2019-06-25 18:01:07,041 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-06-25 18:01:07,041 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_uo0afy7vs92p5dbujydclho8tc2otgdd5do6" IsPassive="false"
            IssueInstant="2019-06-25T18:01:06.274Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_uo0afy7vs92p5dbujydclho8tc2otgdd5do6">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>aSNXv+HLZePbpFq/S/9UhXRoX3A=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>bBzjvulA5OdA2xt5MGJHWdqCJNJaF4cW3Qc0NwI0hbqEVL5j89V6dfwB3JMpmggWUaNj4fRfg5kz1fUFIjNgFpVk6iaRHVVgtSw4j7OjKqSK3fn9XPjD9SQsg1AxZBclyOFcM2Um1ODyrX7KY4VHpmySQPczkRhYYq27VGksEIk=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2019-06-25 18:01:07,048 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' from origin source
2019-06-25 18:01:07,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:01:07,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:01:07,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:01:07,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:01:07,048 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:01:07,048 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:01:07,048 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-06-25 18:01:07,048 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2019-06-25 18:01:07,049 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-06-25 18:01:07,049 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_uo0afy7vs92p5dbujydclho8tc2otgdd5do6', issue instant '2019-06-25T18:01:06.274Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-defcs.poc.hybrid.otc-service.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-defcs.poc.hybrid.otc-service.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:01:07,049 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_uo0afy7vs92p5dbujydclho8tc2otgdd5do6"
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _uo0afy7vs92p5dbujydclho8tc2otgdd5do6 and Element was [saml2p:AuthnRequest: null]
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_uo0afy7vs92p5dbujydclho8tc2otgdd5do6"
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _uo0afy7vs92p5dbujydclho8tc2otgdd5do6 and Element was [saml2p:AuthnRequest: null]
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_uo0afy7vs92p5dbujydclho8tc2otgdd5do6"
2019-06-25 18:01:07,050 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-06-25 18:01:07,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-06-25 18:01:07,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-defcs.poc.hybrid.otc-service.com
2019-06-25 18:01:07,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:01:07,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:01:07,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:01:07,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:01:07,051 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-06-25 18:01:07,051 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:01:07,051 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:01:07,051 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:01:07,051 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:01:07,051 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:01:07,052 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:01:07,052 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:01:07,052 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:01:07,052 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:01:07,052 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:01:07,052 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2019-06-25 18:01:07,052 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-06-25 18:01:07,052 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:07,052 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:07,052 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-06-25 18:01:07,056 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:01:07,056 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2019-06-25 18:01:07,056 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:01:07.057Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-06-25 18:01:07,057 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-06-25 18:01:07,058 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2019-06-25 18:01:07,058 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-06-25 18:01:07,058 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1992610275::identifier=rick, context=org.apache.velocity.VelocityContext@1eae982]
2019-06-25 18:01:07,061 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1992610275::identifier=rick, context=org.apache.velocity.VelocityContext@1eae982]
2019-06-25 18:01:07,064 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-06-25 18:01:07,064 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-06-25 18:01:07,064 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-06-25 18:01:07,064 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-06-25 18:01:07,064 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-06-25 18:01:07,064 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-06-25 18:01:07,064 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-06-25 18:01:07,065 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b30787785edbce5caf5e95e7386abb874af6df762675d5835490b5d51b308766 for principal rick
2019-06-25 18:01:07,065 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b30787785edbce5caf5e95e7386abb874af6df762675d5835490b5d51b308766
2019-06-25 18:01:07,065 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:01:07,067 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:01:07,068 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-06-25 18:01:07,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-06-25 18:01:07,070 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-06-25 18:01:07,070 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _16ac8c585c72e5c382695a39e9be7429
2019-06-25 18:01:07,070 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _16ac8c585c72e5c382695a39e9be7429 to Response _254c3da04a7e3a73a10750aa1db8cb5e
2019-06-25 18:01:07,070 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _16ac8c585c72e5c382695a39e9be7429
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-06-25 18:01:07,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-06-25 18:01:07,073 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-06-25 18:01:07,073 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:07,073 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:07,073 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:07,073 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxQXi4sHfKWKte8AyujR439aerWBRdvia2bClBPAgCo63Vw5KgshbKRxCVYP34ja5Hro5qBIJzux7TGa58PKtxnVRrAjH8vbbjfZo3aF9ijo7Wpd4bOLWhl/bTU90D4gNeXsNGPRqdXDkDqq2cBFoyEnMl with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 46.29.103.49
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _uo0afy7vs92p5dbujydclho8tc2otgdd5do6
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _16ac8c585c72e5c382695a39e9be7429
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _16ac8c585c72e5c382695a39e9be7429 did not already contain Conditions, one was added
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-06-25T18:06:07.068Z, to Assertion _16ac8c585c72e5c382695a39e9be7429
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _16ac8c585c72e5c382695a39e9be7429 already contained Conditions, nothing was done
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _16ac8c585c72e5c382695a39e9be7429 already contained Conditions, nothing was done
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2019-06-25 18:01:07,074 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _16ac8c585c72e5c382695a39e9be7429
2019-06-25 18:01:07,075 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _16ac8c585c72e5c382695a39e9be7429 did not already contain Advice, one was added
2019-06-25 18:01:07,076 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session b30787785edbce5caf5e95e7386abb874af6df762675d5835490b5d51b308766
2019-06-25 18:01:07,076 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session b30787785edbce5caf5e95e7386abb874af6df762675d5835490b5d51b308766
2019-06-25 18:01:07,076 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:01:07,076 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxQXi4sHfKWKte8AyujR439aerWBRdvia2bClBPAgCo63Vw5KgshbKRxCVYP34ja5Hro5qBIJzux7TGa58PKtxnVRrAjH8vbbjfZo3aF9ijo7Wpd4bOLWhl/bTU90D4gNeXsNGPRqdXDkDqq2cBFoyEnMl
2019-06-25 18:01:07,077 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-06-25 18:01:07,077 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-06-25 18:01:07,078 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_16ac8c585c72e5c382695a39e9be7429"
2019-06-25 18:01:07,078 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _16ac8c585c72e5c382695a39e9be7429 and Element was [saml2:Assertion: null]
2019-06-25 18:01:07,078 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_16ac8c585c72e5c382695a39e9be7429"
2019-06-25 18:01:07,078 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _16ac8c585c72e5c382695a39e9be7429 and Element was [saml2:Assertion: null]
2019-06-25 18:01:07,081 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_254c3da04a7e3a73a10750aa1db8cb5e"
    InResponseTo="_uo0afy7vs92p5dbujydclho8tc2otgdd5do6"
    IssueInstant="2019-06-25T18:01:07.068Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_16ac8c585c72e5c382695a39e9be7429"
        IssueInstant="2019-06-25T18:01:07.068Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_16ac8c585c72e5c382695a39e9be7429">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>p/CSDIZyRBsQg3gW/83vC7gn0XShCyWijgCVOiKsKRM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>KBC5GEEmMaVrk8qiqinbShrqCvjo3JD4pGZHwroFfnRHTgrLFjzX1++NJRjW75Zn21HQz0tz6bYB2PzciD8XiXZBz6uTzs+H1PI2wUEUWhRpetRUaLtcTbP7YzeBo8VahkrXLaA4iJjnUGGypTjfDo2geLxz6QtR94ifpEnU9hdF6j0LuDh4SmU509nnGbktgY5+PiEpZsa2J3MgZAAcjpu0KxTx4rk6TqHB935BHrnHbQSxfC61ZpAjWEae/TpknSVzjMLl4kCSrlYKFMBhmvgvNJsd4Mg7OxRgfEepJFwLUnfgtswyn0CTJl1m1vFJ8iHLWrYFesKX6dY9cLJjnQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxQXi4sHfKWKte8AyujR439aerWBRdvia2bClBPAgCo63Vw5KgshbKRxCVYP34ja5Hro5qBIJzux7TGa58PKtxnVRrAjH8vbbjfZo3aF9ijo7Wpd4bOLWhl/bTU90D4gNeXsNGPRqdXDkDqq2cBFoyEnMl</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="46.29.103.49"
                    InResponseTo="_uo0afy7vs92p5dbujydclho8tc2otgdd5do6"
                    NotOnOrAfter="2019-06-25T18:06:07.074Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-06-25T18:01:07.068Z" NotOnOrAfter="2019-06-25T18:06:07.068Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">HRJ/sOsMTzfurqcNvf3QrWl3n9pPeSrNliP3Efh9pxc=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2019-06-25T18:01:07.064Z" SessionIndex="_a310e9a2ff24d32989b2706365cf7450">
            <saml2:SubjectLocality Address="46.29.103.49"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-06-25 18:01:07,085 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-06-25 18:01:07,085 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-06-25 18:01:07,085 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_254c3da04a7e3a73a10750aa1db8cb5e"
2019-06-25 18:01:07,085 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _254c3da04a7e3a73a10750aa1db8cb5e and Element was [saml2p:Response: null]
2019-06-25 18:01:07,085 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_254c3da04a7e3a73a10750aa1db8cb5e"
2019-06-25 18:01:07,085 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _254c3da04a7e3a73a10750aa1db8cb5e and Element was [saml2p:Response: null]
2019-06-25 18:01:07,089 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-06-25 18:01:07,090 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">HRJ/sOsMTzfurqcNvf3QrWl3n9pPeSrNliP3Efh9pxc=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_254c3da04a7e3a73a10750aa1db8cb5e"
            InResponseTo="_uo0afy7vs92p5dbujydclho8tc2otgdd5do6"
            IssueInstant="2019-06-25T18:01:07.068Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_254c3da04a7e3a73a10750aa1db8cb5e">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>0XxvIUNV3U9JyMqKYrFSkLO834Wo9GxaM8XHej0YgTU=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>RPmCPH/uiGGgbMD5dAuRXB2Dpf1qsHRKjZ7R6r3KzKdEGLPZeuSACcwT7gCIN/pg758h1EhzSOd/zGV0uT5B0RqE3PHAPxoO422MuC5JesgOJ5vRYwCBMOhDErgOdWqRavtPRM8RfOzA4CSjcq/fWZAQJN870OeLaVc87lKHrv9ep2xM6onE9B5L7Ass1sc7mp5NmeH3DVXx/tXhfxDprd3CF5kJHHjGXRW0v9Y33Kk/t0nXiH2ar6VQudQomefnTj5D/ukR+hhQtIO4jdpb0sAqe3RVGgZijRBbFEDnJ0JxnGaB4z9rbb7oOxwB62BJQjhov20MRCA+SQcte4QWbA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_9ff4a5fd95106620025917f6a62ac961"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_99ab4f55762735ffcf38575affb55cc5"
                            Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>MhJDKQNbIFmc+jS+EZkJ+9WHIMvR1cVSc8VsqME9INJNBqDbGNgWIhHg8rDxngRW00SfqG0um+A/qdJHaDE5FKNQSjkxb0OYmjIDH8jRlKuxKDox0ZctXCPQR5GihTUUFKRcjeKgh/9PweMlQlU8T+W1V9RkVIbPMM/2HRBTIoo=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>rhGrlx3ulHzFCyRSl5Vq5/onv+D6b2/cxg+cB2HuSmZFKgj/FCw4MSI2iONVlSW2LjUnLtV5bs96/GNYMIKWNow+NF1mIoGzhuFIUUGbFzTjnFBvMv31JoYyRLFvt5p2Nic6MEOZucagw9z0/1/B38kt1J1YQVumvApaYdpTul8yPLIP7/wrDXc4aRzSHDZj5vMxadnqNOpwxC1KyiffgdP7l9HqVo1bUfaWJSCWXEWIkrAm1TcVrLVdyxpXogW69tTm7uG7LVQlqygpfUfGlvo2KCK3B/iXNZTxYN30Ao25MhbxrrlPBD5Hkv7dMYQbWZcKT4r0NepJSJO5QBjICczgk47BZWTaYJonh+erYLHZxL1sDdNfo9zfQlhlpEzoluznv3L59y6yWk1pF6Gursb85nAjzFn08rcnjkPhzh3/VmI27seTDmJUrBSjXRW45hd6kiJBPc7WMEmEOPT2nyVxo0BCmCvkVhmazRIlmEel9R2pXHpBcro+H5LfWgMbec+XMRHz29sR3jSpmWWmn3xGU0tvkD9olNJB6rjNdoWzZ7ChyEX7pAtOezWvpaRHp6miuPGd/mMSDIYpATQHLbSxix0n/JMtz2mMqWbtS3vMwGzR/hFGm1YqFCT7jNStZc72ta/GfSPy3uCf83vIVTnVIaOQwG7QSPEjtSFKe6Kv1iB57qhCWkR5axOaO5CZ3+CwPNUGAGNhsxSOzm6JFcJ/nQ1A+wFCXlwVmgVw3gXuiey1IgQWiaZUhSSpapk6fImK+QpTTfh+Lx0HF5gXimA+YgIOOmxjpdpMzHMWFmPzGCWR/UVDy+EaXNbcijMVlJ0rF+mcL9kWxLDPgtWEjHhlJ5jd48YjL3T8U+63y5sqvF6oNz+ckfbRq/JR876GGVWZpDhHk/jORE9PxZvncofs+fZ+EXeg8+laC8NhpfFMDxf1mQQWq53jDk7L9KyER47phVggaz19GmJcJoMS1N8fLr7ntlMc3SUNihNmGSDcaHvZC4YM/QgtqzftLzsIzM5mMsQoovrXoVgcn0hItIf0jkhbju/lXl9IpLDOhmIMdLjLORVVsfBWsEsgiDOrOIlH5k4+aSNZ4nCOuWOviHNSM/71k/hHTqQCzBkDmuOMoZm8d9Z7rfrWnEoDc5zGinfFw83Aiyi1us7H3rwLNWWwXr7MYVdtA2vRUaVy/OgQau7LXIRZqlrbPVcZ6EsaEyp0m68NhLwLRo6JENwyc37IWcOyMvrhUe3HW66b4xaUMIy5tPqy6yLYleSjTPpOO1KdYJTb3NQXc8QRz/Disa3hfeWS85G/VlRrIQEq99lf+/xktnt6x8WwJ8r3FC0iy5th0aFChVRPHIGLF7QNg8u0HeZKOyZWlw7aKshGcFwHLCNvuujTIdSh9WM5hnZ0CDxGeOZOlHGHJESdqkUSw9WTfLHZKCiUvDAYeFiVCuP/RXTI2AWrqNJyfi/+mUm1dVDbdVTiZwe4UceF3z3lq2iRob/8m8oUIQY1FCQOssiSH862TU2IuEZ932nTLi942IMxiDgdu4jaCicdOBOIIBOfu7ODBIniBxgwHYskjUtOHV7MumPe2xNIc+n7lbj+t5AFpSRwURqxqDtTYk4Wa4Tbb4j1qMTfzAP+tY6RI2I5WCXMkBMRgP7NWZSmLENTZx0NnHsn7I4iZw8B8o2n6wdn9riLelv+nw98nNltUeGo399S1QxT6E1V+jZi5AmJlp0GB4OHF1xhRqJwsbQtkmnYUEhy+5ykiV2zAMRGB5Vx51dJfw70Fdz+I5ATjBH+cLcjx5IRQetOCFotL6ZUsZhGIZJodzDixNFpo/rIinZAVZyU2ZTK3/ciH6UjhxJjEbUMOg1XLNuXluQNW4FuVvr2TRZmXfO5oV7Lpl1O09G16OMqriM503JHBCz06GlRUAsGttaBFdzokpgfcKnfgdiZoqq9joX+PVaydAK6M46qmciEyX8sHtQ/SeXoZrObL8/K+kR1mhh7ZkDuqXCnqbOD5XhH/JjMIGcTPKDHCY3T2MKQOrZLpMu6hCVLXWh+iXS1NeAD949bsCSLQdZSEeM8cPdeodK+SxPowxPaxRjBxFMgB6GMFU6J8Lw3zu0LX5I3yr1+vMrB/449JDs5i6Q/bt0UHnFk79jBTX4DVqZp60EN7ttIi5a4vJMJuvOGLX+6RRLys8hhmFRBwEu5KC9QavjV112n362BTxbSEm5zlnt+5e2ttWFaL6eu3AwfOivuVB+PCO9suyH45zLoVEukxhFqvQ0yaMx/jaRGKVLIGtD5/jfrv+JpfnzVV7eSMaY6UG/UDU22uuxHOcTVNPdIgvbcatjKKLjF/totyrc8xu5f/hHEqhZN6seUksTu2Kc5+GLe1WNM+BiLLylHrlWG6JdYOuu1+wpxxSL4peT2dzmnnvXFpJUSXe0rYRo3minHvm3tVpqmgxQdwmaJNu4qxgONxt86rnnAbpYNxXPkL97ZGOfrGCdfMUHRbs5H8fgL3p2eudeWu9ATBkgcUjWgNc5Qm/zDX7OoHmKNDU+tUNeam5xv4f3pzBEgPNpSd7uCLR15+kb9Gtwe8cx2gXu6KuWBQQGOUg9hs6dW3e9/BzNs7KrupNJh9+iZBVnYFvJU7sYhO8F/iTY3oIMYZE7wlO/C8SmDzjjGqeZh2aVfFlCsi3iorieXgu0yTMzsxAsLRxpIJOvtef7lNoWrX4BWBurSZtFlAS8SHvRoulZgnOI+tQWiiF4thTI+gOYMY4JTE6K1+WkCfZ3+nrsRc9PVnv59AqOva3Q1J+Fvn1lgYxHl3QDD5zgBmPzuLeSpCOW8SMU2t8JkUIi9lLq8uRSZUEr3vCFtSDplw0A4qeC0jbAbK5QkEgBKMiIBjJ1VWmijHze5Xfs/MfbxALvGw1V06En+fyMb2nfJWpzAqYuq3UZdKpN0GHfjTGWYcPJhBI+UyCCneqFZQCD77MUVvIBXyHv4PnU0leYm4wZKj0uPbM6bImSYLOEk0BKjWNohFRabgReWLEqw3dY0X1hRalIMfX1c55GOhlVujX9cFK7yBjHdCJrfI4aCwyAt53GzJ2bX1GyLOzv9OufPMYy9DlmUVSKl09t8Tb4yPU7eH3pRYF79ICvuQZb+59YhnBJ8TxtDh1nNUotKOKU+ducm890pQZqd4XOcl2BXy9e2CoRCURJcRfjBX9G1k5XVSRpmAtDHrnFUa/U2jJ9aIfW+WkbnYfPhNYOt0y3Pl/urrb7evGYpnl/0KqSG8I5Jhb64TsyeAAFO2yaEC9bw6UkwG1yiONg9o+Rr+lUbsiWK+5Pvx5xH3J/+SezlAzpEQnI43DxF7FWtDd+TTXRb97MlbqgNtq51aUZn3jdNeEDAwql7qjirvIdorxyCgRwL15m8HvoUkkcCikfjwzzmoWaK/TDEIxuKNYBtRBzE7FnibYHuK9K1oSgXYE9ejvn1c0j0qmiYiu7vpsQkcSHn5HN692+9CtmzwoY1gFfo3zh+TSd+ee56dNDFVaZws07LqL5YgNrsCdIzkHmrnxcUXDip5qCLUmuDKixvUGshxmorIwTMOG/FjhSeGjaCE/H0ahXcTsQM5mMua9KidoF+SuTEzQIuBIvTca1ceOPJsoaG0W7bkyz+enFjuK9Gk6WXpY+aytoG7liXrkr1qgSla7iYBqcdwNkD07TIyN8xW5TcBVCUSU0jG04rOWYeruF4JbeA7UE3cOWM8pW6gzteiVKA8JHTnMmabNi9H6nAZchHqGjYjV8XLLJHGZ69NhFH+MIdCmHNb3ptFIAKYRTnTde4LSqCnrxK/RJKNJnCcicXjhrQGMDp8EL5ZaTmIDqp2tO1IGtX9m4o+qpshc4EIqahzD5xzFLg1UvSRDIx/W4qFR37EQct2xotp2NdVhuHvL3tgnh2Z6TeAm2CfgIa92LykSVcHMIq4qDoeJ/7QXQIS79SJ7peNkiX6BdGlIcNKbwoWOWT1KXVGEf2XyQbqVIdI9F8D/WhwpoFRHbSRJWsjqmHHmlBI5rEF4dcBPeaI/aJa503VJxwBeRDJBSovAQPMM7+GYOW+jH/lvKnD4YIJZjyq4DWe2l/BGINSs4mPtkuwwwfK+wpIJbuMJBn1cn1+V0aEixDfVKCRTeYg89DVNF4gPpJ26ZqwHTUWw9qRY7DYoA4j8rM1cq8yvAgouEY8iNv570gMkHk3MN91kFAnZZ0bOcPy95XBoS0MdG5yM9jDGHLyTgyw0BWiEvmU4JM/mILpBJl90bpIavwB1vwlAStaUyzeZj2+oFD6T0XcEIJtbKECoRndobQIQTAtspnz9gi8jXMKTrGeRojshwhMlUSC7y0HZ7e+3G6m6uzs/Px20FF3OIpsMfLhg8mGaNmjgCvdZGYMhwDYWuO1z20IMQZOhm7jEXpPmBnaLJDXO/gHYVihbbN2yQgVJIwvklSL9wTvJNg3JPs8qhhLpU1Daxpb9z4rjWc9noyKGVqcgdyRSjTKS97Ev7K5MNd0MK2lNEHHiUZBa2pbjmlAm9WwaTffF+gTPdP/T4PNqp+lWp0eUdCPGGYVrG/0tYSvilvNFhNaQPnd5c+SkGmI5ll85KZbKFuz8n8wPl87kGlcpHUJz7nxcFrc3x+W8pA0js9A1BG87tG1GAlDoEgyDVeONJo44IQf1MR/TE+6q70NRZuaOs+lJTBy6IgKIP0NO4+abAoqKX7AxZFCMl6t3iP2pikqNXpNBK9t+ikRNuVYL7g5jTCw9fYcbvfpvP7tg6afF9MPC6r8k1jOMPvVXx/N8S1h5E8QFcFxkhxmY5JdYo4v6rI+Fcb62gtq8FJYXtoFso0fvX2B1EVTLPeJE8OTR4jSLI2dkABZKBT/SAkD2YYuP6a9ZjsXsG2LKsy3idJtsy97w9x/oyCKWm63YYdaBUSpj/lefs+YOt4NsijWnhEAWbJUTDhZN14oJkT6zvIUnJ6XTB52hYXBCUB6hclLikrFKp2zXe/bhSZfkFlDmlypErzx+9/PspZRISGn2BQuRrt7dl4muwxCo0NhyMl5bGSoDqe6/JjHKiC1vHs2Zbkn8urqM81ZywsoDSTkIRxvGxqhw6WBk4RPWMPCnL4zoEaPSjq/xOI9nhB3LQoJnh+oYfIlqP0DFwAklw/2beSDaTMD4E86QGByoy7qcwPLLfrSKMwIck/++jegpIBCYv88FdCinmepjp3jTjUz8f4NrbGl9xqc0G1UrjB3nb3hoY5dcLggF4szKwegzaFhIctQuVsLMyxqTMbKlicDZ/NC2c51mirJxd9VfLfBxsJDDUQ51r8j127Y+DB2/Zkse4CrKQBXh9MCX+KahYOMWM/fVDTr6abodPx25d1cwhkjzbWkdDFxChQXKjkDK59PMBKT/wsE5T8sevSSmu1OlW/DPd/RWwcnVqlkdpZf6yuioWoyqP0ge+5xKkmCAO5h8i51+lfZ414/ylgaqJqkGZzlr1/Nxa/SJJYAVcKisgo3zpdmZ7m9p5SOx8MJkRf47dz3oll8pcIWPNJTnn9qvmxCxABqh/7H/guClLO6Ga6lt+5ReXMdlm50AvLFCRLfchLk2aTjhSeNCWA4mhnZmHMgXAqUdHgWGL9/CMxi2UtEm5DKeWuXsoGyfXmW/XbNw2vHQDBfwYd4MlmpCJYQfdMR2XXJuQ1kSNDWIsfyW6B3OIhx6wGXBgYM5FGJ5QQA5UzewmMbjPPZp55aoPJHt+C0UBC20D/xLnN1hWEOYnokLhOxRBAPh+edLUS7QSCWPpRvKcl3Mtb3owEVQKFdqcjvusRCAV2y9FsSSR0AgNf6ZPjfAnOGNzrBDhPnw72klOvcCxeWpBwEvliwiW+Bt2rQ02YZ2aNMxhHUz4nBXt/zVE1PBiRDFJpn6ngBpFpBvpcPldF0nTR34RgMkAC60WFt8R3cU/3qWAX8F/QGoBcthQSCjA2+mR92XURdjDTV8lpUvwZB661hLjZkEYPsOVp1H59JORSX/uXK6NIcm69e+v5WTdAXNF8yFt+g5FhTEDFkTcbXOvj1vcelstLhkuZtngqHA2mTIy4sKvdEmbypuXkTyN8aNPawZ0UauZPnNbtdM8c+V48Z05h3T05NYzdlPkZKbyosVOOF7ziGtldPzlD1ICSr3JrYEcU404FL/Lkal2syT6SOrxwuesTRowwVpIZwf9GXBRIDTcsg++Vn3knAy68g8BH7PAit7iSf6TcBu5OBHCV1dfFAocjBXEJfJEdPB/AS6wdrSS3yqOy9AEMjwlh7jTWdIMp1L1VftmpAieUYQM7CBGc9wIbHe5q4uT0RSONEuZajLfmMXy/w3wOUnuuWux8V7U2dsoCRJZeGwcR4Qnr2X8/Xj0xmmGyNYWQidQs9U3/zgtdDwvN6lREOnC7Xhfy7Q32+MNsbsN+a4sDhhiAGb8PMFoWBP095XQ+rcIa/9hZPUCn6FDTGhL1A1zMAadLFdAWHPTwiZNQR44pnLfyd0xsRqckV1Epw2cavXTtfiSPA0+jwmXPGfVED+m8Ck7z2j5uSBbhTeyT1yD5BhOWF4sJ/zQ6BUHcg5KqKevYsH9fICGahRzZNLv4QbL0ZvvRD6cmYVPonXaY1ZNKYa2tFD4d87zqjwHHOLdSHYOnrrqlJO2Ocnrxl1RH47xVTadra7738Cq7I3Xv1HzOSphCxH0XQf4kqqQZqs9tgI/oOR9gJF3wP3xSjMJRLF5KyuVKmrsOwoWmTu3VciEjNX8Dmlrf6oO7OZNBux+EFC0a1J1ibP9ztxD2XV61Ttv96xEo7pT4cWNMKW36eIpYYkz+QX/1eNGZJ4tUhfrR2DvUMmRsZfhPP7t0/Jg3rcVAEKe0Vy3nvIn3x85SKRmTiQ9Kof/4e575qUHzUF92jXdgLDdeLfxcJh8LvYvom6XRuTpUKW6b77BwCOhgfIp1V9OnoUoGmVu5Z5QMo4qUKbHq1arobdjrw7MOsv36jxRlB5hNmDTIuLV24yaP9W3pdx2OG4FW0FioWitrmcKpdvM626tnfzVsOyU+Q6RquAn0EC74HQoe3Kyawy6RUPtCHv5hWxy/OkldPChcC/868HJ50U758LKrZ3ljekM/ybkR5nZeCyaYpZvAM5tIQNNKwXwWMgljyAMM6fflt0aIZwLcAQZ5cu8TKbsMKufXyfIenZynUbEVs22V6HaTNCo8DI/gfzvsmfJPUgBh4h/jSdbqznn0VmpuvCFs17GRXms0ttlbtrWA9aB27HBU+ElTgDOBfLnP8dfXNDUElyScBknWc81/VxiJVL8Hht21Jss8s6OfjMOD8S/p/ca+AyOtUQZXUb+b0ya8UIUMK5XhsQRhzeb0d5BXrb7DEF8D5SkqKFpST1ce5oc1QYYn9c9RanMgSSh1mkIZ8nG4/IOM3k3BtbyjIsEsTiTqvyIAhI1/gUlUXBOXXDlUCpkbSEUewmkYAk7171/E1GroNLk/mxyifwm5iGGbAY2wptG1ijb8hhFpQoVcAjnMIJWcbzNWFaksC/J+AhtbwgvJ2tdx54mVp/04wLQS0rJxOhZ9qait4G4e/jI44sg0wkgbIjhBZgfg1NIe+Pnc67hxiPjQ/yq4sk5RCx0+imu9yhZwpWAZeuhglfKWfM+ULrFIwQpwSC7byXIG107/KGsJouqu99zuw7kjDzYP90F4JKMtKv8QRuf0PH5Q+JlXXKXUBP+bQm+u+GPnlLR9nDs4LFnF9fycLnUF414OFKP2LvFVNQuWCnVh6jHn2xlCU78rZLtvWwYIFlcow87qKVplP+dCf0dycviWLGs1s4nUO0rm3JQEd8BWlRiyQu+57z8HQwfmxuJF04At9wojQMhwzx8usMRzbs7Oxjxn385E0BAXQ83kvm3P30bX5BkwXD225aOhl3ExugbuRQR0sjilGf0I8VjiONQHNhwGhqPrYwDCxSHpn1yEiEqcMqoaheW3dSLxMaHqiNziGjc3Jv12I5kxvMwId6/fihDCpmS/oYBJWhtBhQnNhAu6ybyunLJibotfWpG41O7igEj41Sd/uMLz26b3UezCtweaocNaw49kmUivQoWtHA/omw+9KLM5Qp7+dI+8/fiYKkJtdZcbtL4WkMlquxXHMGNnZNCNE6LbuO7NfRhvjrS0zUrX2xMrnGeFBh7ub0riSnWQjVANRMhwbHzUZFEVXWWcL7ZrfRwUU+Ac4DfOygAFSkdpXPlG74QTtR1QGyjt2DufyReuqMwvgP1y2/q3bqMA8FsRx8lWOwsgsNFkLmtXntReulfYTyCAHV2+K1T6pX3DsliGzA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-06-25 18:01:07,090 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-06-25 18:01:07,090 - INFO [Shibboleth-Audit.SSO:?] - 20190625T180107Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_uo0afy7vs92p5dbujydclho8tc2otgdd5do6|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_254c3da04a7e3a73a10750aa1db8cb5e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxQXi4sHfKWKte8AyujR439aerWBRdvia2bClBPAgCo63Vw5KgshbKRxCVYP34ja5Hro5qBIJzux7TGa58PKtxnVRrAjH8vbbjfZo3aF9ijo7Wpd4bOLWhl/bTU90D4gNeXsNGPRqdXDkDqq2cBFoyEnMl|_16ac8c585c72e5c382695a39e9be7429|
