:18:02,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cb2963922016c2635863a8a6f56ec668 and Element was [saml2:Assertion: null]
2021-07-29 09:18:02,211 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_632f0d83aa6202816ea98f02ad09447a"
    InResponseTo="id-19215bf8caecced885536be27a69d91814beab17"
    IssueInstant="2021-07-29T09:18:02.195Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_cb2963922016c2635863a8a6f56ec668"
        IssueInstant="2021-07-29T09:18:02.195Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_cb2963922016c2635863a8a6f56ec668">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>/1VM5Hmvny7GXuAiuibHkC80pnL53oDv3hlgicKztjY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>nk3uiYh0w0LMPi1WA/2iXWGFt6rns2HeVV1vCKkw2gNdDzZymSJ71zvaJJi3Fdc36h8IYtq0wMJuoPYObUg9rerPDyLPf0REBnE+88zBgbJT6WC2uGUBFs26qzuvs3GoeBQRNy8iUbiA+hFRu5Gn1MQDAg/oXqWtXRr0o+cuJG6x6z7lKCcNm6CobdgaICPYkS3OuA8Fbl0aAhqGl8q1xMpuQ+o0NkU5ffxPoDW1KWFPLZG3V2JvYeZDMLnZZNctZR7I0jYCuqqdt8LDWT4lZEudXnQFuL9dH1yyIhLLL1h1QAjwXm3jSdjWKvGViisMPKEySjg1rFNmtgi5OPCPJg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxUaHpj9WGa+DZ0QOqg76EXe4RTqIVuCjbHbbIVc/JPcETG+9/CDCNoF8bIcvmafUOnlk+rOxP/geRgzkK5DMXLhE5s+6JF3OB6rNWyHdOX9y5siAw+4UaE/lPtKivY7P4dBFyMmZpFT/wQuSL86lPeV0shhEsFcDs998rpO8DgTQUcqjag6/wQ2yOOZouOQ==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-19215bf8caecced885536be27a69d91814beab17"
                    NotOnOrAfter="2021-07-29T09:23:02.206Z" Recipient="http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-07-29T09:18:02.195Z" NotOnOrAfter="2021-07-29T09:23:02.195Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-07-29T09:18:00.067Z" SessionIndex="_2896172bd83f18db2c6e20e392506106">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-07-29 09:18:02,212 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-07-29 09:18:02,212 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-07-29 09:18:02,213 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_632f0d83aa6202816ea98f02ad09447a"
2021-07-29 09:18:02,213 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _632f0d83aa6202816ea98f02ad09447a and Element was [saml2p:Response: null]
2021-07-29 09:18:02,213 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_632f0d83aa6202816ea98f02ad09447a"
2021-07-29 09:18:02,213 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _632f0d83aa6202816ea98f02ad09447a and Element was [saml2p:Response: null]
2021-07-29 09:18:02,214 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-07-29 09:18:02,215 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.108.141.203&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;TestIdentityProvidersCRUD1&#x2f;saml&#x2f;acs'
2021-07-29 09:18:02,215 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-07-29 09:18:02,215 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'lbjjYluHZlpYZlpGAk0tHfi5nRfyWGhgNvgaRlOWlQMdZUNzxlFy-CRb', encoded as 'lbjjYluHZlpYZlpGAk0tHfi5nRfyWGhgNvgaRlOWlQMdZUNzxlFy-CRb'
2021-07-29 09:18:02,216 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    ID="_632f0d83aa6202816ea98f02ad09447a"
    InResponseTo="id-19215bf8caecced885536be27a69d91814beab17"
    IssueInstant="2021-07-29T09:18:02.195Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_632f0d83aa6202816ea98f02ad09447a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>1n+BRp/tjND3Uq0yTWIeAI4crXiV9OA68zMT54tXyyk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>BNHLPYSQC0ANoCfVfLBy0bYa4G9jzbkV8O5MwJxrpnVEcV/D85H8zFXtRc9KCIbKBIVhwmDvuMB4G3Zuf/QJWLa/zNdoID0QdQVsgVh87kF75w+ENntWnieyRa7sBd/OzLpIzAbVCJPhSw9lqodoalFWMjcYl1G+BaohLGZlAxOMO8xKNczWMYk8WcCQOfip0UPY15HbBgUo+8cRhG7y1n3i9LcprdneT8szpaOpcKEdpi1gf7nMIGhi68xyc9DuOJsWiRYahGQU/jXCPRNh0s2fSfEt1pVBJNSEabcPrEQt/sRZktL6cLXn26TIsVDFMVY4RdHYP+eulUsRwDzFJg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_692854293dd00f5318ab78ac45c73454"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_cd49806830e9962f4d4b985c7da715aa"
                    Recipient="http://10.108.141.203:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUHsK4640I/F0eowKScH/+nxpdvokwDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA3MjkwOTEyNTRaFw0yMjA3MjkwOTEyNTRaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC+3dL8EQkUTd3XH/eFj6Wsls4YCvEszZIYG7zfAyQ5w9WwX4WWZ1ZPKgaivPvj2Om+Xu8gG3Qg
IA8wk9Feh/2mMxs82Xq0Th4K4p3sK3nlFqv97x09wFYS9r+SYHHax/pm6O4qA7mKbob1OzTO8C5L
+dcvkJypX6+xaF0wihfRPdP6nXMFGTow38m0e1qh4mdwqZZzEJh/GLaWUgIffV08+Oc3poffymDD
07qHqHfF9Hmd+82YfZyTUfG9gaRRQQ+Rgd3pnT++/yDZkC9LlfsmjQKlk640U9z08+nL7eFiAgHg
XuDMkuv2j44JjNojLchf2DFWIt1ydYHOIA