2019-06-25 18:01:09,045 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-06-25 18:01:09,046 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_48g8ip5f5fhi9ek84bioryk9c507heph3tqr" IsPassive="false"
            IssueInstant="2019-06-25T18:01:08.324Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_48g8ip5f5fhi9ek84bioryk9c507heph3tqr">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>AStZfNUqN8PlUZNIJrYCBbtlrnw=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>L9YKAGjkB4JCHSbMayqFZhcgsuXF5im4mWPWjVkec6tIUwYA19pncLzbQEK37OxTkXpxuj2F7Dl75mNa8gFBqnbk53bC37ZuILZyyqOOPb6nTrjSDJXYhCF2vzAUpovZrSm25v3QTWbprbkH86dS+uovAvWL1h6I1JE2SqKfAa0=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2019-06-25 18:01:09,046 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:01:09,046 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:01:09,046 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:01:09,046 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:01:09,046 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:01:09,046 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:01:09,046 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-06-25 18:01:09,046 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2019-06-25 18:01:09,047 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-06-25 18:01:09,047 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-06-25 18:01:09,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:01:09,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-06-25 18:01:09,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2019-06-25 18:01:09,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:01:09,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_48g8ip5f5fhi9ek84bioryk9c507heph3tqr', issue instant '2019-06-25T18:01:08.324Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-defcs.poc.hybrid.otc-service.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-defcs.poc.hybrid.otc-service.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_48g8ip5f5fhi9ek84bioryk9c507heph3tqr"
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _48g8ip5f5fhi9ek84bioryk9c507heph3tqr and Element was [saml2p:AuthnRequest: null]
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_48g8ip5f5fhi9ek84bioryk9c507heph3tqr"
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _48g8ip5f5fhi9ek84bioryk9c507heph3tqr and Element was [saml2p:AuthnRequest: null]
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_48g8ip5f5fhi9ek84bioryk9c507heph3tqr"
2019-06-25 18:01:09,048 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-defcs.poc.hybrid.otc-service.com
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:01:09,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:01:09,049 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-06-25 18:01:09,049 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:01:09,049 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:01:09,049 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:01:09,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:01:09,049 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:01:09,050 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:01:09,050 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:01:09,050 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:01:09,050 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:01:09,050 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:01:09,050 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2019-06-25 18:01:09,050 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-06-25 18:01:09,050 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:09,050 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:09,050 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-06-25 18:01:09,051 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:01:09,051 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2019-06-25 18:01:09,051 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2019-06-25 18:01:09,051 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:01:09.051Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-06-25 18:01:09,052 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1868937824::identifier=rick, context=org.apache.velocity.VelocityContext@77b38780]
2019-06-25 18:01:09,054 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1868937824::identifier=rick, context=org.apache.velocity.VelocityContext@77b38780]
2019-06-25 18:01:09,056 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-06-25 18:01:09,056 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-06-25 18:01:09,056 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-06-25 18:01:09,056 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-06-25 18:01:09,056 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-06-25 18:01:09,056 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-06-25 18:01:09,057 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-06-25 18:01:09,057 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session a24d0e4b0e0f6aaea5f0f566c610e862fe0cf8d8a4a8b1416aa14d123ebee875 for principal rick
2019-06-25 18:01:09,057 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session a24d0e4b0e0f6aaea5f0f566c610e862fe0cf8d8a4a8b1416aa14d123ebee875
2019-06-25 18:01:09,057 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:01:09,058 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-06-25 18:01:09,059 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-06-25 18:01:09,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-06-25 18:01:09,060 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _feca9366e148523fe97cc16cd81cba87
2019-06-25 18:01:09,060 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _feca9366e148523fe97cc16cd81cba87 to Response _956dac44316c67a07770b892e5071459
2019-06-25 18:01:09,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _feca9366e148523fe97cc16cd81cba87
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-06-25 18:01:09,061 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxF+otc7AaOle6uoKpYL3el8z+Fbn4jvDpJ81Ulsv9yf7yUmURnYtPk8FF4lQAegzqE/ex+x9zKMkKNW7CYtXRgdunbXz1465DoZsgsG6tZcw2C/hpTzY4YiHnJE91m3Z44alS8DwokdB8n40FrtX0d7CS with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 46.29.103.49
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _48g8ip5f5fhi9ek84bioryk9c507heph3tqr
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-06-25 18:01:09,062 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _feca9366e148523fe97cc16cd81cba87
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _feca9366e148523fe97cc16cd81cba87 did not already contain Conditions, one was added
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-06-25T18:06:09.058Z, to Assertion _feca9366e148523fe97cc16cd81cba87
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _feca9366e148523fe97cc16cd81cba87 already contained Conditions, nothing was done
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _feca9366e148523fe97cc16cd81cba87 already contained Conditions, nothing was done
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2019-06-25 18:01:09,063 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _feca9366e148523fe97cc16cd81cba87
2019-06-25 18:01:09,064 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _feca9366e148523fe97cc16cd81cba87 did not already contain Advice, one was added
2019-06-25 18:01:09,064 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session a24d0e4b0e0f6aaea5f0f566c610e862fe0cf8d8a4a8b1416aa14d123ebee875
2019-06-25 18:01:09,064 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session a24d0e4b0e0f6aaea5f0f566c610e862fe0cf8d8a4a8b1416aa14d123ebee875
2019-06-25 18:01:09,064 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:01:09,065 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxF+otc7AaOle6uoKpYL3el8z+Fbn4jvDpJ81Ulsv9yf7yUmURnYtPk8FF4lQAegzqE/ex+x9zKMkKNW7CYtXRgdunbXz1465DoZsgsG6tZcw2C/hpTzY4YiHnJE91m3Z44alS8DwokdB8n40FrtX0d7CS
2019-06-25 18:01:09,065 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-06-25 18:01:09,065 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-06-25 18:01:09,066 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_feca9366e148523fe97cc16cd81cba87"
2019-06-25 18:01:09,066 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _feca9366e148523fe97cc16cd81cba87 and Element was [saml2:Assertion: null]
2019-06-25 18:01:09,066 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_feca9366e148523fe97cc16cd81cba87"
2019-06-25 18:01:09,066 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _feca9366e148523fe97cc16cd81cba87 and Element was [saml2:Assertion: null]
2019-06-25 18:01:09,068 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_956dac44316c67a07770b892e5071459"
    InResponseTo="_48g8ip5f5fhi9ek84bioryk9c507heph3tqr"
    IssueInstant="2019-06-25T18:01:09.058Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_feca9366e148523fe97cc16cd81cba87"
        IssueInstant="2019-06-25T18:01:09.058Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_feca9366e148523fe97cc16cd81cba87">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>TJLjrzV2zpOrSgFfUnlCORbecpbSt+Po2LLnNCLZl2E=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ZkdBMShi8rn1N9+eximVknlSrq77S+KnnfVnq2wEZksTyccuJo/FizTf0VDzNY39SHQ6CKdXF1Kla5vCc/2cAD/gqcwCDzfiIFKxpVPd7CmeVgnSfyijDWKT2epfuA1VFJPlNLksFdefyMg4dlYlI0PYCbIYyQLob7fMakVP47M3T9RWQBNr7NxPchTy6kHpKWRbrHARh3WvhRqw6Fs+zd1tVpS697Tbw0mgYivSgePgX23FdC9m4HGoyPKl0weMEMdELDLbkPr1L65L5k2PdPbl0V0xf8c1EE2ZlPKwGJDxOHsivN2FGocgu/Wmu8kJQ/Qal/sTr3I2BwhEOhjJkg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxF+otc7AaOle6uoKpYL3el8z+Fbn4jvDpJ81Ulsv9yf7yUmURnYtPk8FF4lQAegzqE/ex+x9zKMkKNW7CYtXRgdunbXz1465DoZsgsG6tZcw2C/hpTzY4YiHnJE91m3Z44alS8DwokdB8n40FrtX0d7CS</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="46.29.103.49"
                    InResponseTo="_48g8ip5f5fhi9ek84bioryk9c507heph3tqr"
                    NotOnOrAfter="2019-06-25T18:06:09.062Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-06-25T18:01:09.058Z" NotOnOrAfter="2019-06-25T18:06:09.058Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">Zr3F04KwMqafdG38m1dB9GMtnWYKSPM5cboNvyGGxWw=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2019-06-25T18:01:09.056Z" SessionIndex="_7c622972e47d54bc4a2c04866ce97971">
            <saml2:SubjectLocality Address="46.29.103.49"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-06-25 18:01:09,069 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-06-25 18:01:09,069 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2019-06-25 18:01:09,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_956dac44316c67a07770b892e5071459"
2019-06-25 18:01:09,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _956dac44316c67a07770b892e5071459 and Element was [saml2p:Response: null]
2019-06-25 18:01:09,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_956dac44316c67a07770b892e5071459"
2019-06-25 18:01:09,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _956dac44316c67a07770b892e5071459 and Element was [saml2p:Response: null]
2019-06-25 18:01:09,072 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-06-25 18:01:09,073 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">Zr3F04KwMqafdG38m1dB9GMtnWYKSPM5cboNvyGGxWw=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_956dac44316c67a07770b892e5071459"
            InResponseTo="_48g8ip5f5fhi9ek84bioryk9c507heph3tqr"
            IssueInstant="2019-06-25T18:01:09.058Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_956dac44316c67a07770b892e5071459">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>V9Bbp0QeFkpXrUjdrc4xkkKAzIMwRWU5X45AR14zUac=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>lT/WHFo4sqxgIgfS2d7XZhkX9qMeZFR/NUco5Z2NN3WmW0l2DrfqAaD6JgXSOVPWFAYyzvXxBskTr8T4LHH/bgfn2tfGnusFC481AVhBuwNu+IYS0Ej0lTa4p51ZBjbWD04M4dCQP1BQBBjVS7IUwzFwqOhC0EkAoz7DPE5Knsxca2aaOnJqZXpuZNr6c4Pc+rZ9sKi0955x17WeXHYQwD5x7QACB1bAGXtjTR/JKiLn/EblBNELCuQarvsMlyRCC2vFnIN/wRJ9ZdMgsE4W9uWTg1efK+axb6nvVgRME8PX/L4yv7EZEvpYc57isN+pl1R1Oyow8AskaZXY4NaZjg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_d37287af37cc6bfe985715d94b10934b"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_dd7fec96568cebd40a3ce1184ac0bf30"
                            Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>L8hsbc1wdR1JWnTi6Mn5LQcOP++D2izXALtYsN3lCBJNYEHSY9Svh8D9USv09rTF4pMOvyu+CiS+TwcYcDf7eh6YZX0D/8ZlVeZHw8mvAeDjxBXzLNdth98XkP3xlWMezQT3OtNKQ4Hop8HiY/gcD5sGFO9qI8pKneH/4D7UNj0=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>qFodaVP+CiR+HtJ4yg+GTu0v9sYvT5jN1/PARNRQ6asFI5JDk9YlLYA4fV3x6udBQcn5CYEq/6dUtpl2lWOhaV5l9xhGY4R6eu0nYJOXhRd240wdpx1C76U/JB8o7FbmcMQjREqczox9Wb9uinstcm3ji2xwi48YrMVbQqEsVDxP1rtO3MroiL5C/tZGos5Xa4GXRQfpbh7zNiMHfVXF2vfWq6Ga9eXvP5gHRcTFguHowHLtpkXcNNu0oXbscy16tqeCO2ucmGlC4I6YFjxl1EMGRk8QzAPTO1KLDW3N03pXot9zNYW9Fvv2Iwk6b0p9DGVWW750eRKH0RmKLNnxB7ANTxIU6NHlZW4YYgguPjS5lUUrRfQW4QChDHIR+K4tGLHlMHQ5bhwu3pF550sZVyF4VRFSBnQ4/3FjbfVaUMGeWjQZx1sMRwciXFpXoSKsJ2eG2iPpxsVPA1DVYYZsNQNC238Yvw4rZbeOEMyvNmA4QAQYdF6VT2meDV2G0o3oyQYdXhd4xzlHslY5yvWpJi5cBVqUv+wueKb1RT/cgjHDdotdS8tAlYwDks1t5732UmpyDJYEWQFOCpzFaqrKKqZy5S5Aw/4I8xyeRxCadt76tk8hNKZuTS51tIyAZJEhlJrgftjdulwevRJgaigUKWAu6x7x8no6npy+YtMoa+F7VrWA/cqX8uzon7SV0+Q8VtdVx5kwSIq9bEHrSShxWkeiJ0nKIi1XvZKWmYky/0RcLnFYv3jiUIslyKV6i57vmJK4RppWyu27hDNo6J62eCZsHwR8fGDqpiwFRwcz+7nrRSAYJd3H7suxcUcDD4OIDRZxdzHNny+9VNFpnlJpV0hZzDLxH05LA8JlZpFutlomdzRjTd8aMgSPdvoM6QdL9L5QpJrHP8J04e8AQwG8k1jID3FkydAqFhRmt3KHAG0bx7tdzfH7U+jCPBkvcT6Y7bBRpC2SOqsO9DCnm21DtrWc1hX4gtfTqkD/LWSPdlAi3/IX8McNXiQU50o9XBCgDXn1d/49nlSUe22dPJ71mEc5DKmDmqVTOJZ92cfZwJyWfyqP16B8E/v8Nk0xfxY9v6V1iRsmPVf0xm4CwIg3Q6kJNuJAAT1twaI7FFNVs58BlfsRpzP/r3/kE8nUq4VVayNn640xNba8wPRndxOJ3mYaABBUmzujZUgvYezViBkf9RlL0ZAtJJJI30CK3HoZjDF/lUzjVw383bAMaShAUfHW8HEVqhttmD3goyyZYiwPia4pd8DLKHYMQOxdgeGssr/mZVSOhpGZitnRZpbbG8ALw7GX+u/v+jJ6hhoqTEKkZAWE/rkQwJRZUclKdJxqZS0s3wLmrzW5KXKgUz71WvmYfcpRGtcWvoMWCgVwiSFx154GKW14rJoXfOA5gFTPro9wAvqPFHe+RUsZ5JzotRh47yTYpdilCgpQGYtE5hoXeBHvyf/it6DucMfaaE3umhqBgY6hDt5PVm7svv/a3pCRm9MTnWW9ZfuY9Ew8/CNiffwJGUDwK/5VEqDH6tKMDEXNk0BmLF6Z+06qMp4VK3l5Dow4NIJxslLIUTPxLJ/qNGYMpsdbXOb85ELNU3fKnpgBnLtK5zFj9dURz+Te2XMpLKrwwDjUm89r2Hm0Oxfjmzx8t8jU6uCMnmyKHa9QOwzRNC7UIYqDN0XtX8T7EZ0zZuICa6IZd4CTb2VJwHX+HLVLXF1fr52Mj1C0fHNhSQBXsLWZuoaVT759270O1ELS2AXwA5gFDgHzqI92bOn9YFZOpUUiIAotKFxjWKGVMGuhe3tlPPNgZX/mtoEbVTX6g7GUxFGSbPJQ51OU0S2ZrpMSXDhGddzjZxXhYO9G71WoHl+vyyYueMRzVf6lk6VuQfrd606vYunJ6tX65jG5+qsIIsz5RQIJGghTo/hl0y/lWm54tGjYzQUUcgrr+3aSHDZ0JiVgAbR2d6VO3oyYbc67MO0gghx4uOFHvUW4SWRBkT2AwHJb0bENoHEcWAITo4u98u3FOH/9ppBzQrzYRd6kjusp7j8lE2SsSlCF0VrKtvKlsL1RjeAEUknnVA/dj6NL5oUofTQ9ipp5r6qFXBlNdVlj/G+3MFOn2TjHguTUl49eBmO6NM/03B24rFA7/Lraoj7bP76ipRqHmC9yLpmR4wlBHymEBxgRwNt3jIM1kO3gceJyr21RIvxG9+DYcFFGja6QsqSzdbpI1fYDUgVtO58to2xvge/wZJhfAXUAtCzH+jF0QwbojlNEQFs3+2PSM8M901sOMoTn39wTzan9nYLTuZ9fUzplRg+ILOX4V7VCVawed12Fd6WyR8hSFMYryl/v9lKV5IAsKkcp/FFG2VW+40j1S7n9s1ldq8NTbZ5sAmSG3CtC4kHpqlbjhP3h/HxEB3szft6fNTGSNxzk6nJexb2pHEkAiEi6hceFZ91wT5jP/dVLtCU0bHJXV92a00d7F2Qq1lfy6QAzoSvQzt87VrDKTWzZnrONELd0t/YcSTSlS9Wiiq/ZdmTy8hgWPQC8dTzNhXlfGfnA5ivhGQeG+gcAOz610JU+Df2AMkfjl8fvxUERmxgn1BauM9xXKbSKq24sd2ZaPG57epnfaFi+YXXRudQqcgLqtbgQKre1Z5ll33tvaMjKeXDKje9r5QEiekU5PMYApOS/gj1ppLb1BXWh+KBGhX+TXXeDpkNcV8uvs86fxTTBHhq6Eb5C6UK3t4jRhGNMjkT9tXCvPSS8Gfs3vNBAJw0087fYklwYHdmbG2tPvf36aXJgv03nYnsbfpTDvMBtcRPgxTtgMP+phua1gmbHa/0utWargZmm/1VS0ajk6ac0fb8zA7CJgqx+4SkpODHMwtQGShHDl34uu76tqfElEIb2HYc/GGgqZAZcgg0jCRmGS8G7ogNa7r99GcOgEBhNPG5WVuAYiCy7+UPa6CtFXneD9C3YwH4omIAt/zDzLvMGeW0VovrPuPB+X8XChqU4R4DbPHEuNMZHarVe/+L17gDo2dH/ZuftKgIYmLM+eHDYOp8h6br6aS3PegFHBuNXCqBVNRmXGr1TQEokfhyg6kznBDFNLLobP5K59D21ki7IwusR55V7jK+7G36L3XjOZ/PtpC65r1gOnS0HhhyKhf0iKaqI1/I15NFKr4UBhb9586jO8WLzFtS9M2wqCOGV9zaCXyz9R3Dsr1D9zKJtaF+AaXYYc77qYmt6enwD3y1HMSC/NTH3m6yYtTkGN3t3di3yrj3nCP8uKHeQBkD7FYUr9sasdmVbUp5nZxpL/w9Ei1NO2J/RNzTHRox62W6nSkFfEjf7NN73RCvocDyaAEV19+aQGa3H2auQgqZrx5jM5h1PgnX2+1isu/byBrRCCOTHoKOlWed1JOFx4/gxW8oGnFUiG5xALCtGKzvxGuRk02A9OSIiFNNsIcwDh409R53hVXqNfu7eBdUqUa+LhzNbzBLsIe19s/q3XQKnBEeValKJPm1HRvVU4iYa/Jv0GQA7/OYBDTFx3ESG4jAEqD0308oOhFotfGIoBlJu6eDW1MskCO1NQ5EC4YiONsyIS4/75nd2a6K6FT8V5TU2/p1wQtsz6ev943tBiDR1eJrsQwybQ2I3TN901p3SZfbWsaIfaRsscLhX4T0TZniLNtMK+JfJxL0npvUymVjvP9SsvRg9EOixGslba9fdX8x69m2RcguXyIj/ApQe69OKi2OiC+FNcxOcXoWUAQJDI+QLe8MDGCR5kWb7p8ISlBcRk8JvezX8H5JJeVBv0ust+1YWM1DqOK2ElsHiUvcsuc62OEJCk4hb7W+E4tKi93Y1XCraNDxwNeKKiHxkgmrlZ2xIEZIwsVY3qBH9L/xGzZvffypdXSSRa/A+XsD2BRAavfVgnmAILge7Ci58tkU8GWMphXM+faX4+aCQv3qsF75ydkwRw4sMw55EDUdE4euK3WmHLoVEo8b8zNoa36iZyiXI2chpvd6F9i694sP8fYnvTEjV8ZvFpndhrsuWOYs7KuOkvxpz9aJ6uCZ2zIx7z2lwtiolpLdTw/INHVcWmslAX0QtSx+Mn1tk7FMGvfqxilETn7EH6+C574DuPQQKIVfakdo4aSjUJbnhNF0aLvjopjo13HMG1/9DQh5i6JI9Aj0zTFzEkFQA+vpNoat961P767hiUf4UVTOaOBx6zDD9dzNe4/I2ozKoH0PQswitvnke0az0ACg1WYVJ8NVp3K99ssmAbyvWk5W8E+vgKM+TXChwFAYiC4QBHP+6FGy9J6CJ6POatME+5iqdvib1jYS8ystwxaDN+XJH4TRVaue/4CVdUbs/gijww6vJG0ed40qrbVcQbV9GVHsXT0M8yhvWm/8tcIqZylW7ER+TG/7KGOJpAWNe57dza3zvsTaBT5hXDltikIzrgaXI2gFNUmFUuJJOafLgIN/G14SLe4k5GLCtnlTq4julcxQ2EoLemHSZFBzaJVCQgbiso1eNn0QbCsfXByCgzlOuP8LXGwbRbjvGlVUSfGzPDvHjBlVdGdTYtz4NJsQMm3ITgjZ6edV3YZzy/fFfHst+gkMm2HshROyNnGHMC0/2UpkUBTjS6m6q22+TlkizkMyL8A69PtrwKs+FScOqqdiAX1UTiJd7u3br5DDEwJ7G8zgJUVj4WpPKoMKTpo8Z+Y3juAtYMrubATOMzZ/x48bhgCw0RxHo4WwkP7sycUe0NdKjZ/MtJPsQKPrVW57ufuLsRck86uIj9cagh+MlUnVnEm1+ZHd2uEbrEgVyq8ZFvcFNqD+w2gwd8tu77Qwz+zCJPUDTG2ZRh2ggDNiSoT5htBTlp7Vwj7y+Zg8J/um5dsjdt3Zl3C7mdWjihLt+VGJcuSwMKTdiCk/tW/bk6gZmNJab05+QbVRqfMiX8r6/JJdOh6vbwNnEGsH8+eRNx/5RdFkzvaKoilLnFra9Zweindvs9HXtdA258tS3UrT/fcKfWPQ/81msKMsaC7/o+PZPyp4gHwXSouke0lMBvYYdfnk3pnJEA2r8jDg/cAZ5atQ0XNenpgoqxRQRu2ZaKYFaKLWpMzGUoru79YmU1JEYueOvAMMK9qTpiOmznaYzjb9lZLPVzQKDdSQzJxc+NNPaSbBTNqKtoWUu2765g+PjGfr+hQRplarazHvrQVTuHY+frUAE3h+h1bj82Sf9Av7hMaQyxPIQF8IexFktPmDWfVOQ7TnLWK2GOnogPjyGDCgZK0P/zTbS+wzeJmyVVYOz2+T0ZDGRo+OUaMfRPJJ4xA8SlREbcwxUxSwAWOjvFm3+CvMe36EXqvubBFxDb+39HJTh+CgMVbP7oN/V1IruhZRgJDC7aGlTXjrS+jhg4jeux8bEiJRbSXpuiZv//v+gzQyKm6OBpfrtVvxb1dCOMCJlvPiCK0BZx7UbVRil/jl/OgH6yiYKpwAiMhGYu3yQ2//XWZuJsQ5UA2zWa2YP/Gcp5GW0wemPB+s/9+uzIZv2u+854b1pYHZQj/CaApyqrELeJWT3xNDloYrULvYAr2DLESwBpACVfv4kR82jjaj7lAlDGe2an2O0avL25FjMzhF0ZUNF4nws4frUkm1XFFyBZ32JmlwLiEz4ryVH0YDU6pDE7auzXzYEQcCUSWkpLU8tCkJeb4j3IaVpMkdDL74mXp09pK3ezLr+TF0C4i9YmtA2fYeuDJSBKZd51meNf1yN5eHDYfDghUcF0UDYtnhdD8jjqpgNSUK+FZ1EGwqJgrjgX0xUMfkvA1uIOv1Rda7AqQY9tB774UkctZLRIsePCaiDgg+3ppFFQoIprcCvDsvavM89rDLV2iAaUj0K/nVvS29krWWo2gW9VRUQAh31Eu+1wavzBoUrO96X14XWezYo4YewcimkQQFK/FoisuuQeTHA9PzlNRJwZ1XAo6IXIBU/EKyqhlrpJlLlJLhzXiEQVUc8HwJQP6yBKRA24CO/oOTkvRoCvw8lvttvWe1K3P5rRxxDs9o6kJU6dytz2CloW0kGtf2ovYpRcIsYflCJmZraaviELoPmOotNtp7A7WxuE/mVYCuw83PW1N+qS+C1yW1IXBkwxzprhrueNewt05xURApfppMHtC08CNGZ1IAj9ei3VdhsPP/USLaDgtwHqiE2hmMRhVKKMuwIL13MphmnyvnDLFpK06kbcuPZMdBWlD8ZBzX48AVqq9hH9rZD9m+HZDUiWoxxWQ7hBYIzPzMo4p9buS+5GzBZ4i5JSwz0kJJAF4s0rK5a5oQMw8mentAA22KLo3xreTL6AoJdX1ZqbnI2xO1yFmUeKdmtNzQIVUsv3sZYi9lUKimSdJfeRAfXo/gZQRejQagFIc2zQg4qxlxMvQMgl5qV3E2LS3976EprB2mzN0L3Lnm2nOciULBs2hXajo1W6h72jaBhlFLTfF2rlDRKQJGA1R1yz9su9MHJ2SztOge6kM5nwKBLUXGzefYYIp/qWvEVWfTwINnu80f0QRJEA+uKUSL8d086t66iE3mRFTefTs1jkqUxcLLsNdc3DEEyL+YE/9rSlRDNiOs7EZFTsp5GZXwoxBSxocI9tjYoOEsYuOFE13FOMzFecrZFs1xHSPtSNkn+lmwBvt1PI1KYDUsRdmF3DNNYWz7kWafSwGkfv7nSsn89TZ3FwwgEfvotMxlyR+1uPIP2wdTz2I7mQM3FbLwAPkb32cbSuRedQ4SKuJ0medPAeyqfoaJeeVs4XqJT0oF06YW8WlAyu4pvTNOo/fUeZj7wu/BMkFcjkcx6ybWmSsgeuF1/v1rRN9NSeVmgJmRXST321hTtOmFtN/w2VVzumoUKgGIxPQcP88Qmsw5MYfG///HpngUKq68KYWVeiYRHBO82en01whFDrH4OFNYyrDP0ABfWezVaSQGCaO2dB6vAneRikQaKyogB7mg+64vg83Xcz/Bo+RFvmT7DkLsGCNYM8f/JUHntEXJzng48yWn+NPHPbnhvTIxx4o2nKrgoiWnpqejFTHi1bwr76nwd21ta6R8zS4na0MouQl+/gCOf1peSBjMhMH3STFwRv+0ucACdz0pmC48guzJOVDmIyl+BRKdoj2iO3uFrtc9wTYuIaQ8kCAFuO78Pv/IPOdWWGKMY88fpnrWnK3XZ5+/JI1d1vYusizci2lbHhGa1Sf2BOzcT+ynIZcQj1mdUKUzxjsn8q26dxDeNfhXiQvxplx8asl13KzqPiCuvkeP0LCSz71iWdWfdeHj1aHtD+eP72rRsIx/48t/wKfhhQs1Yoln2RuCt60nR9EsrnqZPodiwuNiIcI+JUFkG5GFJWMA0m+1fe3F5sIHi50LHEQJ+iv0EQkFFbJvdMCgMDMACBK2VgEwvlBp1xX0Fe/kaxWhAZ55TzMcfIn3A0rJhJXhXyJqKMVXRkulS+AI0XS6hVsD6tSwidBEie7LCxDNeR4KCQHx1LxgeIXRSCJ29ah5uu2n97l/+7oP09bLOveOtd0gW8Xk32Z206uLWxwcmfRI8IkVCpRrVHkROxAhQI5nxRKqNP+8prqtEbIH/cn9LFn656ZqubOHV+JlE37xSN7MURmnky9mC/ZK+RxnEZLRfopaRXCAWmA4ZQXb/b+kHV05LNQcnMR5Hjcf+zJ+ttcsgSCHoYpr98C0f4fDLQwY5lTMc2bEAFVaxggPEEfkn4RZoJ9yp70OkKQC7Re7CiG/T49vzMqj8MYZrqmRzFNjh9S9Oqfc4QsWvb6EGT+6AJmZ+153999UqIeWRRl8OfAL/taD0jDikL6UaN10bzxJDMGlbcjLh4CBZ2wRUszTfju+z0TdQXtuC6qll45j6VEdvvI1KbNApzN0UZ0i60/kqG9dGMkSUXLxAUBcmse14OhgvS4pkQr1UyhIhoQQkhU2RXmJ7cEu85cepQbtnmaxGRWbDxN423rUbAxU8zHzvIsBcUrE5nt3RnocYfy7TOL4NG0acz5qt718Tx9QfOvJ9bu73M8FsEO4li6NHR4lYkOG7Q/cVeoF58kQz3O67wbgIotGHOHJ7ssNIvPjHBulcJPwXYpsnApypXfe9zwT799zngXwhzhWMlxS7R0zWH/ZYiy/R5X6YxtjR8mG+HHF7OIFNAp+KPYtK6AXe8dAoXLB9/fN81BTYev10ToiL2TzwmGURFOaSSQ2CImZFq7LpMpVfve/gwb0iP8brJtMT/78UyEePCGVG36m6VDl/HY2DrKW1YXXXWeMDAIxr/UJz2qK/paMi1TPv+qH3j9YFLrV/nZJoNv1hcdQJ2nDXb9Y8gKZs/qwoO7OOgNZj3jw1kSemWw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-06-25 18:01:09,073 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-06-25 18:01:09,073 - INFO [Shibboleth-Audit.SSO:?] - 20190625T180109Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_48g8ip5f5fhi9ek84bioryk9c507heph3tqr|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_956dac44316c67a07770b892e5071459|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxF+otc7AaOle6uoKpYL3el8z+Fbn4jvDpJ81Ulsv9yf7yUmURnYtPk8FF4lQAegzqE/ex+x9zKMkKNW7CYtXRgdunbXz1465DoZsgsG6tZcw2C/hpTzY4YiHnJE91m3Z44alS8DwokdB8n40FrtX0d7CS|_feca9366e148523fe97cc16cd81cba87|
2019-06-25 18:01:39,606 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:c0f6d532e323dcd69b542b6739d0a579b1f799a738661ce1ed0746119c2607da
2019-06-25 18:01:39,606 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:01:39,606 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:01:39,606 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://104.40.238.223/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_e995977f58412adbb3b80c9998fe218e"
    IssueInstant="2019-06-25T18:01:38Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://104.40.238.223</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:01:39,611 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://104.40.238.223' from origin source
2019-06-25 18:01:39,611 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:01:39,611 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:01:39,611 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:01:39,611 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:01:39,611 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:01:39,611 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:01:39,611 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2019-06-25 18:01:39,611 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://104.40.238.223
2019-06-25 18:01:39,612 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,612 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:01:39,612 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:01:39,612 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:01:39,612 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:01:39,612 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_e995977f58412adbb3b80c9998fe218e', issue instant '2019-06-25T18:01:38.000Z', entityID 'http://104.40.238.223'
2019-06-25 18:01:39,613 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://104.40.238.223' does not require AuthnRequests to be signed
2019-06-25 18:01:39,613 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-06-25 18:01:39,613 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:01:39,613 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:01:39,613 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:01:39,613 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:01:39,613 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,613 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:01:39,613 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:01:39,613 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:01:39,613 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:01:39,613 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://104.40.238.223/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-06-25 18:01:39,613 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:01:39,613 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:01:39,614 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:01:39,614 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-06-25 18:01:39,614 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:01:39,614 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:01:39,614 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:01:39,614 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:01:39,614 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://104.40.238.223
2019-06-25 18:01:39,614 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-06-25 18:01:39,614 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:39,614 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:39,614 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-06-25 18:01:39,617 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:01:39,618 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:01:39.618Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:01:39,618 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-06-25 18:01:39,618 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:01:39,618 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:39,618 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e to 2019-06-25T19:01:39.618Z
2019-06-25 18:01:39,618 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:39,618 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-06-25 18:01:39,619 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:39,620 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-06-25 18:01:39,621 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6a735511'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://104.40.238.223'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://104.40.238.223'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://104.40.238.223'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-06-25 18:01:39,622 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-06-25 18:01:39,733 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:f1d7886b238d4f0c7a3d18a4543097c2c41518e753126b00b2faae55e5321bf2
2019-06-25 18:01:39,733 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:01:39,733 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:01:39,733 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://104.40.238.223/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_efb4a2130cf7509d684defafa5a4f76f"
    IssueInstant="2019-06-25T18:01:39Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://104.40.238.223</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:01:39,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:01:39,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:01:39,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:01:39,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:01:39,734 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:01:39,734 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:01:39,734 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2019-06-25 18:01:39,734 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://104.40.238.223
2019-06-25 18:01:39,735 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:01:39,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:01:39,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:01:39,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:01:39,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_efb4a2130cf7509d684defafa5a4f76f', issue instant '2019-06-25T18:01:39.000Z', entityID 'http://104.40.238.223'
2019-06-25 18:01:39,735 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://104.40.238.223' does not require AuthnRequests to be signed
2019-06-25 18:01:39,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-06-25 18:01:39,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:01:39,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:01:39,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:01:39,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:01:39,736 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:01:39,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:01:39,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:01:39,736 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:01:39,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://104.40.238.223/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-06-25 18:01:39,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:01:39,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:01:39,736 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:01:39,737 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-06-25 18:01:39,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:01:39,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:01:39,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:01:39,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:01:39,737 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://104.40.238.223
2019-06-25 18:01:39,737 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-06-25 18:01:39,737 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:39,737 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-06-25 18:01:39,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-06-25 18:01:39,738 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:01:39,738 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:01:39.738Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:01:39,738 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-06-25 18:01:39,739 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:01:39,739 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:39,739 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e to 2019-06-25T19:01:39.739Z
2019-06-25 18:01:39,739 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:39,739 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:39,740 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:01:39,741 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2f40856a'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://104.40.238.223'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://104.40.238.223'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://104.40.238.223'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-06-25 18:01:39,742 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-06-25 18:01:39,848 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'To be decided'
2019-06-25 18:01:39,849 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-06-25 18:01:39,849 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning PrivacyStatementURL, https://kalastus.mallikunta.fi/rekisteriseloste_fi.html
2019-06-25 18:01:39,849 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://kalastus.mallikunta.fi/rekisteriseloste_fi.html'
2019-06-25 18:01:39,849 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, (225 x 90) : https://samltest.id/saml/logo.png
2019-06-25 18:01:39,849 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://samltest.id/saml/logo.png'
2019-06-25 18:01:39,849 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, TBD
2019-06-25 18:01:39,966 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'To be decided'
2019-06-25 18:01:39,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-06-25 18:01:39,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning PrivacyStatementURL, https://kalastus.mallikunta.fi/rekisteriseloste_fi.html
2019-06-25 18:01:39,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://kalastus.mallikunta.fi/rekisteriseloste_fi.html'
2019-06-25 18:01:39,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning logo from UIInfo, (225 x 90) : https://samltest.id/saml/logo.png
2019-06-25 18:01:39,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Acceptable Scheme 'https', returning value 'https://samltest.id/saml/logo.png'
2019-06-25 18:01:39,967 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, TBD
2019-06-25 18:01:46,642 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-06-25 18:01:46,642 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-06-25 18:01:46,643 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20190625T180146Z|http://104.40.238.223|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-06-25 18:01:46,643 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2f40856a'
2019-06-25 18:01:46,643 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:01:46,644 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-06-25 18:01:46,662 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-06-25 18:01:46,667 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _58daf295a00962160f5a581b8339e0a0
2019-06-25 18:01:46,667 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _58daf295a00962160f5a581b8339e0a0 to Response _7a3d85752be5d2fa2da965002b1e1133
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _58daf295a00962160f5a581b8339e0a0
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-06-25 18:01:46,667 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-06-25 18:01:46,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-06-25 18:01:46,668 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-06-25 18:01:46,668 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-06-25 18:01:46,668 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-06-25 18:01:46,668 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2019-06-25 18:01:46,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-06-25 18:01:46,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:46,668 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:46,668 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxboiYhLrKe7rUB0MNfYfeOlH+4OKvlqf2/03N2eGAiL9aAp80dL9GjJHa+BPRWezJa7hUBJ1naG83plPfUtvPYJM6/nBsRk9qmxoSYJ/n2DXcAhadRyqEZQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 91.217.248.11
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _efb4a2130cf7509d684defafa5a4f76f
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://104.40.238.223/Shibboleth.sso/SAML2/POST
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _58daf295a00962160f5a581b8339e0a0
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _58daf295a00962160f5a581b8339e0a0 did not already contain Conditions, one was added
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-06-25T18:06:46.644Z, to Assertion _58daf295a00962160f5a581b8339e0a0
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _58daf295a00962160f5a581b8339e0a0 already contained Conditions, nothing was done
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _58daf295a00962160f5a581b8339e0a0 already contained Conditions, nothing was done
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://104.40.238.223 as an Audience of the AudienceRestriction
2019-06-25 18:01:46,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _58daf295a00962160f5a581b8339e0a0
2019-06-25 18:01:46,670 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://104.40.238.223 to existing session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:46,670 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://104.40.238.223 in session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:46,670 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:01:46,670 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://104.40.238.223 in session 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e
2019-06-25 18:01:46,670 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:01:46,671 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 5645da380fbec4a306b10e8d5a4841eb6e0a501ec2941ed535d16403dda5408e: replaced old SPSession for service http://104.40.238.223
2019-06-25 18:01:46,671 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://104.40.238.223 and key AAdzZWNyZXQx7j0XGmjeBmZIy28Dpa+4kmczj2tfRh0mz1Ut8AxtuxWIHy48vrml65tHBXt2Cjfj+XbyFrFsNJoxwwzXuNU/NwtbwSqNlsvxZsfV3X9lp0WQZg8/EVui1A==
2019-06-25 18:01:46,671 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://104.40.238.223 and key AAdzZWNyZXQxboiYhLrKe7rUB0MNfYfeOlH+4OKvlqf2/03N2eGAiL9aAp80dL9GjJHa+BPRWezJa7hUBJ1naG83plPfUtvPYJM6/nBsRk9qmxoSYJ/n2DXcAhadRyqEZQ==
2019-06-25 18:01:46,671 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://104.40.238.223 was replaced
2019-06-25 18:01:46,671 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-06-25 18:01:46,671 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-06-25 18:01:46,671 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-06-25 18:01:46,672 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_7a3d85752be5d2fa2da965002b1e1133"
    InResponseTo="_efb4a2130cf7509d684defafa5a4f76f"
    IssueInstant="2019-06-25T18:01:46.644Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_58daf295a00962160f5a581b8339e0a0"
        IssueInstant="2019-06-25T18:01:46.644Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://104.40.238.223" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxboiYhLrKe7rUB0MNfYfeOlH+4OKvlqf2/03N2eGAiL9aAp80dL9GjJHa+BPRWezJa7hUBJ1naG83plPfUtvPYJM6/nBsRk9qmxoSYJ/n2DXcAhadRyqEZQ==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="91.217.248.11"
                    InResponseTo="_efb4a2130cf7509d684defafa5a4f76f"
                    NotOnOrAfter="2019-06-25T18:06:46.669Z" Recipient="http://104.40.238.223/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-06-25T18:01:46.644Z" NotOnOrAfter="2019-06-25T18:06:46.644Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://104.40.238.223</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-06-25T17:33:29.055Z" SessionIndex="_3f5eba19b3d7fec2ff59c8d788b78103">
            <saml2:SubjectLocality Address="91.217.248.11"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-06-25 18:01:46,681 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://104.40.238.223/Shibboleth.sso/SAML2/POST
2019-06-25 18:01:46,681 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://104.40.238.223/Shibboleth.sso/SAML2/POST
2019-06-25 18:01:46,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7a3d85752be5d2fa2da965002b1e1133"
2019-06-25 18:01:46,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7a3d85752be5d2fa2da965002b1e1133 and Element was [saml2p:Response: null]
2019-06-25 18:01:46,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7a3d85752be5d2fa2da965002b1e1133"
2019-06-25 18:01:46,681 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7a3d85752be5d2fa2da965002b1e1133 and Element was [saml2p:Response: null]
2019-06-25 18:01:46,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-06-25 18:01:46,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://104.40.238.223/Shibboleth.sso/SAML2/POST' with encoded value 'http&#x3a;&#x2f;&#x2f;104.40.238.223&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-06-25 18:01:46,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-06-25 18:01:46,684 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:f1d7886b238d4f0c7a3d18a4543097c2c41518e753126b00b2faae55e5321bf2', encoded as 'ss&#x3a;mem&#x3a;f1d7886b238d4f0c7a3d18a4543097c2c41518e753126b00b2faae55e5321bf2'
2019-06-25 18:01:46,686 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://104.40.238.223/Shibboleth.sso/SAML2/POST"
    ID="_7a3d85752be5d2fa2da965002b1e1133"
    InResponseTo="_efb4a2130cf7509d684defafa5a4f76f"
    IssueInstant="2019-06-25T18:01:46.644Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_7a3d85752be5d2fa2da965002b1e1133">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>s91hO3wNCREFdGhKRVtjwI0jJib2knU5AiAk2p5dADU=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>OKL1OxBqqxapJ7jNRMxi6rhPeqiXwkjx4zJvbCcSEr4XWb6wvK39bvVt4bzwZMZ1qa0EimZ5djI+7CXG7BptuNV/EtngBAcafA4y2ChFF0pnHJYF9PvCOV157m5S4HrWDMO4p5f/AgPfT6j/ZVv7KyLEnJ2xEtqkpO81JgwDwbCPp5nlyuNIx2jldUUJzQWhChTXjTWnkmt36Oye0wT+43pn7++RIV/5Viywgb+yyCm5Je+Ft36qzKVHi1oWsjDC/Uld6rozj7vsV54lZtLQZyc+Lp8fctn2Uh+A4dP4IEqGggtp3MMoQe/WEKsevOCRF7uM66x4FEcYtt62XQ1njQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_27efc8431553ff9a8abe4ee7ac9ff374"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_636b2a311c260b2c1a5a364d97edc210"
                    Recipient="http://104.40.238.223" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFjTCCA3WgAwIBAgIJANkuOpVcwZQYMA0GCSqGSIb3DQEBCwUAMF0xCzAJBgNVBAYTAkZJMQow
CAYDVQQIDAEgMQowCAYDVQQKDAEgMTYwNAYDVQQDDC1rdW50YXRhbG91cy1kZXYud2VzdGV1cm9w
ZS5jbG91ZGFwcC5henVyZS5jb20wHhcNMTkwNjEzMDkzNDAyWhcNMjkwNjEyMDkzNDAyWjBdMQsw
CQYDVQQGEwJGSTEKMAgGA1UECAwBIDEKMAgGA1UECgwBIDE2MDQGA1UEAwwta3VudGF0YWxvdXMt
ZGV2Lndlc3RldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
MIICCgKCAgEAqlak90AiaIDo1uOjEtolnfXamE+0SmAj5BOzaoPpG6ixfGVAzhldkC8sk+UcJ5O5
jrKUzdjpSJIy1UMMoCvqglby+1YafeKOTPT33Tux/tUJJxCAJ4McOF47EHnqpSYL66JVxW+3FK8g
i2ijNlzz/+u5Vz38VedSQAWYToPSxnIeh+FJRzhWNqtcPXfdOGiUY5+42qwkUMIQsRA0yKpwCKa+
0RXx1QQRrKthn2MAsX+rqqfcbaQ0RJyFE9eUyqxic3G/sRIHqz5k/rpuwwUKmYNvPGmtpM7x44vX
3qeBTGBcfmeIUdbGn0wKJiioIsDopJIJQAYVPqihyMSknDBgL8q3qb66Nk8iLr4NN4HYiccDx0WV
8zJZ4SGqGNcE6vYX9E9ZogQ6tRPyFAYgFKYs3cXq39uACh3/gUnlHl+wIZBPPVYOfeosh1TtHB1f
XekIFWcTejFemGItQ3o5QOETsu80ZePeAYlRAw1TF5m+Ci/CpU3c5rKrNRlrFQ3Doq2egwmw1f1L
+ITl/9+aFpDq9BEiHxzvSxRYzu0cJQeNN5nS1O+HhtE/g/VlnGrMcuK5rc1A5WTCFlzMKNYVi5+l
kLWXKg6pWGOML3aur/D0z3cP7tBEGMS06MZnb2Qamc0e5svxulxDkoxWsP6Fm5fMVjutACPhQKEi
ysPRz8QQazsCAwEAAaNQME4wHQYDVR0OBBYEFI3rD8xisSxcW81pKkVtkYmSP8qiMB8GA1UdIwQY
MBaAFI3rD8xisSxcW81pKkVtkYmSP8qiMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
AFEXL2Y8qv3UYMN/gARlW4u1qeZscWWxOQJHa/eBdooX8fFdg5ef6yjyTl1cz1I4aflsExAeLBYV
RDdZ7HsAlqiKcFbevIVTO486vghjlD3GFDBt4L/1WvTpAs2frhxZDLgJtksI456n9j0nZtsjdViR
9n+tbRUbEka7VoP//LurAPwu8CnVG+ujD5OgVN+kQBMCyP4TL87jexAnq+/7CXAF/BN9fFvFFykf
Yn+X+L/FNFQb7PUmrgU9bCCzoSg/cniJIDFAPz8HYIp13wG2m8RO4PeiAilEdtai3guuPDaSre5/
QH8nuXckpZmHSHvW1Q81SI50RM2ZR4CQns9jq8XNENQA5naxI7UzwBUopPJ8zT/C9btVHxzqpnX3
+BQ4XpvdrAEQDRfwgFKHcON06d/4fvOg6e3HSLhcd3/GJwfW0YyHtM1RicvXZAVbf7EQuwEtrwWS
+87MBVdnZsY0hL+8xOANt6o4a3lpK0ebge/uT/kMggT4/3dg1kO+R5t5YRcrhaKveTDn+td96WJr
tFYpoL/7i+PHa/lAHKQrkkN+5eLuwmQ250OIeba16YrlXZlvbTW6nc6LNS4VbRxt7et25pNW7GPv
WmCZScazwsJ585HCcNsTbBIOqLNNspl5ZxFL67rQLAjV5ci12XvDjjYjsG625ak4I/253g5PMjRG</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>oGqzCR2V+UkIBCdAYswEv94L5xmBGinnNocmOpiuEVbA/WqUejG96OHUV/FadJNF4F06T1MQ22ZZ4tmX3m3i4obTfB6nAfdzgHaTHPYLcjf6zB5b0m0WevnO4DS1cB6pUR8kNgH/4ipWr0VbYtybIRxyP9mQDDyeOpzgK5TP3TcT8Vtaa4GJn5Q6x0zUnUHULqBY69wWdb2D6Dld4SB3s3CDp0F5igGqCSOvFpMUlCT0sWtB9m+luTzQHPCiDPAcx1lebQp2CC9EG046hV8Dt9bKP5RnrapvzpoeHJTEwNKVrTJc0wQaWjxdQJDpt06YNdG4kK910vKMe/kfIiiP/pMGcxpSBKQ+TkBzvwOpHr63uAxHGC30JwLsOmEvpMkjYfPGgHXH08XyY46XZifUkoHf2z4niWiH5ZFXeGXiUN+fWI0cuukNHvcbzbCMGxdJmONTmeX6QdF0Js7sYeTCkk47gZSd/Of6si+cTiamCm/blQ6Zrh25yA3vtJl8SMEt1uTdzOiDZ490xS1WICxmiOvLpwbjo6mazLdoDDfr78sYyvwFpOvzjbgAMDdZeryNYqPXXIc5WbF8fZtm/GmudxJB7rdlTNFca72CergA77WpKsGvcOvmF7l2yeN+BVtDUCB3yjpQog9/1/vUJo8bjNunONxVhsE9gSfbvSVU1yw=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>Vg/dPRhLnU6uEKaTRXzsyELFNm1NN8YzuHriA1QIPQQZFxxPY4PtTHYsdtMJJLSWfVO7nkPt5a8BJNP467N1oam9r9Ta9Wp5WRDT1mbmnXw++U9BDQgVUI5QIDBBhy/plWSu93GZPY2sgZzhuVUD2hn1N1L6y81CB+H5n81YtyOQWHomSCX7Pbbtj1s/9QQ8+fAFc9S3mAwpSp6reV3zaso3snfYcHEh/f7slhrIW8RmNUNcNwvDk67yj0dRQFCwttitqR7XtCuRRmLVMD7NWHhFYlchSUhZFVRR6rhQ5xHVhgoyTJ1lDwvFR0D4mzcMMym372hIoo5uWbd/itkfJ7kJJtTfzea/RQ8NlidjdS8E/pKu5aZdUbJ/c6IlMW+Qs+UaBJyI64qXwzEE7Jez8RsSaLX8Yhjs7YxtN+ESbePDES5901Hpau4Bg+DL3lsI9ViV2wqDvcpHEBrJk6jlHwvr7+VGA6shQpWF8vQNL3NjdWaM0LZtAlila8vUY4h/6b4cVQhhE1ZhhUDmaRUHpRfS3cGgI+1Sd7kXAsGkU38zqQcn9vetfo4htpvmdBppMhpRGLkHrtNMwWHECtzsTJuXxD8cHmAEclVLpcfn5T9XaGOIsT9XgLKRhTBmxPW7pw0//bORAf8E4zsqd+sBOdyaGpO6asNVKlH/fkjmLFZsRjpyv23+95Ft8dtMpSrib7ldFu7LY4DR4DTCtLw+hDlyvFP8iXnz+/QWodhVsIewNaVBi3HMsqbxjzlk/5jgO4JlwKfgfZ9HlMUg5RYpEUKsyg4vwsIGb/dNY35Y1OLx1iZfFW5VfswkvsnH4FI0aKAb4fHYoU0fKXehVlYjD1+yHjeufSuMK1+ZyiOognVKZkbBdx5+GJY9505ERfxFA/5LoC074I/KkXKQWKJ/dwiPcDNDkGuJ2NsG/iMzvvlsoLZjQ+H94zOlqDPXyLDKmNUMTYtPCZv6nX7DrhtwKnRkvNFcVsEIlsi3qUN7DhrFr4LUsCbdkwnk1y+oEBn0R2tLi23SA1WNxsWtQtKL0nkad8tNOHBRilcV3L+xiPpDIbrqJIFXMOXgNofiRFOiTHpqSKbWBZJs5qhjGSWgHHFRgGNp5svacYT5xEdq0DiaaNBQmCvCJ9s3W2PTbTJVtUQtO/jKT/Q4NZFcja7eBz6CRDY+7D34liOj5x+XM/8IPvsEtNA89gpI0AbLhvVbuX9qgAKgTLCxRU5+bE00qAng1oLQ/4oJZh55bF/x6alXNfTer/nS2GTrSliztVEtffu3IgJOsfKvWQoIuk+7mMsiSI12o82dUs7e8H4FhpP7XA15W7y6MesIJmuydhOExCArbW+wQxG9wla4P48L0clZ+UAbba4feq0iLn37Di2hs6+8EjpgGyAlfuNSVGOir1kcDRDs3RaoJkBQdOrOM7v9C3Ne3jlKvOUInD9kt6pvDeukc6wDWFJe81y4WgLSG5hBfeDXMfVm5nmQBuV3Di4f2Rk/fmAkRZf2Oa+T8Snvope12y5wXzN2f5WWSSU3XjzILdAtxutR/0s/qY5J44895rak7dCnXO6MxJNaBr+vcIsyaDT50RS9+SOVxzN1XCmTfvA+4IJTzXnTHVJSS3h/SOy1sWqCMiqCJ4t5GmWL1jujsKskay5wKzo/uUY2SgRgzh1Zvu/XRVQCfIvbFRD6TurvmnKQZizyYufDxTznseAuLWtIeA4VYtRs78fHiqfOMjAq7TfMy2gGnCOEMIQno+Fr21CGbeqTdKqEsGxYzP2lfrpiCOfZDFqovc7gI/QLcu/DV7aJNrNI2DmQvo44iXHb1ylTroOZED/nQJhH6UHsyrvjPOA27OpGPLl4CDw9MdPJdUgGjBBx99hkE3IF3E3em5155+VFhwrVSiHo5w6xqTbBEoS6TQi1vQehVmwLg/xdfGNkkayrjO8VHye8Cq33qtOZYS1OWl0L447IGqt//sCgVaj8XbdnAYZfjeT+NplM4zgT0t9UBvEm4jrPi8XnmbwTpRAFTkvyNhBhdWT7iz/xp80ZjZvC5grZQiktKz+96rBq7C0DU91an0oCpvizEi4XECzW21cvJUkpKOsSMnY7hosR3/54ithcPVgnmg4jeruvWIrTSv/OPMoIGQWtE4tPeHyeFdeodaQEiENconY88N94icqqupx29RpunoX8q9VlgwuiJdpd+cqJR6wKf8dIVMWljQ4ClqOXCnZBuOCPuKW1e44C9Jwh5kDFY0Fr3jfHlfKD+hOH/wxrhIizDwqWmXz9jRxRz753dgL0n3STeTxpxxhdjvpvHUblVRI7dZ+3/S7XvjiuIH4H+JYO9UXcw2Lk8kyfawYsESLP9Z7+XTms9YrUEWMxpWxLN51l2Led4ZKEGDAMQ0PvsDdEG3+n+q9Cj51S15vMaOP7bgRC8NBmkG6BClTPZtPxrWtRvYil1zzV+iCseVZWuxoKfq1w+3mJhoC16oDSTuC8F2BTh7QupbBxCITwWeHMCohoX2VMMXu4hQ+bXMk4hwMzTf08Kw+58d23S/mqnTyfnBIjPzHWaYDZBodEJUwDiEHQB7L0LayxqXkrN4M2OuXuf0pvSJfhl/iL0v3zriW7BG10LMIRIQ02ICPPA32VVuiM4lVPsk9ughtzswEYieiYEDzsIn/47JZHaxEZbWvNTxfaJEvAy/TveoCG/iD2BewXHUFy3GVqA6J1OC/DMflRHmdZ1ocGxxCbEiaHSK3SuvWWK6ekLZEMbpES173RgMz+T3Lijuh8wV1MYWcVAHEWcTxSNA9R5ts4PZYH4EuE+BJNjxJmfovrThMkZwJIRjtRluWQGr9iN0oEMrmG0qNJg6nmJh6vy+SUQld/Se9aVCkHeWjNNEUh+WRLYx86AGQ/QoQVUK5uf4WlnmkiY9Jq1b2waVKSyO/KpSBx2HG3qx0u92P4oEVSmt2ZTEUCTMJ3jqQ6RFuTCAaaTWT6WowfyoX6uGnhhj2FjqH6Rx+JDktECsaHeq5GdzXQrXLiZx0O8+ZaxWTAXfZTrtAXVqLLhcpWyOWySFSyiAsvMr6DmMOurZUphkynSRz8f2pq/5LcwqKJwxyidD4Sya6bAQjyT4QP35/3mOACBh+9KUAO3BVCdqmjWyu2u8PXb6mUkZo1KPytBD8wdXBwK6MXg4p07zcWYH8Z2fxSxj0A8lboztbssQaJlK9PLlt0LIJ+DrNhCsEXx20/MLt/2g7w3YDQXw4hJx3E8pkNFkzf0rHn0pvekBiAU7QyZbriuz63rQLpbsFNP2uPuhPEONAdKJZSzCtEgWtrBB0eIoS0yENwpzvgg5lDgiaxjYeJaoolYiD2ljCsczOKc0e06u7DvtWhvidlctnI9s9i45xtymL6gtyNR0DJwnhPGe4mS9SF9HWjhsc98tT3TVxa5LSArgTqpGUV1fMZz8nZ/f13BXVVL1Rly2DO0JKkPAJDAc8HNbBsNC1zjQx/8BvsY2/3zK7zF5tTqYtgn8P2rCt/WS1aCr5ugmyUoxnOjnEchglWWFc1SKVR8F623hI6vz4rXdLny9X9wrfx3NlSd6/1SghXvZnl2Ba7Tz9plFjt6a+QHmtudHdGfE01Xpu4YZ1SchJyryFit18D/F3X/e0HItd8jblRjfCTpHc0TwkUg2qs6RqqQxhl5XMoRbwhjCky9L4E7ttNchXxHmBJJaZS0MOI9noI7wgcWGxGvEoKVZ8fdrUaY/Cf3W7Pa7WiYuF8DF9O5pzZUfnlIgUr4JNHvlpgywX+G5NDQo6lp7nJrIrtwqyAHPnRW/cZhF/dBN7PEL0p7VRXlZeSEkxdjSwlxsbZ/aR2NkATalD2/X1EdgmKTmjgH/DCbvIpfcLvro1U7x4VdtTgrDQqBGcKDhv8O+PrT0Ot8x+U7Iq0WWCCTk5DYPrXEBYG7f+BwTPzH//Rz2JPw+OBHHSSzerFEH8sR57SIDHS4dQyOyFPjl8tHAHE3E6nxLIgtJN7vmrazv2u+MZUUln8fA2jg+Fhi8oyJ9oEgYa363zoFJ1X7dZ8L2TXGWdXyqgg1/NEaRPGt/k5sElPVqTiLRXSeZaYOmZVZOwp+YwfzhKEvzIeJypCbPusnP3Or7Na4gfXwjZWLsCVulys071KCBWwQNppdHC+J9hpZ+fIJvdSczBj18VsnO9rx5R0oNwaZB14SZCIKyr8avHujeBE50AREzD02Z9TXEJUsh8eqstCY4VNhNV7peN3hEG4Au/ofdOX7jolAXZYn0FQa/nZrTg5+97ChD85O4sttbwfuuPKkJux1h5YjzU2Gd6IFc/seoKuzR56OthkyxklXbq/rZQ2I9ZpRjMoiTuP1Sg+4PGkgcIWIa0ZbbfCY99jhMGkfO58UAXL31WbvCKeHzFUZdNLG9eQHg6PllaVnsLjDl6JwXKvTg2lVW0F384ivDIDT6FBqUPrDrOjtBJjnCnx2v97uTxo9S0oE1JCT2kXSwCP1CenpXmO1KIs7aKXfdTovMw7KbiETkmhpO0yqyVt37TQK653RFu9GEtW+s1ZUXEBanoat0hHlMMqWiTs50gBgjPrvIG4NAb8rDRGylq9wc4r4q6sJkcW0mBVmsuFWZsV/IvmVQllaxlNYuY6geUA5luBDchBxqr6PA3NTc2KgZzxeeQgXe5biJg3M12NkUYBu/R19BbfLqYFCE0Sgl/E4udI1ucuE7tEJ4Kd9Ryib8MCs5YlrvoTqzRcgZ1On36lOadXkzhw</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-06-25 18:01:46,686 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-06-25 18:01:46,686 - INFO [Shibboleth-Audit.SSO:?] - 20190625T180146Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_efb4a2130cf7509d684defafa5a4f76f|http://104.40.238.223|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7a3d85752be5d2fa2da965002b1e1133|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxboiYhLrKe7rUB0MNfYfeOlH+4OKvlqf2/03N2eGAiL9aAp80dL9GjJHa+BPRWezJa7hUBJ1naG83plPfUtvPYJM6/nBsRk9qmxoSYJ/n2DXcAhadRyqEZQ==|_58daf295a00962160f5a581b8339e0a0|
2019-06-25 18:10:26,324 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:b52657d8b26d47ed969b543661f07add5227fe0bb9addc46884c39479903cc5b
2019-06-25 18:10:26,324 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:10:26,324 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:10:26,325 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_31594d72fce89c534ebb83c9f4bc54fd"
    IssueInstant="2019-06-25T18:10:26Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://saskatchewan.eperformanceinc.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:10:26,329 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://saskatchewan.eperformanceinc.com/shibboleth' from origin source
2019-06-25 18:10:26,329 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:10:26,329 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:10:26,329 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:10:26,329 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:10:26,329 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:10:26,329 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:10:26,329 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-06-25 18:10:26,330 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://saskatchewan.eperformanceinc.com/shibboleth
2019-06-25 18:10:26,330 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:10:26,330 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:10:26,330 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:10:26,330 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:10:26,330 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:10:26,330 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_31594d72fce89c534ebb83c9f4bc54fd', issue instant '2019-06-25T18:10:26.000Z', entityID 'https://saskatchewan.eperformanceinc.com/shibboleth'
2019-06-25 18:10:26,331 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://saskatchewan.eperformanceinc.com/shibboleth' does not require AuthnRequests to be signed
2019-06-25 18:10:26,331 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-06-25 18:10:26,331 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:10:26,331 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:10:26,331 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:10:26,331 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:10:26,331 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:10:26,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-06-25 18:10:26,332 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:10:26,332 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:10:26,332 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:10:26,332 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://saskatchewan.eperformanceinc.com/shibboleth
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-06-25 18:10:26,332 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-06-25 18:10:26,332 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-06-25 18:10:26,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:10:26.336Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-06-25 18:10:26,336 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-06-25 18:10:26,420 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saskatchewan.eperformanceinc.com'
2019-06-25 18:10:26,420 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-06-25 18:10:26,420 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-06-25 18:10:47,176 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-06-25 18:10:47,176 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-06-25 18:10:47,176 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1752854892::identifier=rick, context=org.apache.velocity.VelocityContext@5f83d2b7]
2019-06-25 18:10:47,186 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1752854892::identifier=rick, context=org.apache.velocity.VelocityContext@5f83d2b7]
2019-06-25 18:10:47,186 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-06-25 18:10:47,186 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-06-25 18:10:47,186 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-06-25 18:10:47,187 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-06-25 18:10:47,187 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-06-25 18:10:47,187 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-06-25 18:10:47,187 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-06-25 18:10:47,187 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 291225c496dbf1d86f09b76fa03831bef6e5a02ffceda55f05688072c32ab7a7 for principal rick
2019-06-25 18:10:47,187 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 291225c496dbf1d86f09b76fa03831bef6e5a02ffceda55f05688072c32ab7a7
2019-06-25 18:10:47,188 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:10:47,189 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:10:47,190 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:10:47,190 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-06-25 18:10:47,190 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@fbd961a'
2019-06-25 18:10:47,190 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:10:47,190 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://saskatchewan.eperformanceinc.com/shibboleth'
2019-06-25 18:10:47,190 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://saskatchewan.eperformanceinc.com/shibboleth'
2019-06-25 18:10:47,190 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://saskatchewan.eperformanceinc.com/shibboleth'
2019-06-25 18:10:47,191 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:10:47,191 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:10:47,191 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:10:47,191 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-06-25 18:10:47,191 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-06-25 18:10:47,280 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saskatchewan.eperformanceinc.com'
2019-06-25 18:10:47,280 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-06-25 18:10:47,280 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-06-25 18:10:47,280 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-06-25 18:10:47,280 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-06-25 18:10:47,280 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-06-25 18:10:59,033 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-06-25 18:10:59,033 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-06-25 18:10:59,033 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20190625T181059Z|https://saskatchewan.eperformanceinc.com/shibboleth|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://saskatchewan.eperformanceinc.com/shibboleth'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://saskatchewan.eperformanceinc.com/shibboleth, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1593022259039}'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://saskatchewan.eperformanceinc.com/shibboleth'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://saskatchewan.eperformanceinc.com/shibboleth]' as '["rick:https://saskatchewan.eperformanceinc.com/shibboleth"]'
2019-06-25 18:10:59,039 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@fbd961a'
2019-06-25 18:10:59,040 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:10:59,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-06-25 18:10:59,040 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-06-25 18:10:59,041 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-06-25 18:10:59,043 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _3e476f56bbfb5a421db18ba2547151b9
2019-06-25 18:10:59,043 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _3e476f56bbfb5a421db18ba2547151b9 to Response _c453b329a0fd4f5f54a8382777e7b738
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _3e476f56bbfb5a421db18ba2547151b9
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-06-25 18:10:59,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-06-25 18:10:59,044 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-06-25 18:10:59,044 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxmxZZjVkiOqS5u0lbAvHbSp4fHKJ8c7X7f/OXfBKfe98BNpfOvlUVSzwomQVusa536DZdzNJO9FZPA22ZHZq0GrKk18VP07AEkRU8wJGUa46QWzM703UWM0mIhYHDCEx4DMTgsRkg+lcsYWQcej2Yrg2i8n+ZIg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:10:59,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 174.115.6.148
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _31594d72fce89c534ebb83c9f4bc54fd
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _3e476f56bbfb5a421db18ba2547151b9
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _3e476f56bbfb5a421db18ba2547151b9 did not already contain Conditions, one was added
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-06-25T18:15:59.040Z, to Assertion _3e476f56bbfb5a421db18ba2547151b9
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _3e476f56bbfb5a421db18ba2547151b9 already contained Conditions, nothing was done
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _3e476f56bbfb5a421db18ba2547151b9 already contained Conditions, nothing was done
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://saskatchewan.eperformanceinc.com/shibboleth as an Audience of the AudienceRestriction
2019-06-25 18:10:59,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _3e476f56bbfb5a421db18ba2547151b9
2019-06-25 18:10:59,046 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://saskatchewan.eperformanceinc.com/shibboleth to existing session 291225c496dbf1d86f09b76fa03831bef6e5a02ffceda55f05688072c32ab7a7
2019-06-25 18:10:59,048 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://saskatchewan.eperformanceinc.com/shibboleth in session 291225c496dbf1d86f09b76fa03831bef6e5a02ffceda55f05688072c32ab7a7
2019-06-25 18:10:59,048 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:10:59,048 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://saskatchewan.eperformanceinc.com/shibboleth and key AAdzZWNyZXQxmxZZjVkiOqS5u0lbAvHbSp4fHKJ8c7X7f/OXfBKfe98BNpfOvlUVSzwomQVusa536DZdzNJO9FZPA22ZHZq0GrKk18VP07AEkRU8wJGUa46QWzM703UWM0mIhYHDCEx4DMTgsRkg+lcsYWQcej2Yrg2i8n+ZIg==
2019-06-25 18:10:59,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-06-25 18:10:59,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-06-25 18:10:59,049 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-06-25 18:10:59,049 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c453b329a0fd4f5f54a8382777e7b738"
    InResponseTo="_31594d72fce89c534ebb83c9f4bc54fd"
    IssueInstant="2019-06-25T18:10:59.040Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_3e476f56bbfb5a421db18ba2547151b9"
        IssueInstant="2019-06-25T18:10:59.040Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://saskatchewan.eperformanceinc.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxmxZZjVkiOqS5u0lbAvHbSp4fHKJ8c7X7f/OXfBKfe98BNpfOvlUVSzwomQVusa536DZdzNJO9FZPA22ZHZq0GrKk18VP07AEkRU8wJGUa46QWzM703UWM0mIhYHDCEx4DMTgsRkg+lcsYWQcej2Yrg2i8n+ZIg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="174.115.6.148"
                    InResponseTo="_31594d72fce89c534ebb83c9f4bc54fd"
                    NotOnOrAfter="2019-06-25T18:15:59.045Z" Recipient="https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-06-25T18:10:59.040Z" NotOnOrAfter="2019-06-25T18:15:59.040Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://saskatchewan.eperformanceinc.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-06-25T18:10:47.186Z" SessionIndex="_0430bc8a559ae72948d525ef281da378">
            <saml2:SubjectLocality Address="174.115.6.148"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-06-25 18:10:59,051 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST
2019-06-25 18:10:59,051 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST
2019-06-25 18:10:59,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c453b329a0fd4f5f54a8382777e7b738"
2019-06-25 18:10:59,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c453b329a0fd4f5f54a8382777e7b738 and Element was [saml2p:Response: null]
2019-06-25 18:10:59,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c453b329a0fd4f5f54a8382777e7b738"
2019-06-25 18:10:59,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c453b329a0fd4f5f54a8382777e7b738 and Element was [saml2p:Response: null]
2019-06-25 18:10:59,057 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-06-25 18:10:59,057 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;saskatchewan.eperformanceinc.com&#x3a;444&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-06-25 18:10:59,057 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-06-25 18:10:59,057 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:b52657d8b26d47ed969b543661f07add5227fe0bb9addc46884c39479903cc5b', encoded as 'ss&#x3a;mem&#x3a;b52657d8b26d47ed969b543661f07add5227fe0bb9addc46884c39479903cc5b'
2019-06-25 18:10:59,059 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST"
    ID="_c453b329a0fd4f5f54a8382777e7b738"
    InResponseTo="_31594d72fce89c534ebb83c9f4bc54fd"
    IssueInstant="2019-06-25T18:10:59.040Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_c453b329a0fd4f5f54a8382777e7b738">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>ANRbcuZvQWjZCb4qEOD45HSPwsAF3UO08x8OOxxuADyPbyZHsFDFEZSd1ztgeobpJoiaiKd87V0tK6sRnPIZPg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ofpKLCwUqXzf5p1GdHOPkYtbSw9ssArIA+C38Zdvr2qH8Oi8m0aQWaWQaSuqALcflvEjassPdKmvNNwMd1ee8Q1X0v145Kt/U/kB/ssLORL7cOF8K1c0BDst+FCSIlttTSUecP6VBc8yeZq4iQ9ohH//K1BP/RxVd0RYO+UR7J978tjFaz2LAmdi7uKFRKfn2+uxP/+8onulR4qPM22X2fr5RWZhmRHb2EYiITepRd0qowN5P3AKgBUi6D5CD1moBvYQnp9p1xixOLs8F0XQ4uJvq9pfImKtgYGKNovHAueS0CXcIRNblYJNN+e4swUHDjQyCNUeDu4EMf21aLgwwA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_c7a7d71fb5dfd5e0f23203a28e22b5e9"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_4d3e58d3e5cde760c9ae506716901850"
                    Recipient="https://saskatchewan.eperformanceinc.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEMjCCApqgAwIBAgIUelgvrUcnlsTLOyXlln1169JU/lcwDQYJKoZIhvcNAQELBQAwKzEpMCcG
A1UEAxMgZHYtc2Fzay04NzQ3LmVwZXJmb3JtYW5jZWluYy5jb20wHhcNMTkwNjE4MjIyMzI4WhcN
MjkwNjE1MjIyMzI4WjArMSkwJwYDVQQDEyBkdi1zYXNrLTg3NDcuZXBlcmZvcm1hbmNlaW5jLmNv
bTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOLPJpCFNaz+2rKEo97unHiMXyQ8Fb2z
s2XNDHMCVYXgK+QRC/iA+kK1Y3xWXEvF7KFvOilfNgI9x+KCRVqIMwEp1v/+bdsijPsOoqU14MFy
2gJDpWUzjIWMnUnpODqGxSb11wfMzOaabXq/kIgc64aeg2mz9LBCYJbx/edW8YvagElavG2uyEPL
6J5XOYxijZuR5hgocwUOnw9egbzTHPh9KjmBKTNxJybOIE17I2pMgjTW2cybgptNM1ZXqlauJWuc
P8YCmtILBqFzagvXz2fgvhEFyrLrkOuKxspjuk3Cur9YAX2XL42vOhz7q1H6NivScxixOwJZk6OH
ZtevCX6GEa0COcLCd60MlPcfgk+69EnLdi1Pvi99Br/rLVPJhxuNQf9AiVv+1g1l+OVn0P/CFJtz
Q+5SMHJxGSVaP7ooxediTU7uuVC1u0ESmfijVxtcF5PJ/XuRgcAGX5Fb+KDFLrE4AqFqWRtNwp35
++vvg/+DGvA/VqAhienWdPov9wIDAQABo04wTDArBgNVHREEJDAigiBkdi1zYXNrLTg3NDcuZXBl
cmZvcm1hbmNlaW5jLmNvbTAdBgNVHQ4EFgQUMsVdoR3//EVkEVzCD7DpPBPF3DwwDQYJKoZIhvcN
AQELBQADggGBAGbSBNfxLLO4unbfijyvnscvDVoAHvbXccHXuVRxs4X6ec0C2x3ZSznEFk/Hqt87
G65uCmeRh4193AgaGtfTSQC84CUD9ygXPTRFs8ejXrGQdHvBnxIKyfPxsn7WTrJLfuZjK/ozzlMB
JwJE3v+QvjUWPPQX9rtwV5M05lL0aN5r9t8rU5SlGfQ0zuF9WxJUOUMXewOX+Qtt0TCRjtY3GSDp
t2m8syn7op4akV+1m1/ZMSbURxnf/oNwgP/I4Pf5PcBbwzOhskjJpOQ4fxAU8Jf2ccJVdTGUC7uN
s29WxFlzCCREVQs8+Og6do0ERHF8yalx4LK7VocReb18p9nFmUn2UBaplqIeBgUlUX2DDi/YuOo5
uUDKTEyIh7pO9OXT742aiSrWJbHjgGZpGV1NDjbfOxE1rZRyb8Kr96RBAodwLJiPFQhU5DxjcJnL
BinLYkdKJm8cfsLyzYfQUCPMjE8f3oEnU9UzGW5EcLilvyE7eMQgPXP+Twe24Irt4RzhnQ==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>GqyrUxWxnJP/Gz3ibE/HBb/4O/T/uAv/WdbefSA/NvP+PFfLv/lHlJVY25nNof98VEEYVbCeDIPpUVy8gIDYrrmAAu91crkPmlyLxcTd/uo0kAP/fZsAk4FXJ50SfWXNl/gmxIlo2xBLkZjmx+XvKGLrPgg/fKXlIfq5trs7aaBua75WtmwIK2HcmwRNxPPtGDINaPfo1oYOt+GYU6eyCcqf1JJ7vL6zeRsSxhw412cMktBUq3ZKg6gsEbUUWqmwXCWHjRiXTH4B50dvkPXHZT1wiXJghndZ1trd2OAXszl2ZmEdhReAwlymJOTPLnwCbhycXhaZRkEwu2rgP9c5pr0tjAmjBxYcS7LoHq4ro/QQNvNkE0oDPhryUaJ6e9gT137EPsoCMB7vaQgDMSPyhncsF8RMvK7T1v2ZxpyhtlG5SSogV83duKJ0zomD5IHzJID+luB4sri3SE2lzMEGM7QQQqlbHBInw/v5/YIbG7SJzASEQiQLzOYtfRnF49/x</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>LfRCCaGEsvgYj63ZQheCUL9rLwUV/Miq9fHrC95kIJIHyx99HHL3kW4/B1m1gKI3EPUXcgw4XEKLbcKNyJCwqpXXnlpQT7Ia4P+O9EMidNCGTTEFUNlCCD7m4EhBPAY2nl58AZ0GkN/OmT1W9KP1mwpkxvG2tqFZD7NlpqPKhXYgZMegG7fj5CliPdmeEdeY6OFhmpQiY8IwEqA8rpVxdNG9DQyFVBUDASR4eEVLHfiVasZWqOzoWKGvp1ie85XnhyQbwb7q/QfofkEK2k0KRWFkkkp9bRNzJ8grQK3sHxPGk/mcv4rXXMR8L69KyYY0eAniDPzyLjmDyhZQ5hr3OuQvIQJqctKkvcCf87Cm1UVq7Uydp594CfOdG1nNA92E9/l4GyQZc3candxi71+ito5JvLNk/vCiTNMBveemnD7XMIjqpZ4qKLW/DCNAbGGyvB7eSkmiMwjMBq8Mwm8+ay+Xp5StCrN7zx6zhfZmivrHPfJ6Y6/CalliB0n74Bql7EsCgNvcUuGLTreBfn9T6BHfsuVwIXSfMg/HG+oBsq5dmjvRDMTXHRnkFfz0IBE7vi4iSqZFdOq0kgVz5jgPa146pF5IR5itzwgfcdH2zs99FGU1NFHZm2/w9ahC8gjyz8b4NO2e87x2hL4QoGn/oOY/pwZviQceotYrtyyK861ZqlPc5X0LUOi7th8fQ/LPDNXM0Jk4yjBR8a+Mp1a9R83zfgkab6BYO9NzaxYo0EmvNURkF9Rzeeh7QFA1rR6ASVmtKzDu+q6Ek/5yWLmKGEQwxfN65GFgYD8RUlVdz17foalIAxxuJTxjiX6N+HV5sXfLS8tvLCR7m7S4XVaoMAxg21aL0KdEpk80j9HBbfPyCk7CEJJSkTOipCIPRWE+nnq4MGsj5Wq4b0QKeQZReIY3AUlJjGFt7LaZxePBjJ4nvN07mtd1gHze9g8x/vN4qnbJFexZlUVbXIAztvOPJ/Qkbwh9w6G0eJ9fi4k7FDgZ4h8EIwSF3+pIVnCHrtrStptpMsKNDNUH7Dx/U2TlO/gigwiad9iTlKxyEgG3gLjY7wo331osc6asKcZjbUgFCKhkGIbX4DZE3mi+iT2doqv6taRMI+JN/i3Bo9CvnXHNmWxJOY5+TsKrcR/Xz70kwxTp1YqJ3vqybZ3FlGXCzM9GfZHUN9PEuuQ+/dC9FOqA923/B3zvqSPjoPqp96hAlhsBz+eGAvSvfnQJxgm45hWVfnHcpQDQykZyPP9BxK288R9q5odzCFGeA1/gs8X5QFFC0zCqc8WDKrQSijRlEK9NddAw0S85VoeUnEjiRNjk6g0VB0OfbontGQo1Y//FYTvGGJqWzaYGQW/3GrQR3OxkoCSuzaamOdG6YouqOQRyzLN5RNY2OkbvpS7WQN5KHgSadtPhybKSXczxApyAYipT357gKeBSJCroz+usqa4/vF9SqS/LW9z8FuicK+0ChTAvZ4i5eB0lAlUJGOB29vLweQSHmWQcWEZyQweREO9ymPesYQYLTb7j5GKzPii3IaM5J97rnys/VNC6+7ee9Kz1DC7892zyTpswTT6xOkidIXsStpVN/uXGdRqdODYnOmqD8wPR9f533t5GcZTySTycGCzjQbDK/vtiroTYPQC9tI2x99f4/8zOK/QEYIovqKg/8SHepfccq4B5taeWrSnRX8olcpQyIH52+uWrq1VlNIBfzY1cabjsmQPP8jSMIUlzoz1viDL1JsFeuq3dSnT1vXwjUyDDinfzj7ssDL/4dqvhhAcw5KFAWOJPnNexBBcUMAkhdvrGOY/kbYEUPCatnTk/SAuPyVgMAQGQZy0eogYs3ivxV4houISxKoxVoRtd8k7GiSKUtThKdVklGO6J3Y/yWHqXFnTzHyJca6BpmJfj4OyK8xARqoHYg6DC+DxomNJkS9GnHQmkgEiqARWLkuR3f3XP/6ID022vqmSSNhwJLA4ZSaT65hfn8jQ0xCVEiSALDYxKoKTO6EIm9X7VV6VBv7R/XeDlP9PZePlwSADqC9LfaSUGswVJ3DQwPjjod+RH21yg9j0ODafd3Z66NAl+K4XQHlcc16bKoubwVwJQwrxiZUdNaZ87gnYOIr+TaK92Vq8h9uka65F51YauGs43SDiCiFC0JdJY3GmWuW1LshPi0fQ5B+3ystB7HOo6HQpdugMq6QAQpuPkkxsc4z+/WCgmk2Y9AoQk+SgAfnP8aZYDWc1AMHCxWmbCIQuESu1vWhJRw40DqKn64bReS1wWIw2fmQZceE7JfgKntXVCt+QGCD+XnF5qdmrnuOm4PfS3/06JNLOtYPqPBO6xwdoGcmYwky/A7jJXgi4ztRDQDlGvbCutlEnihdbRuNtwYZqa5HzsgF424nZv6bFBeufK5ZEkcSMwnZOTaqxbkXaAnr6gmPSQexUIDnTtto/I7eXko8pn0zLVyb47+zIcBZPcrOQGbwkGURU0BSuDKw4BSkCznkZkyM+2HjD8X0OGsm6sRvEZQhSSm9im2XOSCS2z6ZMJjHgpEeVw0PCZtwDByjK6rYeM+B1BTQk9Sx9S4hWOMxHxcuIq35q40yp22hZopIhpu5ZtrJKvJ0ATtRupktkSbqlm+eKeOkwHTRW+tIBYJlh6jqz0DqtaJMiugHRKjOZK/bHzZun48bUAtIbWnjI/QT4qiUzMWL/v5HpFxPo+ebciwKxe+89ovDqIdv1gvChqJjDrict5arCHnLaBoOsOFsT3no2KVFwd8wXmYvxQyonUdAD//cehnO8IvjSajoqsX89uUUnwcgeIVSVJyN+/pZcBc3Ul6WfR1OwXWIKtStZn26GBRNscn2Ck5rSdkFpW2WVf5yRNo3bPZzmXdQNZgDWqv0U6MKsgbW/wR0S2g1LM3MVawbGFNkWRf2mVqCe68IP2iWipJQMQcvDrMzH66CmW29dJKdCQsX59FZoEeXs+4PO7A087U9pRSneV2g+8zzNcfaBK00Fh/QWcMB1JmdUEWYNT61JI1EO7+zneDcRaGOwP4QMKcVAazRuvfv+HIUo3ZQWkmmK8y3oIjuXeW0owY8p17m1Ed8IttwefBdOj6J2w50lUIKOcY7fvJDr6LirN6csvLlOLstU9/LVftbqdOn3ypHPwYAbLNFA6WfqSwrsHKfg6CfaXgIfyHUyNSWojMezuPjevajbW5VG5z80KLUOGcEabFin2NC/Np+fQ7XxU5BbD+gSbEMD7Dvfa+AufAsmlRVMue3sXGrrjrq977NqPV9YGzMWumTi9JSFAwgKRGQR2SGmUUg0OcgJQkOLpS8mZ7HEynF6lUdIUEqFTzRvgv0kf0dOTmIzLEUnuHXCH5f9ArHPn4EDw/sgI+AzUR4cAmE1sWy/WtxqI6oP2LKFGMvvlQdMvwS5LFiq4BF1317fysLeBlC7Tqtp+kwOutJxCSFzoi+NN64mCB7mWPTgNou7Rtr6sHO0s5PHbQYt8WmNCxECs9nFV4d+NOUgUB4+62LfaRbGcj3jNOnzHEpZORHnu98ywtUi5KNNiZkZm0Nh/NwHmQw7zEuKwNCO4ut/hTlG8tjiJTgFGwndiSnfdQpPVhp6ldFWBZkG975dV1grJsmRGjPzezmmqDs5mSP/9+7kTGFjrnK4oRiqc/bzJsQNhnIOJuiV/L2/D76rH2vn2OdYkc8PlrOtgJN7RBKEeNUfnO+vrXOKKxKsTxw0F2PaKRwfx+oyvyrpDF4TAcEvQjrGv24Ao8r3BvAEn+lsTk8TgM2cAMIQS69i0MKJmeFyuFjYYoVK/i1+LyAj0EQrK/CSnu0ybd3M9fkPgpEuPHlN/UQZomBaRxxpT+mV2Co4a3Sx+tmzZN13T2LT7xYkoMA1jeog++TWE4r3RvvLvtJmRNNq8KjBdnfvOv3C/q50TtmQZ5FZH1LjpYK03EE0AkVF0Zdem922nD41BBtAhbHG7yWJjAziobedphB9WP/oSN7NxPGv1QOhQHeBin1CtC8pfVXRu+QjzryfGljwu0vjElWjfW8iZ+J9mdEkLWuZOKV2oclfQeyWQiGEdaE1ug7Mpp/aRAGeSIuJi1k9OZdmuK8qS/yI9Dd23mXJRMMaGQGJSVoeOzUWZOnpe+0H+3L9EhmuE2eA56/Juzo2uQZM+xeF7rW/BbAkvzQ9AQ4JRSNXVAZnIxG9M4RwxjEwKT9llcCKQuanqaWcz2nnW5Ei2Kv/4WS8rvOsfNe2Wz/lgg2/QImR8799MqkvIGviGsXTO83h1EjY7tzdyFVLPVPqMK3WaYXZiQm/65nAtBNVjA7awbZx3py8IAnnYf5o1P8Ivtge0JA+Ae5bvg/wZdNcJsea2RF4gC55nFSFTkpVkTXDWt64xI/5kRLXc9ZhZ2RiosURYPoNowvgJ0gMGVSlRYgwLpEm7jnT4e8EswvjxRryrlvIOI5DKWXI4ON/+W/9C+U0ZEEZ/oMARbjyovSI+LqwEUO1/aSccUM3J2/YR9+Nj2dTVlWyNRt3XcKhBynQ9CEH3IY4/ePP9Q6oDSAjRQABfvRqCyhTQfsD74gXPR5tLOk3WWVXpupNEQTPVOi20jw54tZlUGdBQZa6j5jQUYaDCjiCeFYvW0hJZhj8dsUTyu0YkLTyLvClVP6c7wuBmBVo5Eccwth7KJRCVMw5eXOiXYXTSM5Z29WUkUz5PxAVG1MRybKY2vC99W9polqlzVxEgJMWSfn67FsO87vFIM6a81tHgavMVxOokfvE4eMnQDAb1NyjOHUhdbbrbS+XSFYFzm0q8rXmF6zk/2bHcHPhxKEx01d+vFxq1xs4JprHoZqSe+Lm8w6ZRtpBU987o9xcqF9/0pKHZ0pfiaGH3UyOvKdOI3C0LsQLUUm/LGt9SoYKFikY5lJstNEExwE5bFMF2ZpM4Fxs6w3mBOD4=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-06-25 18:10:59,059 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-06-25 18:10:59,059 - INFO [Shibboleth-Audit.SSO:?] - 20190625T181059Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_31594d72fce89c534ebb83c9f4bc54fd|https://saskatchewan.eperformanceinc.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c453b329a0fd4f5f54a8382777e7b738|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxmxZZjVkiOqS5u0lbAvHbSp4fHKJ8c7X7f/OXfBKfe98BNpfOvlUVSzwomQVusa536DZdzNJO9FZPA22ZHZq0GrKk18VP07AEkRU8wJGUa46QWzM703UWM0mIhYHDCEx4DMTgsRkg+lcsYWQcej2Yrg2i8n+ZIg==|_3e476f56bbfb5a421db18ba2547151b9|
2019-06-25 18:13:02,075 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:13:02,075 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:13:02,075 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:13:02,075 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s2b74322f9b86faeefd2bf9b72868e783d35c335ec"
    IsPassive="false" IssueInstant="2019-06-25T18:13:01Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://myuat.cscglobal.com:443/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        SPNameQualifier="https://myuat.cscglobal.com:443/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:13:02,080 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://myuat.cscglobal.com:443/openam' from origin source
2019-06-25 18:13:02,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:13:02,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:13:02,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:13:02,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:13:02,080 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:13:02,080 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:13:02,080 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-06-25 18:13:02,080 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://myuat.cscglobal.com:443/openam
2019-06-25 18:13:02,081 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:13:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:13:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:13:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:13:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:13:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's2b74322f9b86faeefd2bf9b72868e783d35c335ec', issue instant '2019-06-25T18:13:01.000Z', entityID 'https://myuat.cscglobal.com:443/openam'
2019-06-25 18:13:02,081 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://myuat.cscglobal.com:443/openam' does not require AuthnRequests to be signed
2019-06-25 18:13:02,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-06-25 18:13:02,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:13:02,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:13:02,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:13:02,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:13:02,082 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:13:02,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:13:02,082 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:13:02,083 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-06-25 18:13:02,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:13:02,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:13:02,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:13:02,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:13:02,083 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://myuat.cscglobal.com:443/openam
2019-06-25 18:13:02,083 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-06-25 18:13:02,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-06-25 18:13:02,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-06-25 18:13:02,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-06-25 18:13:02,088 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:13:02.089Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No active results available, selecting an inactive flow
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2019-06-25 18:13:02,089 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-06-25 18:13:02,090 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-06-25 18:13:02,223 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'myuat.cscglobal.com'
2019-06-25 18:13:02,223 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-06-25 18:13:02,223 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-06-25 18:13:14,156 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'sheldon'
2019-06-25 18:13:14,157 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user sheldon
2019-06-25 18:13:14,157 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1909280185::identifier=sheldon, context=org.apache.velocity.VelocityContext@377c0133]
2019-06-25 18:13:14,164 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=sheldon,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1909280185::identifier=sheldon, context=org.apache.velocity.VelocityContext@377c0133]
2019-06-25 18:13:14,164 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'sheldon' succeeded
2019-06-25 18:13:14,164 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-06-25 18:13:14,164 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'sheldon'
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'sheldon'
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal sheldon
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3 for principal sheldon
2019-06-25 18:13:14,165 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:13:14,166 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:13:14,167 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:13:14,167 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-06-25 18:13:14,167 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2e8677d9'
2019-06-25 18:13:14,167 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:13:14,167 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://myuat.cscglobal.com:443/openam'
2019-06-25 18:13:14,167 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:https://myuat.cscglobal.com:443/openam'
2019-06-25 18:13:14,167 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon:https://myuat.cscglobal.com:443/openam'
2019-06-25 18:13:14,168 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:13:14,168 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2019-06-25 18:13:14,168 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2019-06-25 18:13:14,168 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-06-25 18:13:14,168 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-06-25 18:13:14,290 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'myuat.cscglobal.com'
2019-06-25 18:13:14,290 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-06-25 18:13:14,290 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-06-25 18:13:14,291 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-06-25 18:13:14,291 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-06-25 18:13:14,291 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-06-25 18:13:20,603 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-06-25 18:13:20,603 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-06-25 18:13:20,603 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20190625T181320Z|https://myuat.cscglobal.com:443/openam|AttributeReleaseConsent|sheldon|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://myuat.cscglobal.com:443/openam'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:_key_idx'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=sheldon:https://myuat.cscglobal.com:443/openam, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1593022400609}'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'sheldon:https://myuat.cscglobal.com:443/openam'
2019-06-25 18:13:20,609 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[sheldon:https://myuat.cscglobal.com:443/openam]' as '["sheldon:https://myuat.cscglobal.com:443/openam"]'
2019-06-25 18:13:20,610 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2e8677d9'
2019-06-25 18:13:20,610 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:13:20,610 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-06-25 18:13:20,610 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-06-25 18:13:20,611 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-06-25 18:13:20,611 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5f952d939098a8e75ca1dd91bad193a9
2019-06-25 18:13:20,611 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5f952d939098a8e75ca1dd91bad193a9 to Response _a81de76c9e91f8ee524062a6eacde3b3
2019-06-25 18:13:20,611 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5f952d939098a8e75ca1dd91bad193a9
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2019-06-25 18:13:20,612 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:13:20,613 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2019-06-25 18:13:20,613 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 104.129.194.176
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s2b74322f9b86faeefd2bf9b72868e783d35c335ec
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5f952d939098a8e75ca1dd91bad193a9
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5f952d939098a8e75ca1dd91bad193a9 did not already contain Conditions, one was added
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-06-25T18:18:20.610Z, to Assertion _5f952d939098a8e75ca1dd91bad193a9
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5f952d939098a8e75ca1dd91bad193a9 already contained Conditions, nothing was done
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5f952d939098a8e75ca1dd91bad193a9 already contained Conditions, nothing was done
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://myuat.cscglobal.com:443/openam as an Audience of the AudienceRestriction
2019-06-25 18:13:20,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5f952d939098a8e75ca1dd91bad193a9
2019-06-25 18:13:20,614 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://myuat.cscglobal.com:443/openam to existing session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:13:20,614 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://myuat.cscglobal.com:443/openam in session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:13:20,614 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:13:20,614 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://myuat.cscglobal.com:443/openam and key JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU
2019-06-25 18:13:20,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-06-25 18:13:20,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-06-25 18:13:20,615 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-06-25 18:13:20,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-06-25 18:13:20,616 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp
2019-06-25 18:13:20,616 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp
2019-06-25 18:13:20,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a81de76c9e91f8ee524062a6eacde3b3"
2019-06-25 18:13:20,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a81de76c9e91f8ee524062a6eacde3b3 and Element was [saml2p:Response: null]
2019-06-25 18:13:20,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a81de76c9e91f8ee524062a6eacde3b3"
2019-06-25 18:13:20,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a81de76c9e91f8ee524062a6eacde3b3 and Element was [saml2p:Response: null]
2019-06-25 18:13:20,618 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-06-25 18:13:20,618 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;myuat.cscglobal.com&#x3a;443&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2019-06-25 18:13:20,618 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-06-25 18:13:20,619 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp"
    ID="_a81de76c9e91f8ee524062a6eacde3b3"
    InResponseTo="s2b74322f9b86faeefd2bf9b72868e783d35c335ec"
    IssueInstant="2019-06-25T18:13:20.610Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a81de76c9e91f8ee524062a6eacde3b3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>VPvaf2vFfkx4VdjGkWYcbNWyV49pMx4mYaq/2mLQu20=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>m3XiCr1zTfFVXx5qAQaASuLYeFlmaB2vMx1xJO22VA/nUI8oaJxu1vNxpKbkqkhkOGXVTpphk71VPm9FCs4u9bZqKFvVqqmVte2Mkx/Rbdog1wUvUj0WVJkCwhcm3byhZoyxWEeMe8A4ZiCej93qX8Ji6rehnKsoTPHwlj3do8muR7kx7wWQ+wkrsz5IgdAKDkHtcRDq309h8pEJ2QCcqNHdkTlKna9Oj0Pmo0DdD/5EuPM9Njet8QXg4tDiB2ihL+bhSYuLiuuAoLvjtJaZI8oeqUs0U4z835mcaOWWxEFf7lsXjWShOXyrI36m9h/6PdeJj/IUNJiUaJSQ2RgHsA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5f952d939098a8e75ca1dd91bad193a9"
        IssueInstant="2019-06-25T18:13:20.610Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://myuat.cscglobal.com:443/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="104.129.194.176"
                    InResponseTo="s2b74322f9b86faeefd2bf9b72868e783d35c335ec"
                    NotOnOrAfter="2019-06-25T18:18:20.613Z" Recipient="https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-06-25T18:13:20.610Z" NotOnOrAfter="2019-06-25T18:18:20.610Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://myuat.cscglobal.com:443/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-06-25T18:13:14.164Z" SessionIndex="_9b70f8e3acc1f1977b0bce52f87c4fe8">
            <saml2:SubjectLocality Address="104.129.194.176"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-06-25 18:13:20,619 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-06-25 18:13:20,619 - INFO [Shibboleth-Audit.SSO:?] - 20190625T181320Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s2b74322f9b86faeefd2bf9b72868e783d35c335ec|https://myuat.cscglobal.com:443/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a81de76c9e91f8ee524062a6eacde3b3|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU|_5f952d939098a8e75ca1dd91bad193a9|
2019-06-25 18:14:25,048 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:14:25,048 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:14:25,048 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:14:25,048 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s2db82d99f04f05ac8efddc7cd09608762a40bb78c"
    IsPassive="false" IssueInstant="2019-06-25T18:14:24Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://myuat.cscglobal.com:443/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        SPNameQualifier="https://myuat.cscglobal.com:443/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:14:25,053 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://myuat.cscglobal.com:443/openam' from origin source
2019-06-25 18:14:25,053 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:14:25,053 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:14:25,053 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:14:25,053 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:14:25,053 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:14:25,053 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:14:25,053 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-06-25 18:14:25,053 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://myuat.cscglobal.com:443/openam
2019-06-25 18:14:25,054 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:14:25,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:14:25,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:14:25,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:14:25,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:14:25,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's2db82d99f04f05ac8efddc7cd09608762a40bb78c', issue instant '2019-06-25T18:14:24.000Z', entityID 'https://myuat.cscglobal.com:443/openam'
2019-06-25 18:14:25,055 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://myuat.cscglobal.com:443/openam' does not require AuthnRequests to be signed
2019-06-25 18:14:25,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-06-25 18:14:25,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:14:25,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:14:25,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:14:25,055 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:14:25,055 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:14:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:14:25,056 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:14:25,056 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-06-25 18:14:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:14:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:14:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:14:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:14:25,056 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://myuat.cscglobal.com:443/openam
2019-06-25 18:14:25,056 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-06-25 18:14:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-06-25 18:14:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-06-25 18:14:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-06-25 18:14:25,059 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:14:25,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:14:25.060Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:14:25,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2019-06-25 18:14:25,060 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:14:25,062 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:14:25,062 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3 to 2019-06-25T19:14:25.062Z
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow or active result compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2019-06-25 18:14:25,063 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:14:25,064 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:14:25,065 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@60bf37f'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://myuat.cscglobal.com:443/openam'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@647706c3' with context 'intercept/attribute-release' and key 'sheldon:https://myuat.cscglobal.com:443/openam'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://myuat.cscglobal.com:443/openam' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1593022400609' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2019-06-25 18:14:25,066 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2019-06-25 18:14:25,067 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-06-25 18:14:25,067 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-06-25 18:14:25,067 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@60bf37f'
2019-06-25 18:14:25,067 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:14:25,067 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-06-25 18:14:25,068 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-06-25 18:14:25,068 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-06-25 18:14:25,068 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e1921f60b0e5031bb30b80e8c721ff9e
2019-06-25 18:14:25,068 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e1921f60b0e5031bb30b80e8c721ff9e to Response _7a84c9367ed61b0d0e7343eb4d579ea1
2019-06-25 18:14:25,068 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e1921f60b0e5031bb30b80e8c721ff9e
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2019-06-25 18:14:25,069 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:14:25,070 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2019-06-25 18:14:25,070 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 104.129.194.176
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s2db82d99f04f05ac8efddc7cd09608762a40bb78c
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e1921f60b0e5031bb30b80e8c721ff9e
2019-06-25 18:14:25,070 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e1921f60b0e5031bb30b80e8c721ff9e did not already contain Conditions, one was added
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-06-25T18:19:25.067Z, to Assertion _e1921f60b0e5031bb30b80e8c721ff9e
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e1921f60b0e5031bb30b80e8c721ff9e already contained Conditions, nothing was done
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e1921f60b0e5031bb30b80e8c721ff9e already contained Conditions, nothing was done
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://myuat.cscglobal.com:443/openam as an Audience of the AudienceRestriction
2019-06-25 18:14:25,071 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e1921f60b0e5031bb30b80e8c721ff9e
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://myuat.cscglobal.com:443/openam to existing session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://myuat.cscglobal.com:443/openam in session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://myuat.cscglobal.com:443/openam in session 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 523ba1686cda86d03af6af163680808f46a99d6765ff78628722dc5fe6737df3: replaced old SPSession for service https://myuat.cscglobal.com:443/openam
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://myuat.cscglobal.com:443/openam and key JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://myuat.cscglobal.com:443/openam and key JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU
2019-06-25 18:14:25,073 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://myuat.cscglobal.com:443/openam was replaced
2019-06-25 18:14:25,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-06-25 18:14:25,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-06-25 18:14:25,074 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-06-25 18:14:25,074 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-06-25 18:14:25,075 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp
2019-06-25 18:14:25,075 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp
2019-06-25 18:14:25,076 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7a84c9367ed61b0d0e7343eb4d579ea1"
2019-06-25 18:14:25,076 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7a84c9367ed61b0d0e7343eb4d579ea1 and Element was [saml2p:Response: null]
2019-06-25 18:14:25,076 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7a84c9367ed61b0d0e7343eb4d579ea1"
2019-06-25 18:14:25,076 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7a84c9367ed61b0d0e7343eb4d579ea1 and Element was [saml2p:Response: null]
2019-06-25 18:14:25,077 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-06-25 18:14:25,077 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;myuat.cscglobal.com&#x3a;443&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2019-06-25 18:14:25,077 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-06-25 18:14:25,079 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp"
    ID="_7a84c9367ed61b0d0e7343eb4d579ea1"
    InResponseTo="s2db82d99f04f05ac8efddc7cd09608762a40bb78c"
    IssueInstant="2019-06-25T18:14:25.067Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_7a84c9367ed61b0d0e7343eb4d579ea1">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>5G8r953olk4/8BJ7PIzK5sk/l44xxtO9qOEW/N9jbek=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GMwMT7cZxTdv8L9SlRh+IP5Mp9+6GP5fB4t6Qslou2xeQLONVChR+CuXJIflHHa9jRnrbmOvb6j7sSE1j8Y01PtJNpYeYmkRCmPC1wOkEbaI+XBIyE7N9r8Unpilug5kFtrCHbV4iuhR/itJ46YqGqCg5H0tGxW98XcESzwwR4/0O9YiyNLssG1ljn4HC0NRew58s8P8YI+r8sp9tHr6DYbceHcNTpU7ie74eLZvbVaU/O3mRmSIfZr+EaWNl4kUHzsHXiILdAo4DHZm8nNPSVVC4ADNqjTHgdqqwi1PwaeURiSJ3uWRSeN4N91YqGlxdl+5z5l0RZtwzQ4i4P1IMw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e1921f60b0e5031bb30b80e8c721ff9e"
        IssueInstant="2019-06-25T18:14:25.067Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://myuat.cscglobal.com:443/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="104.129.194.176"
                    InResponseTo="s2db82d99f04f05ac8efddc7cd09608762a40bb78c"
                    NotOnOrAfter="2019-06-25T18:19:25.070Z" Recipient="https://myuat.cscglobal.com:443/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-06-25T18:14:25.067Z" NotOnOrAfter="2019-06-25T18:19:25.067Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://myuat.cscglobal.com:443/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-06-25T18:13:14.164Z" SessionIndex="_9d03671d37226065412bb3c984595987">
            <saml2:SubjectLocality Address="104.129.194.176"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-06-25 18:14:25,079 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-06-25 18:14:25,079 - INFO [Shibboleth-Audit.SSO:?] - 20190625T181425Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s2db82d99f04f05ac8efddc7cd09608762a40bb78c|https://myuat.cscglobal.com:443/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7a84c9367ed61b0d0e7343eb4d579ea1|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|JXE52XG3ASRYJGACK5HIQ7FZD7L5JIZU|_e1921f60b0e5031bb30b80e8c721ff9e|
2019-06-25 18:19:18,660 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1561485579_86a5
2019-06-25 18:19:18,660 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:19:18,660 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:19:18,660 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://dan.sheerid.test/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_7f1539d04eca84247f709ec2085e1c16"
    IssueInstant="2019-06-25T17:59:39Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://dan.sheerid.test/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:19:18,666 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://dan.sheerid.test/shibboleth' from origin source
2019-06-25 18:19:18,666 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:19:18,666 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:19:18,666 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:19:18,666 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:19:18,666 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:19:18,666 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:19:18,666 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2019-06-25 18:19:18,666 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://dan.sheerid.test/shibboleth
2019-06-25 18:19:18,666 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:19:18,667 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:19:18,667 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:19:18,667 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:19:18,667 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:19:18,667 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7f1539d04eca84247f709ec2085e1c16', issue instant '2019-06-25T17:59:39.000Z', entityID 'https://dan.sheerid.test/shibboleth'
2019-06-25 18:19:18,667 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2019-06-25T17:59:39.000Z', message expired at: '2019-06-25T18:05:39.000Z', current time: '2019-06-25T18:19:18.667Z'
2019-06-25 18:19:18,668 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2019-06-25 18:19:18,668 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:20:03,484 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1561485579_86a5
2019-06-25 18:20:03,484 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:20:03,484 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:20:03,484 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://dan.sheerid.test/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_7f1539d04eca84247f709ec2085e1c16"
    IssueInstant="2019-06-25T17:59:39Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://dan.sheerid.test/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:20:03,489 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://dan.sheerid.test/shibboleth' from origin source
2019-06-25 18:20:03,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:20:03,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:20:03,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:20:03,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:20:03,489 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:20:03,490 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:20:03,490 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2019-06-25 18:20:03,490 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://dan.sheerid.test/shibboleth
2019-06-25 18:20:03,490 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:20:03,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:20:03,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:20:03,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:20:03,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:20:03,491 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7f1539d04eca84247f709ec2085e1c16', issue instant '2019-06-25T17:59:39.000Z', entityID 'https://dan.sheerid.test/shibboleth'
2019-06-25 18:20:03,491 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2019-06-25T17:59:39.000Z', message expired at: '2019-06-25T18:05:39.000Z', current time: '2019-06-25T18:20:03.491Z'
2019-06-25 18:20:03,491 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2019-06-25 18:20:03,492 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:20:04,717 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1561485579_86a5
2019-06-25 18:20:04,717 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:20:04,717 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:20:04,717 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://dan.sheerid.test/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_7f1539d04eca84247f709ec2085e1c16"
    IssueInstant="2019-06-25T17:59:39Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://dan.sheerid.test/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:20:04,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:20:04,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:20:04,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:20:04,718 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:20:04,718 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:20:04,718 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:20:04,718 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2019-06-25 18:20:04,718 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://dan.sheerid.test/shibboleth
2019-06-25 18:20:04,719 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:20:04,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:20:04,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:20:04,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:20:04,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:20:04,719 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7f1539d04eca84247f709ec2085e1c16', issue instant '2019-06-25T17:59:39.000Z', entityID 'https://dan.sheerid.test/shibboleth'
2019-06-25 18:20:04,719 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2019-06-25T17:59:39.000Z', message expired at: '2019-06-25T18:05:39.000Z', current time: '2019-06-25T18:20:04.719Z'
2019-06-25 18:20:04,720 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2019-06-25 18:20:04,720 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:23:35,453 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1561485836_cf84
2019-06-25 18:23:35,453 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:23:35,453 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:23:35,453 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://dan.sheerid.test/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_50d6faf210fd9d21b2061468022a7e6f"
    IssueInstant="2019-06-25T18:03:56Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://dan.sheerid.test/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:23:35,458 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://dan.sheerid.test/shibboleth' from origin source
2019-06-25 18:23:35,458 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:23:35,458 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:23:35,458 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:23:35,458 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:23:35,458 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:23:35,459 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:23:35,459 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2019-06-25 18:23:35,459 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://dan.sheerid.test/shibboleth
2019-06-25 18:23:35,459 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:23:35,459 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:23:35,459 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:23:35,459 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:23:35,459 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:23:35,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_50d6faf210fd9d21b2061468022a7e6f', issue instant '2019-06-25T18:03:56.000Z', entityID 'https://dan.sheerid.test/shibboleth'
2019-06-25 18:23:35,460 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2019-06-25T18:03:56.000Z', message expired at: '2019-06-25T18:09:56.000Z', current time: '2019-06-25T18:23:35.460Z'
2019-06-25 18:23:35,460 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2019-06-25 18:23:35,461 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:24:22,598 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: itujPux2dDIaa60oWHMCBYVkjIXXhJT6xrZdHsvgofqCdyrj9TqaAk2g
2019-06-25 18:24:22,598 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:24:22,598 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:24:22,598 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://10.1.1.153/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-445f9a49bccee2983fa1cb986b588e382a4ad54d"
    IssueInstant="2019-06-25T18:24:21.951Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://10.1.1.153/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2019-06-25 18:24:22,603 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://10.1.1.153/saml/metadata' from origin source
2019-06-25 18:24:22,603 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:24:22,603 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:24:22,603 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:24:22,603 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:24:22,603 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:24:22,603 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:24:22,603 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-06-25 18:24:22,603 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://10.1.1.153/saml/metadata
2019-06-25 18:24:22,604 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:24:22,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:24:22,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:24:22,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:24:22,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:24:22,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-445f9a49bccee2983fa1cb986b588e382a4ad54d', issue instant '2019-06-25T18:24:21.951Z', entityID 'https://10.1.1.153/saml/metadata'
2019-06-25 18:24:22,604 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://10.1.1.153/saml/metadata' does not require AuthnRequests to be signed
2019-06-25 18:24:22,604 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-06-25 18:24:22,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:24:22,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:24:22,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:24:22,605 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:24:22,605 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://10.1.1.153/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:24:22,605 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:24:22,605 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:24:22,606 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:24:22,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:24:22,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:24:22,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:24:22,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:24:22,606 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://10.1.1.153/saml/metadata
2019-06-25 18:24:22,606 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-06-25 18:24:22,606 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2019-06-25 18:24:22,606 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2019-06-25 18:24:22,606 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-06-25 18:24:22,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:24:22,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:24:22.609Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:24:22,609 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ebcc41563fabfc4a6909cd232d172adf99fddba1d5567166331c2982eb2d38fd
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID ebcc41563fabfc4a6909cd232d172adf99fddba1d5567166331c2982eb2d38fd
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-06-25 18:24:22,610 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-06-25 18:24:22,806 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.1.1.153'
2019-06-25 18:24:22,807 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-06-25 18:24:22,807 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-06-25 18:24:36,047 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-06-25 18:24:36,047 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-06-25 18:24:36,047 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@590582883::identifier=rick, context=org.apache.velocity.VelocityContext@5a6366d4]
2019-06-25 18:24:36,057 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@590582883::identifier=rick, context=org.apache.velocity.VelocityContext@5a6366d4]
2019-06-25 18:24:36,058 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-06-25 18:24:36,058 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-06-25 18:24:36,059 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-06-25 18:24:36,059 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-06-25 18:24:36,059 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-06-25 18:24:36,059 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-06-25 18:24:36,059 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-06-25 18:24:36,059 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 1b79adaf0e702c28ec14bf4f3a6318d2aa20dacd06058749f22f8c68271097ad for principal rick
2019-06-25 18:24:36,059 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 1b79adaf0e702c28ec14bf4f3a6318d2aa20dacd06058749f22f8c68271097ad
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-06-25 18:24:36,060 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-06-25 18:24:36,061 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-06-25 18:24:36,061 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:24:36,061 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-06-25 18:24:36,061 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@185f8ae1'
2019-06-25 18:24:36,061 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:24:36,062 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://10.1.1.153/saml/metadata'
2019-06-25 18:24:36,062 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://10.1.1.153/saml/metadata'
2019-06-25 18:24:36,062 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://10.1.1.153/saml/metadata'
2019-06-25 18:24:36,062 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-06-25 18:24:36,062 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:24:36,062 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-06-25 18:24:36,062 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-06-25 18:24:36,063 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2019-06-25 18:24:36,275 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.1.1.153'
2019-06-25 18:24:36,275 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-06-25 18:24:36,275 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2019-06-25 18:24:36,275 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2019-06-25 18:24:36,275 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-06-25 18:24:36,275 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2019-06-25 18:24:41,114 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2019-06-25 18:24:41,114 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2019-06-25 18:24:41,115 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20190625T182441Z|https://10.1.1.153/saml/metadata|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2019-06-25 18:24:41,115 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@185f8ae1'
2019-06-25 18:24:41,115 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:24:41,115 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-06-25 18:24:41,116 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-06-25 18:24:41,116 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-06-25 18:24:41,116 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c20f301d4aca6b3ffd6eb3db09f98685
2019-06-25 18:24:41,116 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c20f301d4aca6b3ffd6eb3db09f98685 to Response _c48345911f936a33848def0a5e4e4029
2019-06-25 18:24:41,116 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c20f301d4aca6b3ffd6eb3db09f98685
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-06-25 18:24:41,117 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx18oJNr/olRt6o2e/oYC7xLjejGHm+/iY56ZchRV4zZ8/ykXDpZyro9+KMaBOIpMmKABEp+AH4DoyQSp6GL5HdM2PRSLxmf29XKNzli09hq3Z9RXh9wvxOHYqKVFPTEFDlg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 37.133.236.115
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-445f9a49bccee2983fa1cb986b588e382a4ad54d
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://10.1.1.153/saml/acs
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c20f301d4aca6b3ffd6eb3db09f98685
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c20f301d4aca6b3ffd6eb3db09f98685 did not already contain Conditions, one was added
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-06-25T18:29:41.115Z, to Assertion _c20f301d4aca6b3ffd6eb3db09f98685
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c20f301d4aca6b3ffd6eb3db09f98685 already contained Conditions, nothing was done
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c20f301d4aca6b3ffd6eb3db09f98685 already contained Conditions, nothing was done
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://10.1.1.153/saml/metadata as an Audience of the AudienceRestriction
2019-06-25 18:24:41,118 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c20f301d4aca6b3ffd6eb3db09f98685
2019-06-25 18:24:41,119 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://10.1.1.153/saml/metadata to existing session 1b79adaf0e702c28ec14bf4f3a6318d2aa20dacd06058749f22f8c68271097ad
2019-06-25 18:24:41,119 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://10.1.1.153/saml/metadata in session 1b79adaf0e702c28ec14bf4f3a6318d2aa20dacd06058749f22f8c68271097ad
2019-06-25 18:24:41,119 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-06-25 18:24:41,120 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://10.1.1.153/saml/metadata and key AAdzZWNyZXQx18oJNr/olRt6o2e/oYC7xLjejGHm+/iY56ZchRV4zZ8/ykXDpZyro9+KMaBOIpMmKABEp+AH4DoyQSp6GL5HdM2PRSLxmf29XKNzli09hq3Z9RXh9wvxOHYqKVFPTEFDlg==
2019-06-25 18:24:41,120 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-06-25 18:24:41,120 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-06-25 18:24:41,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c20f301d4aca6b3ffd6eb3db09f98685"
2019-06-25 18:24:41,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c20f301d4aca6b3ffd6eb3db09f98685 and Element was [saml2:Assertion: null]
2019-06-25 18:24:41,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c20f301d4aca6b3ffd6eb3db09f98685"
2019-06-25 18:24:41,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c20f301d4aca6b3ffd6eb3db09f98685 and Element was [saml2:Assertion: null]
2019-06-25 18:24:41,123 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c48345911f936a33848def0a5e4e4029"
    InResponseTo="id-445f9a49bccee2983fa1cb986b588e382a4ad54d"
    IssueInstant="2019-06-25T18:24:41.115Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c20f301d4aca6b3ffd6eb3db09f98685"
        IssueInstant="2019-06-25T18:24:41.115Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_c20f301d4aca6b3ffd6eb3db09f98685">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>+GzJw6LmWQ77zyrhCCzQlsvGhKYWcILLFg4d2SIhvRQ=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>XbvdBfhuGujnOw3zomIuR5cQ79vDEV834tPlRafjY81nSsJ/1tWrPvd7oGDBEO/1spj+VaUQ51CuKIlkyBQ9dsawT38FLnWDxs3S5YUURJJFmHgaYbnkHbnMrjGN/8wGFxeIo0qINxC3oRjR300NNx9h1xOG4tOqCJkbbVby/u8w3gyVyWGoJvV8PT11lIX8F70JjrbzGtE5qW0UubmVzLXnlYz4N+q9DaRjjIjQ6gSplxgOdvtM6InLxKTW48stGPfK3tAMT7R+BQywOBzVMPEYinKWlphOgDqRnrLYYW8xxKbtjrzKKQb6Gz8OAIHh/FI76jDM0cvuaJ2n0vTFgw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://10.1.1.153/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx18oJNr/olRt6o2e/oYC7xLjejGHm+/iY56ZchRV4zZ8/ykXDpZyro9+KMaBOIpMmKABEp+AH4DoyQSp6GL5HdM2PRSLxmf29XKNzli09hq3Z9RXh9wvxOHYqKVFPTEFDlg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="37.133.236.115"
                    InResponseTo="id-445f9a49bccee2983fa1cb986b588e382a4ad54d"
                    NotOnOrAfter="2019-06-25T18:29:41.118Z" Recipient="https://10.1.1.153/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-06-25T18:24:41.115Z" NotOnOrAfter="2019-06-25T18:29:41.115Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://10.1.1.153/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-06-25T18:24:36.058Z" SessionIndex="_511f5d4eede775a2cad5d479ce068fa4">
            <saml2:SubjectLocality Address="37.133.236.115"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-06-25 18:24:41,124 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://10.1.1.153/saml/acs
2019-06-25 18:24:41,124 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://10.1.1.153/saml/acs
2019-06-25 18:24:41,124 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c48345911f936a33848def0a5e4e4029"
2019-06-25 18:24:41,124 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c48345911f936a33848def0a5e4e4029 and Element was [saml2p:Response: null]
2019-06-25 18:24:41,124 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c48345911f936a33848def0a5e4e4029"
2019-06-25 18:24:41,124 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c48345911f936a33848def0a5e4e4029 and Element was [saml2p:Response: null]
2019-06-25 18:24:41,126 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-06-25 18:24:41,126 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://10.1.1.153/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;10.1.1.153&#x2f;saml&#x2f;acs'
2019-06-25 18:24:41,126 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-06-25 18:24:41,126 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'itujPux2dDIaa60oWHMCBYVkjIXXhJT6xrZdHsvgofqCdyrj9TqaAk2g', encoded as 'itujPux2dDIaa60oWHMCBYVkjIXXhJT6xrZdHsvgofqCdyrj9TqaAk2g'
2019-06-25 18:24:41,128 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://10.1.1.153/saml/acs"
    ID="_c48345911f936a33848def0a5e4e4029"
    InResponseTo="id-445f9a49bccee2983fa1cb986b588e382a4ad54d"
    IssueInstant="2019-06-25T18:24:41.115Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c48345911f936a33848def0a5e4e4029">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>XwETaJpGi8k/ahY0rOOpG6HhYMzHGkJ5ba1XQAUFG7A=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>kSHqG9YYPF8kpq65rHZ0/kUEugHOBLGu4k6ihFxAM3G1DoX0Oqay7Q//7ojH47oyU/wRmlrmJPIgO72NTZW6Cx4e6DrooolbUmgoRIX/ZoV+mRH3gM3Q+kQXF3sKidm6p915r73mZkbQSJH7p6n2nf9fcGwe5JM3CQFmbnZXLg+QBoZE+aOWniJt8+YVKf+XyrYP8x288FJ1yw/BRKqFpituVlQKybxW0LIWUVOovzg3SkeFOB8mUgXJxMyaRVVt8w6BSaf1VToH3M3rkgyh9T8QsivImkDNi3FzR8Y0rz981k6WVRKGeFg3amTig698RfvsmO3mVMT3qF6+oJZI2g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_f64dad98d46713204eb6f4a22e6fb8c2"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_25d04c4615315dbcecdc673d2efe44da"
                    Recipient="https://10.1.1.153/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICvDCCAaQCCQCrbyx1vyYkPTANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVteXNlcnZpY2Uu
ZXhhbXBsZS5jb20wHhcNMTgwOTE5MTYxNjA4WhcNMTkwOTE5MTYxNjA4WjAgMR4wHAYDVQQDDBVt
eXNlcnZpY2UuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC02P+G
YV5MkXTAFxBD+HT3Tyztlq7L1NaqM9b1kGSmfuhkzjjn//OQTD2RFBCQmmmwcMFOTfDRPnl0HcGn
3KyJQdHx9okZRlqDUZrSixFDPY4tdd1iO6b5Etx5UEzR41YB4fZhxegDzE9UX2UyjS8L2mMWXTm9
PLIXdh/Vly1peSL5R5qkAuDUv3gkfZm0gB+roQti/kMAnp8PQaSHoKyxJWmSO5kzGJ0NdHHRBeNF
1z3dtzDbMVRvo2F2AV+4CLtXseZDzj1efwACAoBEVwyYXBF78oVpK9VFlx+ewHn5Br/+nMhu1zOk
rLdw16W9EkTAHnCuw+93vz0bD6rNj+X9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAG3ZJyKcF/z0
9tkfjmm6IqaBpuU5EthBUJJ9fmoDtjsnLPckjbm+G2ZvYALXJu4A1PdkoGN0pWmDDEBYmgPdSS9d
saHdT7twQ7+xxiJelxzxcDEvS6jG3yuWd5O3pGju/99gmjmW4aV9W7XKUt0AriU6lly4mo9I+crk
Ey7+OXwy2q0OUMKT9icq+MQNmvmDB/D+bljon0+kr5DodqMbDvQoosHNVEg5VinYAq1gdvAPYxiY
OzDu4mZ+hFbgz74Em3mlVIXEbOCnpObhrccSEYTxC0BzSHZ6D+AyD3nBKYqBnVcdsuBY1TZSaFQr
VbJebemlf9D+m3j1i2uMFbElhyw=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>mQZ0A4pKrHEm+qCcMCOpOXsWf36RWS2zNkU83UWFJqwIWrQeeVZs/f5f2PapKNSj1+yq9ST1RHcRA2zSE/oeQ2GnOKm7G24w6LXoJeG3ZvJCRjv1hI9i5w+IO5hh2w1GecU1kfC8c7nZR5bzT7a2lCI+eoI+FaAIXF3oLnkN6sHt6kroV26eGnMFkz0buk/z23R/RN0di1hZOl1Eepdevv9u6szjslaOnIChLQ22t5NnSFk1rLa2SPrtyj20BH/A7zU5umO5MEiKG64pZJ/RhlsJDkmcwAMIjP76f6w8uS0AVndkqRcUmt+5hariNeuXeyTdokPS7b9CgNJ4yl8V8w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>2ZUr3BlapW6bEm4CXqdznoH1wFFT2s7A6CYXwLyJ8yrCPgovtFBjxP6DMU9kR1gsDVE0kMYsa0jGmWIqrRvdBRGyuH8B1OT3W2+uD2TX/+o3F+Jylz0gcldmFptzJbaExL70mht4liKpNiJFE8qZJFwRhc0E/XYNzKgQMX+ONgXwDs1pRGVTBVxUpbQXB6FvR5nTHaJEpuP6w0hHlvXERjauZmS3XzM07WoZNYHty90h2kqhawwquLjMzTk2AQLo8CiEbiba/H/pDhg7WjGdvtJSJU7GOBokR9WEQ1VhyOvuMvSeN0iHisNS+FeBY0IOBInChnv4f+rzUWUnCjR23p2I2wHJQPe2uB21a4y/oxdn8UFjwK0vhw0vMQbnlMeehXdHLF8iZEFAbNLUZ3l7YnNF/T5DaiHsSMZ6nQp/KvvOfakq/n12fb3cSIRoDgt7trHkuT+373Vc++0a4o/67ZXt3orB9WjPbgzcBzSBOurg7r4o+Jr7/f2HvLg3VugYxT0FkuzsxbQRmp6hhXXDnfRB5DV+YHDBL2zYRJLikdvNFX6GWkJrjlIA2R6PsUhAoHH//k9uPqtl2RvDB1jTeO3AspMBP+hjMU/wdJXBh+utjEkLEkEG47pf+C3byYAQSgk3uJJXCZcxCabIA/EcQJYYawn4ByJQt78DzOfWXI/futNkEdD8vcHKbB/U7uu7wybny1qKPqdkm2JWBexXxdbIdZ39jsB+XsYXm2Ep55B0xx2GGV+uXUMKN70nKD1ISLg6kN548BnROJ/LTIV8KpkFUfTXbXN1R31BQ+yEiuE7UEf7SVuZRutPTtW8uEqGQYLitHidLk0KxastLu/lQqd9jLLDjHElkjARB2npuDr5G4BUp1AQeidTmOLUeNetMOj3DmU8wCIHb0na3mp4dl093KTWEb+0ktlt0vFRyLRAAsXhPKUSY52IBhJdP4EEnIfV6FxW2/9OUDgpR2sFoCyiPkq6aneStonfJDoM5/MLbfDgORWSSGUzqCwpyC2vIHD2hHgQ3XLiQ8geYzI1Ldz336DOqgmyIRqFSG8cx3LDBzKSAn1bugYKqFcIamtGa0rqPKtjJGRfnvI2V8NX9NHR2ggZCQL7EV2IYP0aJSj+WCK2+AIVM6KHTHoXQBuNZh+Wcom+3TxDNINGZl/Qwue8yUv5Qm3Is363dVDHCa6bj6ac2cK+mDTK2/vntDt4D/XSF0yRnF+dXR1wvg16IRUX59dclfDOiNXAXLFYsU+4lUu+l3Er1Zkmi/cuyY7ppxfLwKthgfkP+8JkhLUY/eA6rqvWA1kmvPI0w8TCy5jYZ6/eIv757cpS5KCZTzESCGCe1i9M5aOXoCDgZOWgQU02fbPMbr/kTBUgXgF4k4ElYpUlz8Ac4K2NSyPZF7+1visR9dnCilBOp9p8remqrPUXI1xFmyIV7oDXOhXUboS4l7p8yoebPWegWnIM558oxgBQqkzjaxzMlse/t8EZnyyaNSY0QUgGpqQsthoT6Zz3nl33MVbhyIjappq2ODSmkooXJ27ahd29Ds8MS8QufmuiXoYWH+RpKFAPUMhXRHC2gqa3qKSPcl/YwuNweHqc8BL6vlRM4hDxvR/hzrFqc/vOkMf6pOzXEQC5m/j8+9AtTElLjgawSQ1aaGUl0hhyT0HMgYnWtVFax9/br/Vbpzljy87BwQM8XxeC6A3st4HqF8MUWOYGwvp+SPi1Yeb8rF6uv9v8t/r4T82Crth/srEqB4K3qIbScePO4uWWwHnHnQYa0d3jryRa9M8F8/dtrbiQm63wJ0017lyJrqhK4mmFxHWB08a+mcYFXSuftbttpjFeufQVgICNJeP8Upftoj+O0zju3L1DajBAkaZqRCFhQ1T8rgTP3eb/+/5ODkdJELPqhZSq5BJ+uQEEQzLa4VR+qjBRYdDBulzUf79AK+mzLvrv2IlotjOrYspErx1pSAvmryeEMAiuKDKrFUF9WbHPprU6OpwCFgM2u0eA3TpQHwF36OBYWU8zKK1BaQHT7hptX917Av9DDqO0bigk2Tmb/elIfEftp6gyfD345eNfCk1s1dsYt+xAI+zL7CWauQ2+pINpgG3x9qz0a2EyhvvvQphbNb6COYcP9/AZEYGgjVQVOyFSvkwWC305rJ67aEPXwvIDFbwjwI1zOhIwZIGsbPYACIjAlbNZhNruMJz38FeCIL6gBhpNsxlDq2Vdq6qIVpQBuVmood3fpWk9wxDTpdWpprLHv3kGTSihCfU9OAhdsZB/78PW7u6eQmXJ5lKZEBiz9uPXxGzjzHE87s+ege3hK8RRsJN4MWeeav/2vvLzfwhOsW1buDyW1bfNUpURrTmWtNMrJG+JBoDkQPWohwxlOVpSt/rPPBA/DIUqhE/joRMe0eXuIEhEgpc2JPqTFt1rqdt7U+XQi9Ol6XWXphj0tUJiCIee/JlY66ed9E+c2OOvYARmZNydbOECN3bwB+JtqbJjJP5IPNcfClyKDZ4Vwv9zR3HN/pzKLq+d0iRK/PeJ/hb61BtOeZF2vwinIf2SgPp8z8OJyFjbjiGAzEO+HvJaN0p50sUQN06hbP71KxElXBbAfW3lFf0co2DhVEt+ZZYrbzEcf+z+OnclnayM/zXQotNp1fqju+6KjVZSsLb6LlgHiDfnUMTVdrI0Tkt8yfEx5r49H+fJ5xefqfsq0BC8w+v/jsUqvrchFKoHSJZVNMMhHf3gsyBew/8kdvMXdvAo53lTJKKBXHixMAO8Ctuv13ZCf/gduOyja+32yZwWkJQVRcf+EAAU/YA15P/qeNJo91waJjGIEdxPIoimrZhb9nL4lQN5TVJFkFOIo8grdkle3l5a1y7ir6RhpI92UxSALoyv8T7s1v+sIDTaIRwS9Y6r318QOU0L6x6rr6oxxbU+y9oYgtIw0PwUL+DxB+uPBLw0a1fIh2Wwg0pv7l5WFwS9IjdEeZ9HE6/jYjaDYblFVOdhNWnrnje4ZIfhO7AZludQqahsJV991Y5UkQpdWkmNr43uqYmddHk4MAQ5Ghlbz6RmzpnxulnkUGEmgJzwqklFxWgVHMuelR5hyw2PwTs729b5uXCq2jwOPSoWzwHoeKasm408nVzjDe4rJbDQhDoV33BlJh0M3HFYCd69spEIq7mcW0fg9ZeC0sa+DQeCx9FcpRS7QUKpH0l/pgaZcAQ/L9MQY3WhhN98IGL8gc0zzcf9QmDuCHmk/Hx0n/w1JRzFLBkEjLIrXAC0x2xSpEQ/+4viX7bkvwwE5FyEqhoEYjfjBLU0RlhCpWW0dUir+VLlpTIAuR/7Xdbu8u5Yg7dgXb/wWMLgb/q3WkTkpuB7MYVS1vVHfEB2oN8/uABe6LPE+ZZWHKUsSbv2FVSJLPe1kSJsAIKYD6xorAwVA8DY0MwGWsMwT/15wujuRQvEhwU/Iwyp/YAGfr1+I/gBbHSd+kjXvq8n71ev+JfkmSGZFUG242Wmq2ILsyNiDPbDo+VVjOiCK/Q9HaDfq7XrRxiFQqJ+vNU2f+fiuu24HEsj7CegwXhzZw9FWhotqDv9JfKPKSbZZz5ZdvJZJmUp5QddKHD1jdaTOz/u9MJjI1McQUdosetx1nNORBicEYK52wWngIzZnC4FkvFqTvmVlhnuaZcfC2E2r8+xOq4UE4XRcfKU6OLWKz7NrnVsuP/5V3tgFqiQ9oKceoQsP6xZC8UKjgTEHAwwyWT5aHFgZTPLgIy/mJVgRMWv91rwUWVTUCMNjG3qgJSc8veaLnXY4kcjvdERLk2lPOswDcLVjaNBqo5J/kSGL080sGModzcdvnP+QTwoQLjlL8vZz7HmU1CiDbKoEgBibvkosiW7TZ//mDhZ8tQkKLf1NoQB+Kwzc2t0QT3Pi9ieqIwMJM+ZsswhhqY6v/HNifpdFgfg/bF1bwI/zVpW/szPTCuTUOaUgdaPKBDZxb0MlHTuaHCvt4ctaDEBhnaYvM9fBjaQ9TF54aoi15DuFcdqeBml9v7rIhGCwl644+aI3AWQCXF3Dcn6UiEmM9kbSJYfXYxYnBL3C037vZDYJxUg546Dt/zjEAuiZ/e+1oa5ADHnzzoqkQH8P9JKQ7uTCeaQLMQmpR0iBA9YGQZn/ZbKLqqhLizDnTy0harwLB96sdp1u5NhkXtBpQYkqTiXH2n2tuBXaacTnnDAnQzg+RrcKm70utAkPODPmqmZ4ziI4Ob+bRtq8FHexuV+XCDE1Ttuu9DVOISEK8HibGmfuaK3Zl/qwr2q2b4mVeAnElb1Fm57dZFbN8hBad+yJovRw2fdPDHemsdLbJUTLgrDYBIzuZIDvTvedjHAZS6uldX2hcawdc60xUKAel3hzJA8iHkfC4qUi3Mp95cOyZzUalV5cwAtu7Kk+gKpScKEJoyOC91PY/UAGLpd2sOQGxMUIUPJ1fLMcQZa/q12ErNj0e5260pHL6ODU6wHJUQgA4cvpqwkoP6cmTcvg2a/meDivtervZ4TspeI6eh4yXZsaCAYWdmFSjZxoitxhtaXlMqNM5/tZ/UMyhUNx8wuy31KpoPZ0jhmVLQdh5OFm1xDyIhTdhg6WQWiUi7VrXt3odiCPGLLS/cQARCkQAR32CnJ9Zlz4fnVSnbPExPtDNkQsxSW+XWEZCaXV7tEgEtjcH7g959S8vtklopyOINMGOr/VHpWxWZCq11T3cMcd0BuX1JssIg8NiVk8+NuFWDSsz+6AiQZd72Um5vg+ZeHnMsjdMnVQV4jI+rGWx5F+tGZ4Y7qva1QS3fIdLqiXP1iBHgCdbIo27+8wrKX2EG3eYt23kDb14yVQg+rQpXZN395UbLiwcoNjEnJNIehoxxBvjQJYS8SO/7+ZNIvm1oHbEOAASBlcAbNES/sgBx15GzCC6Q7kl9lIdwnA0xFQS9daYzc/YftALYUGRx3WE/CR0dJ1XKdK5772cZkddCttcW5poBYippOOdZgv9S4cbkHF8FnanNtS+OtKlNeD8x5DQLLq0Pu16rfdxS6wOHL64XBXXWfLZ/7k2v/dWG9ANPlG3OsW5KyxooWtnOn5tF2vS9nD2RmWjezBrNGrugZiW80nMTnp4ALxo4k68I3BZr8VH7sohm7G68vLRH9YHGHYeXUS43KsgS4B1o9cPcPVXINy0IVr9S+zGpaWYra/29FbHqL18ZfmGwQ48jwTaMEUlA5no9EoRqUs7mt6IeiSlMRSOhekji28gnkL8e+ZDEhSwAaEQ/beID0UuyiVDLsQ0NX15LZLwY0GXR0yGSERaYjm2RBPV+XTNwJrX6jsQWeyVbeuYs1r0wGbQ9ISKZoEonU3UmGJZTTG9oI+D/IKo1TU/OYXv0skNBKrvbqwJTZ+1BOARMZOdaG+y3wRtZBNUTn6X7dmVARzCLlPmmr02lIpg5qDK0p7g2KWqlr2QM9ozkgtKYkhjST4rkVtr09CwiDS9iiErZPuEDfJAsI8Zp3bd3Qv7z3a1++CTjOnhPaFsrT43IQLXG6gGwGPpm4KHtHrVwh3CzdKDVGuLq8ZoZ/UTsyDK88daizQ6WpBZfw2TeMdF22tlBiw2evUnrgjpyfzyHdJykWVi0ekTRGnIsMLn57v1mvLwivERS5d1RuUW4fiOs2Pg4zbgjUpoi2IRpM1knm/RUzrXPJ6uXPMmNnKFAO1Uo787lq0FWgceLzjmuKC2ijLtN1q7U+DitSLFHRVN+sgiUgR9CCGjVqwjKHUy+kDe93w5JWnXCgbdypxaXFWuK4gXRWsf4p77LmWolrPiIaWRVWDI5sdrPCjuhcPUUOQVQ/FpZxFJgDWZtsWiY8JRDvBmpRLdR5PQQiUEV8vQ4fOa2hv8q2a8ZZCljkliOcL3SP+ymu+k335s7Hk3mvrAhvQBS13B9omLV8JLRcd9LtseY/eqdbgWbvGd0k+jVlpwSevSqir3ESyk709RPHUVaW0NeCtrgB3QjCE/hmjgZyYT1KtYwyAtxeW7zgCCOinx6jl3x7tHK3gfH8nVgZT/26d3jdt82uRCi4fVrg8KfXVu6GWhVnSOXUQNc2+IKkK2I4e0N/tjOSCV3QTt8MbG5MXoPbfEApKBloBdubgL0V5VZqCxWR7GnOvxY9uLE7B5yfLcq9b0QdrI0+YrOUgx5868BA9VMeEADMRwO6TR8udGfq7payXXhkorMjmHTci3q8Mmgox4p3uQFemPkDujnyJj5R+ibuORIxLAlT5w+AeSAs9MMl/BTSB4NVYStQ/7yP479J5Nqlt1MDsRaQyUwBUDU/30QWWe18wDG9IQMMV3JFIosaIbTIx6ZBDP2VIPUuDCpyk/RXL4TiN5OJJx9z8AZMGUKI74wYWNLZdvIgmNPeGMHbUYn4thx+AAfG0PLYssvOVl5m4knfmi06RwhSTmC0FwRHL/4fWP/wakaQCwxJsg71RSoZp5qtIDd5phkHVTkT7ZqT4zdV4qYtBw2yPl6qFiGRY4v+IvXBN6yoXNm4Lm4xUZq0woSFOznGlh9qUIUj2HW8m32ajBH/UabDuhIyBBmxVAu8+C4Ng4VEsVln9v9Sn2mUratPjyABEKFUA/wxwqetc37ziR/xJRQYfVd3dsfuYJUTh5YkWglNKQV/wcdCW0EVC0vR5PdnsGggmuRF7qRtwhW+ET94TvJgf0mQlitpUKuTcGRmSLcqw9qWvk1T92BOry9Vm+L2lLwq/hnLKCbQSsZwdJCnWnHycr8u8Fl1w29xOgum3BgJgFSIYH8GTdlmwLDRMcSudLCJeLzIHZLHy/lm5n11Vm77Tha228r5H7Jmh23/Ho1PW2ckGUu1FEv56pflGQokJ8Yfh8GOQTTObp9S+BpLUvD70pTfjrqEm7KNQ5yUoNFilXoJAHA6MkpPnB5HpRSVvsZlhJ8evtglkRp5dL5LLlDWVwCdEChSOO5RBB+efXF9dj6MDcWO+Uh3ZBxYNoXIwXcM3UkNOH2OhmhjIYmZf5sG7h2dp3ZY3gmTFLcMK8qXoEKHsMTa7/A20HXR+o62rGOUVWQx9sFvhLU4n8CJyv1oS5xKGDs9jEL9sLpcVFN+DOl1u4quGw53kC2TQN18jzAO50j/a5VAveqW5H7CnGJB+dXU5OjDL8ymxRDb9bp4wlNPIqsuh/zHHpi6g9Ou5uLjnYKwmwzK/tCfLQIYCURcR16PIXxUqu4edCmpTAAUwQQUp/k46uPE+YYMGWT3u5H59njKHMzCy4pBzz8kHX8LjGBRo/eSdXaE/uDrFsh4m5+Gljb5ZGrm1PCAlRV2dt7wD7n69AbL9Y6ot/0RybaH+psWKDDh0a2uvBMVfDXNjvlh7GUpCFH5x+Lx54Z3z+Oz5QHGeZb0YSss4Sa+0xlu1fsFkpGfz3j7iirORnNGdqhx6jRU2c+YYA7BPNMfMJsHsMOB1LFq6Co6cM9/kIMIUnzfZTXoQ8kOv//L65Kc4p1vCmiHXY1iiMqSL/3rGd5DVTnLEtKpeCGYaJE2VkQLWf67IogwT2paUjcmH5wUrzoPmGep9H3X6ynIpcJzcJs/rR0jltqIxmwxA2tAYdfPrlAA2xJ4Vxc1y6BEikNIFCkvX7/fIodGyoYrSvt4DuxhAp2pURNP9BUwMiDa0JuDN/ndE6dUrVN+dMoA5XjAfUiI55+4cpRHKUrD+WruTwxwqE15cQ6B/QCH+DX1Xl0OzB+XC3NZwTlYtX/VifT51dHNAXm3AYstLnv7O/YfM0FXZ8PkwFqUX2isfN0xC3hFjouzFsio0GXSzSMj0vZEBHtW91dUW2/tLfPOUThr/HbfUb84zGfR1Fi2FUbzO0LI/5tgfa195gwFEipMIqeecgG4L9NDiwokuYdhaUc5ALMDQdR2LXqHUcq2te9CPogBtYY6itoKK7Ay98vIVcc6fxls5A+ip6Y4hmOajmyFefMwkuyJfILo6Yv1lAnhT7sPouAHrw9eYZqI</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-06-25 18:24:41,128 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-06-25 18:24:41,128 - INFO [Shibboleth-Audit.SSO:?] - 20190625T182441Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-445f9a49bccee2983fa1cb986b588e382a4ad54d|https://10.1.1.153/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c48345911f936a33848def0a5e4e4029|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx18oJNr/olRt6o2e/oYC7xLjejGHm+/iY56ZchRV4zZ8/ykXDpZyro9+KMaBOIpMmKABEp+AH4DoyQSp6GL5HdM2PRSLxmf29XKNzli09hq3Z9RXh9wvxOHYqKVFPTEFDlg==|_c20f301d4aca6b3ffd6eb3db09f98685|
2019-06-25 18:34:20,213 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:34:20,213 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:34:20,214 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:34:20,214 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://demo830synpipe.dnvgl.com/forward-auth/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_2aba89393abcb2cf416a" IssueInstant="2019-06-25T18:34:19.831Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://demo830synpipe.dnvgl.com/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:34:20,219 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://demo830synpipe.dnvgl.com/]
2019-06-25 18:34:20,219 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-06-25 18:34:20,219 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://demo830synpipe.dnvgl.com/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-06-25 18:34:20,219 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-06-25 18:34:20,219 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://demo830synpipe.dnvgl.com/
2019-06-25 18:34:20,219 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://demo830synpipe.dnvgl.com/)
2019-06-25 18:34:20,220 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-06-25 18:34:20,220 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:35:44,241 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:35:44,241 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:35:44,241 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:35:44,242 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://demo830synpipe.dnvgl.com/forward-auth/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_a887d57274a50391a6b6" IssueInstant="2019-06-25T18:35:44.147Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://demo830synpipe.dnvgl.com/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:35:44,246 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://demo830synpipe.dnvgl.com/]
2019-06-25 18:35:44,246 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-06-25 18:35:44,246 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://demo830synpipe.dnvgl.com/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-06-25 18:35:44,246 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-06-25 18:35:44,246 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://demo830synpipe.dnvgl.com/
2019-06-25 18:35:44,246 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://demo830synpipe.dnvgl.com/)
2019-06-25 18:35:44,247 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-06-25 18:35:44,247 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:35:44,896 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:35:44,896 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:35:44,897 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:35:44,897 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://demo830synpipe.dnvgl.com/forward-auth/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_a887d57274a50391a6b6" IssueInstant="2019-06-25T18:35:44.147Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://demo830synpipe.dnvgl.com/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:35:44,897 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://demo830synpipe.dnvgl.com/]
2019-06-25 18:35:44,897 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-06-25 18:35:44,897 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://demo830synpipe.dnvgl.com/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-06-25 18:35:44,898 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-06-25 18:35:44,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://demo830synpipe.dnvgl.com/
2019-06-25 18:35:44,898 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://demo830synpipe.dnvgl.com/)
2019-06-25 18:35:44,898 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-06-25 18:35:44,898 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:36:01,469 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:36:01,469 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:36:01,470 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:36:01,470 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://demo830synpipe.dnvgl.com/forward-auth/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_7696e8b6fb818ea523d4" IssueInstant="2019-06-25T18:36:01.390Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://demo830synpipe.dnvgl.com/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:36:01,474 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://demo830synpipe.dnvgl.com/]
2019-06-25 18:36:01,474 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-06-25 18:36:01,474 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://demo830synpipe.dnvgl.com/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-06-25 18:36:01,474 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-06-25 18:36:01,474 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://demo830synpipe.dnvgl.com/
2019-06-25 18:36:01,475 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://demo830synpipe.dnvgl.com/)
2019-06-25 18:36:01,475 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-06-25 18:36:01,476 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:36:47,348 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:36:47,348 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:36:47,348 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:36:47,348 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://demo830synpipe.dnvgl.com/forward-auth/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_96f124097ef1370ff5d3" IssueInstant="2019-06-25T18:36:47.268Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://demo830synpipe.dnvgl.com/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:36:47,352 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://demo830synpipe.dnvgl.com/]
2019-06-25 18:36:47,352 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-06-25 18:36:47,352 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://demo830synpipe.dnvgl.com/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-06-25 18:36:47,353 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-06-25 18:36:47,353 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://demo830synpipe.dnvgl.com/
2019-06-25 18:36:47,353 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://demo830synpipe.dnvgl.com/)
2019-06-25 18:36:47,353 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-06-25 18:36:47,354 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:37:02,718 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:37:02,718 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:37:02,719 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:37:02,719 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://demo830synpipe.dnvgl.com/forward-auth/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_1277e60c04aee9c53036" IssueInstant="2019-06-25T18:37:02.634Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://demo830synpipe.dnvgl.com/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:37:02,723 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://demo830synpipe.dnvgl.com/]
2019-06-25 18:37:02,723 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-06-25 18:37:02,723 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://demo830synpipe.dnvgl.com/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-06-25 18:37:02,723 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-06-25 18:37:02,723 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://demo830synpipe.dnvgl.com/
2019-06-25 18:37:02,723 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://demo830synpipe.dnvgl.com/)
2019-06-25 18:37:02,724 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-06-25 18:37:02,724 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-06-25 18:38:12,628 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:40837b09f462099cda33a8f01b98505afa1c55c19d5d5e22e40c507d7e8882f0
2019-06-25 18:38:12,628 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:38:12,628 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:38:12,629 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_ca207ecaa523558c30021e1639800cfc"
    IssueInstant="2019-06-25T18:38:12Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://saskatchewan.eperformanceinc.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-06-25 18:38:12,633 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://saskatchewan.eperformanceinc.com/shibboleth' from origin source
2019-06-25 18:38:12,633 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-06-25 18:38:12,633 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-06-25 18:38:12,633 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-06-25 18:38:12,633 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-06-25 18:38:12,633 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-06-25 18:38:12,634 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-06-25 18:38:12,634 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-06-25 18:38:12,634 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://saskatchewan.eperformanceinc.com/shibboleth
2019-06-25 18:38:12,634 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:38:12,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-06-25 18:38:12,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:38:12,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-06-25 18:38:12,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-06-25 18:38:12,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ca207ecaa523558c30021e1639800cfc', issue instant '2019-06-25T18:38:12.000Z', entityID 'https://saskatchewan.eperformanceinc.com/shibboleth'
2019-06-25 18:38:12,635 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://saskatchewan.eperformanceinc.com/shibboleth' does not require AuthnRequests to be signed
2019-06-25 18:38:12,635 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-06-25 18:38:12,635 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-06-25 18:38:12,635 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-06-25 18:38:12,635 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-06-25 18:38:12,635 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-06-25 18:38:12,635 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://saskatchewan.eperformanceinc.com:444/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-06-25 18:38:12,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-06-25 18:38:12,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-06-25 18:38:12,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-06-25 18:38:12,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-06-25 18:38:12,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://saskatchewan.eperformanceinc.com/shibboleth
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-06-25 18:38:12,636 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-06-25 18:38:12,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-06-25 18:38:12,639 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-06-25 18:38:12,640 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-06-25T18:38:12.640Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-06-25 18:38:12,640 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-06-25 18:38:12,640 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-06-25 18:38:12,640 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-06-25 18:38:12,641 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-06-25 18:38:12,641 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-06-25 18:38:12,641 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-06-25 18:38:12,641 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-06-25 18:38:12,641 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-06-25 18:38:12,641 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-06-25 18:38:12,641 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-06-25 18:38:12,728 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saskatchewan.eperformanceinc.com'
2019-06-25 18:38:12,728 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-06-25 18:38:12,728 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-06-25 18:38:18,530 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2019-06-25 18:38:18,530 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-06-25 18:38:18,530 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-06-25 18:38:18,530 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://demo830synpipe.dnvgl.com/forward-auth/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_17f0d558d08a6f282179" IssueInstant="2019-06-25T18:38:18.119Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://demo830synpipe.dnvgl.com/</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2019-06-25 18:38:18,536 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://demo830synpipe.dnvgl.com/]
2019-06-25 18:38:18,536 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-06-25 18:38:18,536 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://demo830synpipe.dnvgl.com/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-06-25 18:38:18,536 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-06-25 18:38:18,536 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://demo830synpipe.dnvgl.com/
2019-06-25 18:38:18,537 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://demo830synpipe.dnvgl.com/)
2019-06-25 18:38:18,537 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-06-25 18:38:18,538 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally