2022-05-21 09:03:09,146 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT11SHM2bGtqZmNQbkFCQnU0NHlEY0V6ZjdOT0E4UktiR3R1UEsxMmo4OExzJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1MUVQ2eDBoODRVJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2022-05-21 09:03:09,146 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:03:09,148 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:03:09,149 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<ns3:AuthnRequest
    AssertionConsumerServiceURL="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="idbcec136a45c64efaa1aa6031b92339ad"
    IssueInstant="2022-05-21T09:03:08.755Z" Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#">
    <Issuer>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</Issuer>
    <ns3:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</ns3:AuthnRequest>

2022-05-21 09:03:09,169 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' from origin source
2022-05-21 09:03:09,169 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:03:09,169 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:03:09,169 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:03:09,169 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:03:09,169 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:03:09,170 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:03:09,170 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:03:09,170 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2022-05-21 09:03:09,172 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:03:09,173 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:03:09,173 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2022-05-21 09:03:09,173 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'idbcec136a45c64efaa1aa6031b92339ad', issue instant '2022-05-21T09:03:08.755Z', entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:03:09,174 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' does not require AuthnRequests to be signed
2022-05-21 09:03:09,174 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2022-05-21 09:03:09,174 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:03:09,174 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:03:09,175 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:03:09,175 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:03:09,175 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:03:09,175 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:03:09,176 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:03:09,176 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:03:09,176 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:03:09,176 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://global-login.sandbox.streem.cloud/samlv2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2022-05-21 09:03:09,176 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:03:09,176 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:03:09,176 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:03:09,176 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:03:09,176 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:03:09,178 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2022-05-21 09:03:09,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:03:09,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:03:09,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:03:09,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:03:09,178 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2022-05-21 09:03:09,178 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2022-05-21 09:03:09,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2022-05-21 09:03:09,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2022-05-21 09:03:09,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2022-05-21 09:03:09,189 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:03:09,190 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:03:09.190Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:03:09,190 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:03:09,191 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:03:09,192 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2022-05-21 09:03:09,284 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2022-05-21 09:03:09,285 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:03:09,285 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:03:15,048 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2022-05-21 09:03:15,048 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2022-05-21 09:03:15,048 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1154312726::identifier=morty, context=org.apache.velocity.VelocityContext@4b56be20]
2022-05-21 09:03:15,050 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1154312726::identifier=morty, context=org.apache.velocity.VelocityContext@4b56be20]
2022-05-21 09:03:15,051 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2022-05-21 09:03:15,051 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:03:15,051 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:03:15,052 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2022-05-21 09:03:15,052 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2022-05-21 09:03:15,052 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:03:15,052 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2022-05-21 09:03:15,052 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ae33d213aedeb79b4446f0b28a8e37ed61f81e811f876fa1f8a1fb51e5d354c6 for principal morty
2022-05-21 09:03:15,052 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session ae33d213aedeb79b4446f0b28a8e37ed61f81e811f876fa1f8a1fb51e5d354c6
2022-05-21 09:03:15,053 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2022-05-21 09:03:15,054 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2022-05-21 09:03:15,055 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@51a4e8af'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2022-05-21 09:03:15,056 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2022-05-21 09:03:15,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2022-05-21 09:03:15,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:03:15,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2022-05-21 09:03:15,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2022-05-21 09:03:15,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:03:15,147 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2022-05-21 09:03:15,848 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T090315Z|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1684659795848}'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942]' as '["morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942"]'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@51a4e8af'
2022-05-21 09:03:15,848 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:03:15,849 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:03:15,855 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:03:15,856 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _825484558c399f9559d248a54b238830
2022-05-21 09:03:15,856 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _825484558c399f9559d248a54b238830 to Response _8994c4ba0a65187057ff67cd0137f0f3
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _825484558c399f9559d248a54b238830
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2022-05-21 09:03:15,856 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:03:15,857 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2022-05-21 09:03:15,857 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 20.83.144.189
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to idbcec136a45c64efaa1aa6031b92339ad
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://global-login.sandbox.streem.cloud/samlv2/acs
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _825484558c399f9559d248a54b238830
2022-05-21 09:03:15,857 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _825484558c399f9559d248a54b238830 did not already contain Conditions, one was added
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T09:08:15.849Z, to Assertion _825484558c399f9559d248a54b238830
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _825484558c399f9559d248a54b238830 already contained Conditions, nothing was done
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _825484558c399f9559d248a54b238830 already contained Conditions, nothing was done
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 as an Audience of the AudienceRestriction
2022-05-21 09:03:15,858 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _825484558c399f9559d248a54b238830
2022-05-21 09:03:15,859 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 to existing session ae33d213aedeb79b4446f0b28a8e37ed61f81e811f876fa1f8a1fb51e5d354c6
2022-05-21 09:03:15,859 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 in session ae33d213aedeb79b4446f0b28a8e37ed61f81e811f876fa1f8a1fb51e5d354c6
2022-05-21 09:03:15,859 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:03:15,859 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 and key C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U
2022-05-21 09:03:15,860 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:03:15,860 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:03:15,860 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2022-05-21 09:03:15,860 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2022-05-21 09:03:15,862 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://global-login.sandbox.streem.cloud/samlv2/acs
2022-05-21 09:03:15,862 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://global-login.sandbox.streem.cloud/samlv2/acs
2022-05-21 09:03:15,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8994c4ba0a65187057ff67cd0137f0f3"
2022-05-21 09:03:15,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8994c4ba0a65187057ff67cd0137f0f3 and Element was [saml2p:Response: null]
2022-05-21 09:03:15,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8994c4ba0a65187057ff67cd0137f0f3"
2022-05-21 09:03:15,862 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8994c4ba0a65187057ff67cd0137f0f3 and Element was [saml2p:Response: null]
2022-05-21 09:03:15,865 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2022-05-21 09:03:15,865 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://global-login.sandbox.streem.cloud/samlv2/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;global-login.sandbox.streem.cloud&#x2f;samlv2&#x2f;acs'
2022-05-21 09:03:15,865 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2022-05-21 09:03:15,865 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT11SHM2bGtqZmNQbkFCQnU0NHlEY0V6ZjdOT0E4UktiR3R1UEsxMmo4OExzJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1MUVQ2eDBoODRVJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2022-05-21 09:03:15,866 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT11SHM2bGtqZmNQbkFCQnU0NHlEY0V6ZjdOT0E4UktiR3R1UEsxMmo4OExzJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1MUVQ2eDBoODRVJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy', encoded as 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT11SHM2bGtqZmNQbkFCQnU0NHlEY0V6ZjdOT0E4UktiR3R1UEsxMmo4OExzJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1MUVQ2eDBoODRVJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy'
2022-05-21 09:03:15,867 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="_8994c4ba0a65187057ff67cd0137f0f3"
    InResponseTo="idbcec136a45c64efaa1aa6031b92339ad"
    IssueInstant="2022-05-21T09:03:15.849Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8994c4ba0a65187057ff67cd0137f0f3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>/AZZ+sZrZobG1Bva5FDU/xzBMt0EWlwKr+hzNCn7UgI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>OU2Qa51/0QGLKbl0AC+B5oBZqTJ6XvUNdr2/NSc7t5nlRKIpUo9mKBwGwhgJGc6hc5XmuMe0gtWIBUUGj96tlRyxyHnEW5CG95sW4lmdECruf86rzCmZZKsvgpMP+jt1jDo+jkEM0cd7I/5VVVJBjcKbSfV4/Abt105RWH00sogXGJSQ5vBY3JOLG60ZQJagNiOShaudNTgYbgPri3hs9snMSW16h9zdJTialiZmNfCwrN7tBw1T80wglQbRMw5oNogq3T2fljQUBhMT3TE3mJMFhPA6Ql+HHw2aM0BiQEAa1wFdtNWKEyTsUOIsWGg3vVT0EcgcdGmc5q3N/u7J8A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_825484558c399f9559d248a54b238830"
        IssueInstant="2022-05-21T09:03:15.849Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="20.83.144.189"
                    InResponseTo="idbcec136a45c64efaa1aa6031b92339ad"
                    NotOnOrAfter="2022-05-21T09:08:15.857Z" Recipient="https://global-login.sandbox.streem.cloud/samlv2/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:03:15.849Z" NotOnOrAfter="2022-05-21T09:08:15.849Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:03:15.051Z" SessionIndex="_56e8880dd68705a2b67b5799253b944f">
            <saml2:SubjectLocality Address="20.83.144.189"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:03:15,867 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:03:15,868 - INFO [Shibboleth-Audit.SSO:?] - 20220521T090315Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idbcec136a45c64efaa1aa6031b92339ad|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8994c4ba0a65187057ff67cd0137f0f3|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U|_825484558c399f9559d248a54b238830|
2022-05-21 09:04:13,933 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:04:13,934 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_1c0945pes82k1jvv44c77s2lnybzg51jk44a" IsPassive="false"
            IssueInstant="2022-05-21T09:04:13.208Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_1c0945pes82k1jvv44c77s2lnybzg51jk44a">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>5heB7+qqQ5JvXoM5rQBg9WRzTNk=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>gMYCQsjjwTp3ZvsQY4/t5/xMoPNDiNfD8pw6sClyxH4wVU7WgXuybQaZmwBe8d6RlwEYps0yOowoU5vn0s91mLf8E5kazA918RUYaBZB0ll8uKoWKm/DCoePqNUk+jf2FhN1Rb4HzdMPB2EQanaVgXRFKXCBuxLa/hHRx6rmOeY=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:04:13,942 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2022-05-21 09:04:13,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:04:13,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:04:13,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:04:13,942 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:04:13,942 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:04:13,942 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:04:13,942 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:04:13,942 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:13,943 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:04:13,943 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:04:13,943 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:04:13,943 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:04:13,943 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:04:13,943 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:04:13,944 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1c0945pes82k1jvv44c77s2lnybzg51jk44a', issue instant '2022-05-21T09:04:13.208Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:13,944 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1c0945pes82k1jvv44c77s2lnybzg51jk44a"
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1c0945pes82k1jvv44c77s2lnybzg51jk44a and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1c0945pes82k1jvv44c77s2lnybzg51jk44a"
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1c0945pes82k1jvv44c77s2lnybzg51jk44a and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1c0945pes82k1jvv44c77s2lnybzg51jk44a"
2022-05-21 09:04:13,945 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:04:13,945 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:04:13,946 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2022-05-21 09:04:13,946 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:04:13,946 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:04:13,946 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:04:13,946 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:04:13,946 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:04:13,947 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:04:13,947 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:04:13,947 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:04:13,947 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:04:13,947 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:04:13,947 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:13,947 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:04:13,947 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:04:13,947 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:04:13,947 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2022-05-21 09:04:13,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:04:13,951 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2022-05-21 09:04:13,951 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:04:13.952Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:04:13,952 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2022-05-21 09:04:13,953 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2022-05-21 09:04:13,953 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@830262297::identifier=rick, context=org.apache.velocity.VelocityContext@411599a1]
2022-05-21 09:04:13,954 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@830262297::identifier=rick, context=org.apache.velocity.VelocityContext@411599a1]
2022-05-21 09:04:13,956 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2022-05-21 09:04:13,956 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:04:13,956 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:04:13,957 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2022-05-21 09:04:13,957 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2022-05-21 09:04:13,957 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:04:13,957 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2022-05-21 09:04:13,957 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 6d41f53a5bd084f0e0119a6d87adb02ed9fcd7f15e0330b5da24bca03284a0be for principal rick
2022-05-21 09:04:13,957 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 6d41f53a5bd084f0e0119a6d87adb02ed9fcd7f15e0330b5da24bca03284a0be
2022-05-21 09:04:13,958 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2022-05-21 09:04:13,958 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:04:13,958 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:04:13,958 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:04:13,958 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:04:13,959 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:04:13,959 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:04:13,960 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:04:13,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:04:13,962 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e115b3b6be4111957717463de6000ffb
2022-05-21 09:04:13,962 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e115b3b6be4111957717463de6000ffb to Response _fd5326809fed3671dbc1cafa6c123c5b
2022-05-21 09:04:13,962 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e115b3b6be4111957717463de6000ffb
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2022-05-21 09:04:13,972 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxVet9RIZPqvl1RVNAhCMfGnsXBPSC4ULdXKFNpc3frluQ4c58F1x0rGc2NGKyYe/0PMV48AB030IV7aPwiUsbUoSPJG8p12y/yeQixLKRJ5YZwOHPGOi4jHjJ+uEyiPFeHqxfuoc6lCmQ5Bz5 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _1c0945pes82k1jvv44c77s2lnybzg51jk44a
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e115b3b6be4111957717463de6000ffb
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e115b3b6be4111957717463de6000ffb did not already contain Conditions, one was added
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T09:09:13.959Z, to Assertion _e115b3b6be4111957717463de6000ffb
2022-05-21 09:04:13,974 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e115b3b6be4111957717463de6000ffb already contained Conditions, nothing was done
2022-05-21 09:04:13,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:04:13,975 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e115b3b6be4111957717463de6000ffb already contained Conditions, nothing was done
2022-05-21 09:04:13,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:04:13,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2022-05-21 09:04:13,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e115b3b6be4111957717463de6000ffb
2022-05-21 09:04:13,975 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _e115b3b6be4111957717463de6000ffb did not already contain Advice, one was added
2022-05-21 09:04:13,976 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 6d41f53a5bd084f0e0119a6d87adb02ed9fcd7f15e0330b5da24bca03284a0be
2022-05-21 09:04:13,976 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 6d41f53a5bd084f0e0119a6d87adb02ed9fcd7f15e0330b5da24bca03284a0be
2022-05-21 09:04:13,976 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:04:13,977 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxVet9RIZPqvl1RVNAhCMfGnsXBPSC4ULdXKFNpc3frluQ4c58F1x0rGc2NGKyYe/0PMV48AB030IV7aPwiUsbUoSPJG8p12y/yeQixLKRJ5YZwOHPGOi4jHjJ+uEyiPFeHqxfuoc6lCmQ5Bz5
2022-05-21 09:04:13,977 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:04:13,977 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:04:13,978 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e115b3b6be4111957717463de6000ffb"
2022-05-21 09:04:13,978 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e115b3b6be4111957717463de6000ffb and Element was [saml2:Assertion: null]
2022-05-21 09:04:13,978 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e115b3b6be4111957717463de6000ffb"
2022-05-21 09:04:13,978 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e115b3b6be4111957717463de6000ffb and Element was [saml2:Assertion: null]
2022-05-21 09:04:13,982 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_fd5326809fed3671dbc1cafa6c123c5b"
    InResponseTo="_1c0945pes82k1jvv44c77s2lnybzg51jk44a"
    IssueInstant="2022-05-21T09:04:13.959Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e115b3b6be4111957717463de6000ffb"
        IssueInstant="2022-05-21T09:04:13.959Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_e115b3b6be4111957717463de6000ffb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>M09rFvrXThEB2vH8AO8SGP3A0kOPeLwvQiVZFsGbs2o=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>HvDWGxQ+OvvKAyCvJtEoGYg23rWLDgVamFotYRYD1vub1McSTOeu0Z4RyCq3Od1JqH8Qo5nAO6qd8ZbGVnrWXWvPmmjD8VZbSqKJi6YP/3GCREUXDPko5FJx1UILpjF7oEuOJZEvqJnyx/ZX5hMgwKo/SiqKrjChNoPO3+xcDD7lJaCK1MRngYOaAnSudEjfGz64TtLvQo/8i7j+Zk3LeBIEtdJuu7iUjWtDsrNKtaFeaJhCN8Kso45wrdeoz/NUm16q2fHaiEUu2ixLJaBQYXsEJoyaMDyygesrP9nmXvKqUWjgRWif3DVHPb6Kf8gerKWNb+3086CI++luSfgVLw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxVet9RIZPqvl1RVNAhCMfGnsXBPSC4ULdXKFNpc3frluQ4c58F1x0rGc2NGKyYe/0PMV48AB030IV7aPwiUsbUoSPJG8p12y/yeQixLKRJ5YZwOHPGOi4jHjJ+uEyiPFeHqxfuoc6lCmQ5Bz5</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_1c0945pes82k1jvv44c77s2lnybzg51jk44a"
                    NotOnOrAfter="2022-05-21T09:09:13.974Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:04:13.959Z" NotOnOrAfter="2022-05-21T09:09:13.959Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">SWVXaQpLaOJrXzm4W58dVS8kv1ktMmofl3DjuTpEUGk=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:04:13.956Z" SessionIndex="_ff8bf689d67481040241d9ac98a06dc5">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:04:13,986 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:04:13,986 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:04:13,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fd5326809fed3671dbc1cafa6c123c5b"
2022-05-21 09:04:13,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fd5326809fed3671dbc1cafa6c123c5b and Element was [saml2p:Response: null]
2022-05-21 09:04:13,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fd5326809fed3671dbc1cafa6c123c5b"
2022-05-21 09:04:13,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fd5326809fed3671dbc1cafa6c123c5b and Element was [saml2p:Response: null]
2022-05-21 09:04:13,990 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2022-05-21 09:04:13,992 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">SWVXaQpLaOJrXzm4W58dVS8kv1ktMmofl3DjuTpEUGk=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_fd5326809fed3671dbc1cafa6c123c5b"
            InResponseTo="_1c0945pes82k1jvv44c77s2lnybzg51jk44a"
            IssueInstant="2022-05-21T09:04:13.959Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_fd5326809fed3671dbc1cafa6c123c5b">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>OhdarrsiCmI5ae2ZMgySrF0P3Ur0gQByqVx54d3NQbM=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Pb7BYzMLKSEwg3TY2HUb90tFPYTUi9SEpQtKjmULaL8mzaW67iKFl1ghNYEZIoQFJCfkbQCX/FX5A51A2vjbOeSOp0nJYEpdSedaToOQGLIdM0dfOXh2kFuH1wkxR2eZj3q+JdvVx6V8uYKtZgADLlEK6qRSd7MWUziy2w1I8YhZ1Xh7ZEWAl4hmFEXTRWIYWSMRB/F2haJ8gS55OoVD3PG/9stCbsTLNDMDzZsXvYp9cJ0T9kpGv9E02rcZGEiSP/DeJfoVasdJzK34gbtd9UeORfeULvgkF7Y43vOEbCz6XB3qyrF5a94tK9shrK9wQ1rlzUxp2Ry7SZfZEpuaDA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_a758987bad92997c9e4323d524b877f1"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_b17098c2b4ecc7b4e31a45981f24116d"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>jkVh5rFCtGk9lmaz0Oo8MJB4u3DlYk157nL/r+gmEW7PMb0nbUYEVtXjD4FMi5I8WjF5AW02icMmMhNbXElZjw8ifY0c8Qc/R3nuoTRp4kXujiXAqdfBfM+FOhQHJ5dHei+xKAoHA9YnydHV/MdOHGhl8ZUM5LKeacHiqWAaE0c=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>3R8L4JzoSyG4U1+no5+l3xhvszQ/EdfPptkW9LvaslFxtbPmXj/OuNBGDrWbmzFAqO8QdYnxngRMOFpiN+i/rMiaXDrL2/CkGsoSjuU2GQOvYBIcSGftJaa9ll91RHHlKrhV75YNI1lgjZJbpKkQ95KuZi2z39SwIIvaVSfs6sEjSiuZ/g2NLCWnK5Y0QT/oYm5XDEIbO07PWwk3sY5tLttnLVnxxgGnZyHHq3+mSTOj5ECTEghzzgyKzGHhgBLUm6AlMUPZ6ScJUkhSM7DuR0dnFnUSJq9+SDFKXPoXVbDPKoc6J5gwKW51DDr0jzc1fMaHcmfJqF/tIUSFYyDY8IBOHaA6z/35iQ+XaX8fA1Kaeb7tRLEmwg5i+pFWsOV8JEzFpRms/Mu49vLYbKgUiDn0/aQdXNthjYbiRvow1pzqR5cnpkcC6tAXCa25tGwDMf5HGOe406ZS7TZRy7lgIvU3XoYUibIk+RJHAxRJxDDm+T7wb5Z/xw+a82OZdS7nIOp1/U3yYZU7AYrhqVAG6U/LDN+vzaqTUeJBIP9zMwrIYu/kROg2GICJlsprkrYv8tDNu43P7JMJvl5UzaQQuvIUcjGa2x1WJrVPGjSjRQaC8sgiMNnpbovlC3mJXzI4YCkPP/4k+roZ2stAuuTW0WhmVMU+xvOTRd7Wifu50Knd+eBh3/X9pttKZGr8PF2tKwkCz0gl4Bf/yWx1+higLnelTYuaEkxq9iXSl2S1RDCt0qsNL1uW4ajy7NOVmFb4mZJ8l0tHISq+EH8DNd3cPUZCaVKDYykuhOAs2osNPKS1qTxPFCNzVBtgNzT9XWPp91TyR6x9nbGodFx74q9rz3OAdM2u1FqqhIrhMoADPcsymkiR5LtB30K516j/FqQiVmZHPnoEVdcOEJuSZBL1V5mvhFwuD3KVEefkbf6k2sMgNXD8XhDg9OMzJgKaSGoi8dh5sQPXClWeUbvNkYqZ4jo1V3es0HhyLnzaGIanMmSd1k5gh5bOF7pDvT5H59qU9nMcnBwpChz1Ak4F1tL0gW4401qqmkOkCyKkXU34Gng0KcA18Hjs432UvkV2+sJiyAEiOCUPnh1AF+vZ8h201netyCAUzTO7LMWECoZf1qR6L30lXTNwZQyC4cPIq3v3ZmUYM+1Q7Kh+e2bLckbSy9LNc7V6hf1EKxRR4+YLeaqWKiX9LMXRYpZyyahbMhOHAUdIZ2y07yyX8Mg6UEH76xlubEbZptkM/tV+HaJdFzBo2baDtt5Xcb1O9QcIdJppcOmDfEq2QbPpRQW14jfUfblZrOtG4J8owEG+6QNHds9ByTkbgWWz+gAbXUDs5Ii9vDqNR1Jl4UaEZeSPN831rPm1WfFg1R7/gthmk8PYniUHAByd4PBzbvGHQXrpUiGjfpK9cm5a4ZNf3rDWbajWPqzAJ1oU3qe4Yh1wFhphqRS7Jf8n/9q8EL8GHU23Onm0DYchGUbtU4IPa4G5qL32TntNMMlKLJNB/2yzE8nwlvMY6uL1B33+TrzQ5x42yxu2JDaAg5fGMp0rFX+Yl5ac9m0lXuMQf+clIzRKlfZXYIVoJsHEJBubI7tGfViNUIYdwdB7Hk6LzAOdmJXhhQzjNSH1vQgtHlRrZNp29fzQN3O+fQRpl+J6F+3DsPczIdUS5aQSquWdFqKx8uHbaHqkTLQBXmRgtzZ07FPZbBzyJWT4SZgLhdKOJDpvBKl3eTjlnOXaESyx9OHFivsYTLqm7nNbEJ5aOQaugjzMrOh0iHBBQJdKcuETGGRlwMCMrKccICgjM2lKoNmoztGzVDh77dZRDOKmjiTZf3CfPgn78vX0fX/94hGRp0cevud8JKwcAk4gNSQvUYinbtQCuGiIAN4gJcJ2a0vKu8TrNEIQzDj3iJjgg1E69WZAYlLl1D9VMJQLtgwHLQ3pr6ThXnNc5HMqVeUoUBI4Gci+C/CvHaqdcAvyFBih6cT//RlIYhnMEW70eY8sRrVZjHmkHxe4DkV/S3Ngv7SzzEmzZl6H+lloMadY4EGnB3VqvMp9PtTikCQW0mnZkwTse4Vas3D46m4SD7bA8B/2t7NeImsi9v8p8o99Phdb5jKQtLjrQPlXAuPrzY0P1jJX92984XCPpzFfZ7wckYscJ6dAjtXJ3c4X5G5qDaGJ4Fm2gqNicU3CWzzgfEyUkgYskkZ2/AJMfG/99A+bcXQp6jR5xGlWpXZo1fN2eK8qAXFeyF8EOiz6F8F24USzcM4Xi6Zo9qai6RcWFnu8/v0MBdA0lqxqRyXgPo+wlvQJfkCwMBawO5gZtq8R/y8dtoAtl2evv4tlUHOzqdsTIrYiErXJ6gakwM4xUm5yCazMwBUCF2omukAnIiHJzjAZlB5s6m85JXx9eXCTtzvb8gz56wgwV2BFV6E7PrTAJpvuPigkVGGi5ieoemMoIDflhCrnOlYtLSMOqxYpXgCWR2UdHq9LxMIQl1YL5QiqXza/9blI4grqOCOcHrutNstJvVI/CC1y/lMgH3mt+XmW1BOjN7h/vjOw/n3KdisU+B7lYXCU8KPYYBB45royNS9USShmFFN9w7cOvGWtiNqAsFHUDSSN4Ad3EoRsPk0LJbEkHlShvFkYGTxAnbXwUBKfW3+vRKoj7Ih6hwWM5AjNoBvzzdZIb1q0SPkQ3imClkwAlkA4pLuScvpn8TdtVuPznCCfrIpah9NFZ9WzJp1oJ0Y7iGOzBUdZyDQ3ETbiOLXWf2kRbT/iM2gSWIhOARcG9i6dPw2vHsCCtUAtCP7ztMutoMISXc8rP9d7q20pWtyLQyA11pdMXaco6+S4ROuIOZbeKZdkndx7Ysvee/hQTYTBgIyL1G0V3107yhAoAtmKLTH5h3MV42eiV9mLSSSPf852BSK9hR0Gs9n0iDLCM2as6uO0+D8JzbmPPyhBq7th7b7EC9l03huqH9apieKzaijEkCm34IMw7vvam4kAegWCrSSfMpTw37N025eFD+b7FRJet3qCVFKMEphNH0GoepKyvkewxgAp/kDdtsTVtvIdRXnh2quADGwKV/92QU19kNfjth4rNCIrVxfAK1roAs2mOEnNNrJMrWPk/VwqRi+zeEmveDlEgx2AFzPWC4vCpafzOPyEf2aI5DmoMP+C7RuLXd9aWjPipJnc/uoZeLTHQSS35o7xMd9rDqxGe+qBZpXoYgU7MXPhS8k8YeC+AnypWL8iuf6R7E/LnyrvLfpPrjqG9drFpLonzdz2IriSxtvdiY702YDYOpiCirGuc50/7R8cQCjxSBsfHQ/cPiMsyGuKsuHOqsd65YLOpmermaiijPbV77KZGx7/ZDw9MEJQkamOpVbYKAv9ncq5xO7MNdXjFAdaCPANTFpb/Aw1i7E+0XNyxNTvfsjKYmBQwpIgOpqcwwYGaIF1M1UE+wHfR+0dE2HYCLMVLbofLl4OlyKjIKjJsomFvP3P+l/eomuyw9Wl1RhV06cI5iC9kQkuU24z7a8S6vGhHKyvAQEtBgCvRZIudU3oagwy78oOoDsy3B4nFk0JjLMt9crxKT0y9LAbJCGrX523D4obMpa7ffemz9JdqimgcgNa/s0Dfn+4yVY6dfm+YatWBgUseg9URozOMUvaI0m6Mp7Dj6/j+CzoUvdEOrVo/muSWpEDfYSUQ811g4mGOTSHv4X1CY4easljC9UVpIOTB+Y4vXAAtVLtZW5m/i8Wzkapopj02Yw5vI7YOnvvS0+NYqaN89wHPqxyI1M73aq/AqEXZ/8yu+mlbIWnWsV+qo7FFeLMaO7QZYFnyHL5iJ8IlKNFgQlNyx+KyT5lm8dvQqDWMf6nViXedQJ/qwf4++G3EpeQ2hMXO0XfxVHR27Hjpfq0tYaYDAg3TznCzcxHx3mA0loGasS9yG0tLNGCDMazSkO3pe2AisJrrTTct+v/vIZvcqKZK72iZNVxXz4WT3KskQJqfCItDV9dReZEhRnLmGBy7dOCQzEG2rcq8DH6tpqS3OA6VobCXtt20W9ahoXAqLnmJjC8D4FXUVZr37wsVXEABUEVmeiDnwAmRqKMbLXDN0PmGBC9ZfrkcMF6USMHFE6Mb+oISxkFNO3AwQCwS75+eCSXXkKuXIwhM/wV+2hTqmrynFRjCT1nVD61UfXvXtyryd8vHAjSPxiumBaYdI8WyMTQ9aE2CICDG75SY7wVgSTT3If2qzM1L3aS7bzHULNiM4EPDOGjnxQ0nLydgdvjaTHgn7QDExIsF8whMku+zT0cRRf1mLuC53xUwiFXApVM6irE6i2tOS5pfyj6WCISoTgvIxarHyjSG27hptiXbfBND6cdsFSN3lIPxDMfMetJ1YC5dxqzzcjHhdK+bdopYwH0l3oEcJzdwbSj55KE/sHG+G+1Otwkmu5NMrJ1gSz/tzvRmdT2iDi7KwA0sxLHJ0nCvHXXBXaG0i5M2t0VCQ/7xAYvse+4STZ4sBDAbnnhAlkt3H8FbT0zfn665TK1xXTraAHI4Gbgz5atpYp4EtOjWPjorOswzPT7r9uHlcJegiSJfZTTYwTjSKW3+IVLLZGKEEP8fsEhTQ2xyRP+IXLRSGjiorotzT79xLtf1KRBJ5xPMEnzOWGdXnUZLRhxvbR2f0CV27aQHF3GU5zsfIbx1S0DmI+f+yR3tvGOUgAU63KpYzfXZgw5oBF+Zc6waqwc1T2jBMVSG5vr2K0oqwAaq+n1NESTTDeZ1OZd3ETDSC29KFvKmO23qt6TaL6CqgaoJvLK8EpjY/vzR+SFBoC2Y93pcZ3AfvSAfZOn+QXf9uOomD79uP3OqrCtNfJYzyudA6TcYJWvgdlfkKVUu4PF4nPYsXvrjkRFNTBpXhhjqPJOOCCHUY7qBdciaOtRM7AlvcwJNg8firW9F1VVIueH7witC/DsrFQc90r5HEsogvtzFiircJ19dPQf1GGKsWQ9wGZLCVvh5iCAhERVGDllemhr/TfkoTYsgY+OGrgZ4TOwFerqdRhqcUhwMlnJFCMcJnmvM0X+nxLpEBobuZcnXJndpQGorKQIYB6NznkKknIzklmml+tqt98TMpIEvq+fizzAcChguQANB4b04M76e83Yfkh4VjDurRMouJyNtarb+tvTk8AT1Emg9XiHFU7VYj2tlp2RKC5c2Y63Vn/qbpaqkr+l4unvsaN+CNRQ1xSixmBB2f2Vq9JlFIgyRDIz7riGarWl3zJOqhziNqZB5bmFxZnOQ3qfPcAo8VZhzz9Cz4MQN8uNLNZsjAhOvIguqBA9cVhypMM+WojTqHyWjQcKsym/ddCXIXYJKI32Ns3kElBB9DdjGbtSGiPyo81/6NDxz/+LzD/z0zoL321SelErnbplG3YTQ3qTDjfwD4lEexeMXcbXuMgkuK7Hy531wfjZnNHhRvJQMZsPNhuIfyMnd5QZn5M/GMk7JocckVpy6Uj4E/jtnmVj4GnsyTSYX/6SMumPms9QCzKuvgCSmv5b8fv2pEc1z3pSvppFtEFEDQ59vHgtHEvECVAwza10S4HbHzUJRYGyZ090zvIikb5mA/cp07gI0JNjR1dsGV+srhI4qyhJEyzm4c2B0UgUQRJsgYQM+6ccdOWfPak7oMR7J6ambZnrXPreV3ffyc6RVqwK4wtHFJ2KEA7beQ3/V3FFqMgxtOmlD9WmabgUTGUd+p1yI0WQzP2QP8jigv2SuT5ahFRGdX7SRS6WPsD8NCEqfRvcAzlfrBPQEEhLIeF3WQU5iyrHY7Ntgy72prJiYIOF+bOhlA8yUu1rBm7DywExp5Ch0/g14tw3HJg4VO8gSAjVvXcvpLfE2mjVtbAzX1x4wQKCqx2DWuYF/JS585E3rPghVkgTTWyJYiqnOIwNRXUW7PNgdLhi38VUcNbS/scEeyxk652KCY8h4gtI9dR4yraqkEjulHYBLEiklJUTvs6092+8OoJhFEInZVX674PsyEmiJ5rBi4xgjse00978LM4JfcUWdanmQ7J9NTuhQDfJ2r/qSQDeLuG9jGadRIa5q+HPWQ03B5nfeycHkIakRQc/lFQ1mpEjZEgE5XcWoWiKbvBUe37+MQRZ6/6iVzq9CvwFGS6GTjEYHPWaq7eUGUTfqIYbpBqRnXpX1sAbP6hzidxetsCru6sFcrCVqvfeocyVPAFt3IWyucec8//BsseV1Ovl+1L/vf5WQ09pNBcTGDlTyrLqWYvYw8EaLYwtJi1NL0J2UHtKg1AOd4734Tbi/wV42mIJ75bWtKmHNS9R0DNzvR4J6gl7Lp6Xv+530FmQ+q7gGMV2cBg8CtVJ60VA0sCplESy8xfcBjzCL7bwsKiFnhc2myMRzr6CXbnOWYwtFkabmbnG2PWSxsrBq6+lY49Duwln/vncDY37vCanz6vFYx0AZC2Nkf5EBAEsrmcxq3To+9zRnZ7/3ZUu1dY9CfYrOAAzlGjBgEU7S/9Et8js9GVMY/ToBoZDvWhR+piI6fVSvoSAdRAfpyakvdiXO+H7Mr+39ZCAIwjqYLcmn7f0JAn2hC4yAI8XxMdBJOe1MVKkUMWXYthy7IBET0jIrf1npiD/Jds/oZUzWh6xwNZXNqDMCdf/TEiL2q1auAhuBd5wvEQtj2t0v09E0KKy7PtbfQoUtRqUFqKo8L/zb9Rk9NolDeyFI2u0/DimgjnaVDt9v/ailvOqIop8Z2g6ntH9dJuk0drmATOjs0OeSEJUPSRW15PocmabZW4dGb7B0Ms5S6r2kAKJTNZenBykhWCjId2pFkVAAekeUT8C+lj6aGon3Ia8Oz2PEfPDcBaoMvdUcr84xQI7cqQPz2qDaXz/5W4flcGar4yOuzhlihKa+UlX4JRiZtsNoWJBAGrCb6fnm6Mn+Cd0Jum1Rchoc4iTCrJaEiNenrtzi9BaP4pIJ9BatQaayBcxYrWSkkkl9Q+2BSXKov9bWVUkY+RbyvkhUgQB8RjeFH2qIq7zLo0HKOES1UH1GKJ8SjBbEL887Hac2rPZJVlEZjyETn7KcbEHa5U6zk7jo8paMa4Jdqtt5XhJKtKhj5KEYrl5iroFmuSKml/65vObTwdZQUdKwi4KiSDRZH7pz8Gngc4CZzLL7VjIiAr/6El0R6IUHgwoCQsiHz6kHJaff6Y9bB9PU/n5Kw2Bc5Y1TAYFud78u89qrfTUgjLE3rSqIxuwdqpBfgPmQjgR5TK3vJ7m05gKrPeZFt7b1ndzoPsIcvhZ+i/rLVcZdheVoqnFLsNUs61SOPGTXHcSuXeQ0GsT1qUfjMJPmkwkUP0/CTAT78sXKuDdAZ2/I+xE0X6+aeMWHuWdynfTR8EXNerCxyrMCMgLGxh/a/fvYLGd4u2+2r9YIlzByQBce0XpJnn4QPgRYRYFVgnIjN2nLPM9zVPGj0pn9F/PoP8j5WgLEOrzHxdrEac0EpwKeuOCaEkX3aY7hGIrH3hnRfJZ9PpYNwsvc4tK0U5Y0tF3nNlglw1nIhCfhxmP+T/M4FhGVfiLj+tlbUs/dvLNJCKeiOR3Qzfjo0thz4aul/1I7iLj4fgZOA7Cu/YaqRdA6QzgG4aanucPMpbRJzCwBUKximFzGNY3UUys15VueA7HeyuNwbyISD83hziJhoRujC9os1Ts0QTqhKYZlCM4bCSf41HlKTmahXuy2NDggweYv0sFNSs+ufsy5i/M3zjVeSBCsdl8khp0n5FvH6RbcnesCrATsfrcwP9nIDuMF7TrRT64fGAF5V9H3hRrAjUkw2nCNo72XlX/gozsagCQS/s8pJlPFYShCf5zWU9k0YsF39mJavw/3u851e9SJj9ubvg+14NAMoMUu0r8ykuhzH/rDEEg4KMu3iRHYe8mUJY8bkZqqyRZRQp8SioVINl0TXlW6JXxAtshsMjqc9BLjFAz2u3a/IQopc3C/kmtcNycgv5TEcDbyeo2D/SoxEYndgPkkcgOuH60dxcxPEec9pSAGyBQvtyBDjYVWd607ct/vCI35FLx9v1DfgZUk9TSf1iCBslXdeRF2EkZQmyCzZTFEABFfWKmPhS/udYbz+fkX5pE4rfuy4gcNe4nWDyVEFdTi2o/CzB8xhcHoHIzM7/bPtQiiKyPjccPmCauzoO1HttJ1awmy5zo7GFukc92aAQawLLxBq4T14BfUcr8IPhHV+bl0Tz08NpS6331QpCU7kzP8gMktzNylzh/Uxk9zKBjZhWr3eIPMT1ZWE/adxPIKSsO2uBz+VlIHz7q4BtIUCla7/1AFNpMCKnYjq+FPDrX4hafa4Ct9r7asWd+JsELtxIBC4Dz+t8iBMrroIcoO99j+3Hj3tSULEYQKAHAE4v6Popv/2GPNPPH7prPGkw2/AN9pOD1yKg53GLM5duQ3gTzwvDVrkIEtN39LRpGIynWQhKo2nrOJN2vsDwHRuTEsBrRfNzr52xumgvGyRsjHbnSoCRVcdTvFkOx0yCsDaEcEksyhskHlrfNurGvn1YLb9wmoPjhnslBE55JfXS/T25D8QwPeoflAR9J6RFjG9rmSPm+ozXtmZedrk7akxEF7mz2xpTWLHU0thqmrtfxC8Sf6ttZly5O2QCv7rC6i/zW52gl/Zg3s6MMYoueiO16ya+gSAUFM0qQeA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:04:13,992 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:04:13,992 - INFO [Shibboleth-Audit.SSO:?] - 20220521T090413Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_1c0945pes82k1jvv44c77s2lnybzg51jk44a|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_fd5326809fed3671dbc1cafa6c123c5b|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxVet9RIZPqvl1RVNAhCMfGnsXBPSC4ULdXKFNpc3frluQ4c58F1x0rGc2NGKyYe/0PMV48AB030IV7aPwiUsbUoSPJG8p12y/yeQixLKRJ5YZwOHPGOi4jHjJ+uEyiPFeHqxfuoc6lCmQ5Bz5|_e115b3b6be4111957717463de6000ffb|
2022-05-21 09:04:16,698 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:04:16,698 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9" IsPassive="false"
            IssueInstant="2022-05-21T09:04:16.004Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>BG5Wtga1tsYr2jyNc+pIbzYw/jY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>qT5p1LKWSM9x00T5Wx0Sr/YUYSdO0P3R7RM7O2RsMbMWil0Ga6l6SG+E4/3/6ogyf+0QU3IC2Sjv2kCEcq3Hcb4kI96O0p08ccg9aPNBCmU06a2zVF3nceudbyMMSni7OGekxTFfj0e6t2DHbEriXkkUZMvsJmxEvAqG5rR8lEA=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:04:16,699 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:04:16,699 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:04:16,699 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:04:16,699 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:04:16,699 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:04:16,699 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:04:16,699 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:04:16,699 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:16,700 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:04:16,700 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:04:16,700 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:04:16,700 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:04:16,700 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:04:16,700 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9', issue instant '2022-05-21T09:04:16.004Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:04:16,701 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2022-05-21 09:04:16,701 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:04:16,701 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:04:16,701 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:04:16,701 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9"
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _tjryuljsulhhrzrwjxml1d84mopcbtc5aok9 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9"
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _tjryuljsulhhrzrwjxml1d84mopcbtc5aok9 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9"
2022-05-21 09:04:16,702 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:04:16,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:04:16,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:16,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:04:16,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:04:16,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:04:16,702 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:04:16,703 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2022-05-21 09:04:16,703 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:04:16,703 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:04:16,703 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:04:16,703 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:04:16,704 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:04:16,704 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:04:16,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:04:16,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:04:16,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:04:16,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:04:16,704 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:16,704 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2022-05-21 09:04:16,704 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:04:16,704 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:04:16,704 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2022-05-21 09:04:16,705 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:04:16,706 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2022-05-21 09:04:16,706 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2022-05-21 09:04:16,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:04:16.706Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:04:16,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2022-05-21 09:04:16,707 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@594410027::identifier=rick, context=org.apache.velocity.VelocityContext@218a6a4c]
2022-05-21 09:04:16,710 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@594410027::identifier=rick, context=org.apache.velocity.VelocityContext@218a6a4c]
2022-05-21 09:04:16,717 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2022-05-21 09:04:16,717 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:04:16,717 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:04:16,718 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2022-05-21 09:04:16,718 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2022-05-21 09:04:16,718 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:04:16,718 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2022-05-21 09:04:16,718 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 1fb44e18184863d9116f19dd18e0ea257c38bd4cb018f32be67b7d5ea3420453 for principal rick
2022-05-21 09:04:16,718 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 1fb44e18184863d9116f19dd18e0ea257c38bd4cb018f32be67b7d5ea3420453
2022-05-21 09:04:16,718 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:04:16,719 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:04:16,720 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:04:16,721 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:04:16,722 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:04:16,722 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b015c2e34a6639aa3cbc2e1363c22fcb
2022-05-21 09:04:16,722 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b015c2e34a6639aa3cbc2e1363c22fcb to Response _a91561efaecad1ee8c31debab0c85a97
2022-05-21 09:04:16,722 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b015c2e34a6639aa3cbc2e1363c22fcb
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2022-05-21 09:04:16,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxJGeDfyNpq9FAlFth0E5fILd6lGoLezmDoqC2uBc02ObZDZXNznRTXjy0EuMJEsby7kXvfwmphoAQSwixZUwxRvix9e55aTwr92j6JxIXqNA6MNFP3VRYWq77Mm8h2328fN25NY3IX+rRXlsL with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _tjryuljsulhhrzrwjxml1d84mopcbtc5aok9
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b015c2e34a6639aa3cbc2e1363c22fcb
2022-05-21 09:04:16,725 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b015c2e34a6639aa3cbc2e1363c22fcb did not already contain Conditions, one was added
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T09:09:16.720Z, to Assertion _b015c2e34a6639aa3cbc2e1363c22fcb
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b015c2e34a6639aa3cbc2e1363c22fcb already contained Conditions, nothing was done
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b015c2e34a6639aa3cbc2e1363c22fcb already contained Conditions, nothing was done
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2022-05-21 09:04:16,726 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b015c2e34a6639aa3cbc2e1363c22fcb
2022-05-21 09:04:16,727 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _b015c2e34a6639aa3cbc2e1363c22fcb did not already contain Advice, one was added
2022-05-21 09:04:16,728 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 1fb44e18184863d9116f19dd18e0ea257c38bd4cb018f32be67b7d5ea3420453
2022-05-21 09:04:16,728 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 1fb44e18184863d9116f19dd18e0ea257c38bd4cb018f32be67b7d5ea3420453
2022-05-21 09:04:16,728 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:04:16,741 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxJGeDfyNpq9FAlFth0E5fILd6lGoLezmDoqC2uBc02ObZDZXNznRTXjy0EuMJEsby7kXvfwmphoAQSwixZUwxRvix9e55aTwr92j6JxIXqNA6MNFP3VRYWq77Mm8h2328fN25NY3IX+rRXlsL
2022-05-21 09:04:16,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:04:16,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:04:16,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b015c2e34a6639aa3cbc2e1363c22fcb"
2022-05-21 09:04:16,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b015c2e34a6639aa3cbc2e1363c22fcb and Element was [saml2:Assertion: null]
2022-05-21 09:04:16,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b015c2e34a6639aa3cbc2e1363c22fcb"
2022-05-21 09:04:16,742 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b015c2e34a6639aa3cbc2e1363c22fcb and Element was [saml2:Assertion: null]
2022-05-21 09:04:16,746 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a91561efaecad1ee8c31debab0c85a97"
    InResponseTo="_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9"
    IssueInstant="2022-05-21T09:04:16.720Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b015c2e34a6639aa3cbc2e1363c22fcb"
        IssueInstant="2022-05-21T09:04:16.720Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_b015c2e34a6639aa3cbc2e1363c22fcb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>BcH0qe+CXPvjgstpQI7iAr8pkpZXWQXQnhHacUsjgZE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Vc/WAwCU2ls0fwu4i96U/QG8cYdiyxXUStEQuoeLGryXFGgRjhEITfVVPYAoIU+8ArdccLthB4vQ06UM6sHHm0myo3IXCQG7WZ3hj5r662b3JCatw8uyGWNSWrTNxpF95fDjf2lkOY0EwBeTVe0zrg01uA1PUolWmpRcD8N7njMhmoz4W53ps2pzZDi44naRwIEHICoUuDFHZQwYsvh5j6c8kTPPcb0bYCf/qkyYSAsKJc5l4VpRuQr9T7xeEvAhm/wnVLqXbHwaThU2oL411p50nPa7Xe49F4xr2cymjWaGYfeaFPqJEgNtpuEse6lraG3AFKBYaTCIIgVjfdJiEg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxJGeDfyNpq9FAlFth0E5fILd6lGoLezmDoqC2uBc02ObZDZXNznRTXjy0EuMJEsby7kXvfwmphoAQSwixZUwxRvix9e55aTwr92j6JxIXqNA6MNFP3VRYWq77Mm8h2328fN25NY3IX+rRXlsL</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9"
                    NotOnOrAfter="2022-05-21T09:09:16.725Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:04:16.720Z" NotOnOrAfter="2022-05-21T09:09:16.720Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">vgbwSYRxLOj7WGdtGpKcnFpDT4fWB9iLQtanL9ioEmw=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:04:16.717Z" SessionIndex="_fd4b93a16e1869d9b3a66fa4d435d66b">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:04:16,749 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:04:16,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:04:16,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a91561efaecad1ee8c31debab0c85a97"
2022-05-21 09:04:16,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a91561efaecad1ee8c31debab0c85a97 and Element was [saml2p:Response: null]
2022-05-21 09:04:16,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a91561efaecad1ee8c31debab0c85a97"
2022-05-21 09:04:16,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a91561efaecad1ee8c31debab0c85a97 and Element was [saml2p:Response: null]
2022-05-21 09:04:16,753 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2022-05-21 09:04:16,755 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">vgbwSYRxLOj7WGdtGpKcnFpDT4fWB9iLQtanL9ioEmw=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_a91561efaecad1ee8c31debab0c85a97"
            InResponseTo="_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9"
            IssueInstant="2022-05-21T09:04:16.720Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_a91561efaecad1ee8c31debab0c85a97">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>gr/UIYDpXNPbK3mhXlYo34jWzbJ4TkAnaWnm2jnoiYc=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>rzl9YdMqWy8BK3Gc74FGgnvXpWoOksOOKzpgiR8+DN9f6Y0FAsIfrc9v7r1X9JbDPCVhkJKVWr64MwxIORmwqnRGdIQBGd2zOLkRwRDXvgQGDIA875XUfqhiKFx/sEnzDXyYeISMAXeoEZsHdRSnuKVi1XuPo9Zy4X/mXAxGkSoCLwKb5d5oq730OJBAIXa12stKx9hPOdKtJchFZ6YnLqW7ICodp0+L+AbBjVNL1F2fdkDqz+aUpCLFdOWSchDDxP9haLLmRRUhilpRXB68axBR3tWR+hU/u58fXccm2LZRDRqz2ZfMmhaX/FEBceU+dsr8mpOlBAp58RPmn++72Q==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_b689b797d1f31ed1ce57fa320dab0330"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_1240f857d63bb5604f7ba14f6d701e2a"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>UIrbe5F3wF53B7RJe2SDT/dLFmJSUFD3DPFSx/K0ctJgZfcg+ZZ8QvQeMsKs0IenDD05WGxtCJELVPbMDwxaDSDtvSh/GJIcfzVlCzLHIt3PPrVNjLqATkqNBEAFN8RRMveYel2HDlWAhX9PpycIYKn8Am/Pg8V1j4qaACSoROk=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>d8L2eSzmcti5iieyI+aQ/ICWDGgpvlW6frqg/tUVSBSAttk9hG4GzTkwS5qgSFc1RKPfTcHtvtwkFE0puGYwWvzM+RGPkztuqGATJnDj8uTTx9+czL2Fok9llk5UUUxcdLvxNEz/JXCVDWRXZFmF+XHts+o8ywcJ7SQD12Juv4tNrrHJ1Id6mkNXl/mKQer3+sMqiiJn38MKpexDVf+MU5nnphxZNv+n2zYVF0b+t0qOHaX1MXGj33EH8HnAxQaCPWbsLifh46W6SS4zE0HMXKDLeol7UGj5NDeTO/DoC9Zoa6xLhAhfCg2iANa72HK74PIG7FBjoa9ROwpk6OyH2bPS/wfGokPqAASkpyrON3m1yh1buTWGmmBxz0R0pSJHMTAEyWJvor3/WZsfQePg1IKH7Z0vyMqfFVuAw+ar8kbK8/mmRWumyIbXlpyk8kiwTKWZNerMKRDdnnH9Ag+22l6HdeF00XV8B3xEMjPFA4Fp5DiuLDN4HQPo1sdMEgktnDUj0y1Ywo+xhurUycwL+d1sB6l31JyVNywrF3ivS0x4oGTfmOjKyp5ejJNnXzNqQehE26hFU5ZUx6IzcvR0SAF0TZmNxbs94jpdQiOz511Nf26ilZUtAxhADpeWs4Qxv1HU9QhDDxhWP5VJtKkyX8XpAY0+pwBe2pBXRjfHmeg/UCK1ynsxQ4msgLHt6R+0GV2aQkXwyzDHZZoqDZfDbVP1QKsCjZ3ErMRsOwVWv5ZQltKlEkSg/iYUDme5w2HN3btxjZDBHlITnQ9Uo+LqS9x7Kcb4bta5MzYZUucgxRWyttaQ6UaWRFQumOCXDfXY8Ao6vHfIqxmfXzxWl+v1U939sJmfYaXP/sDf0rH1c8y30tnUmjycacmmEPCWiPVmueV3yF7OAfkU4waQEtujLGWc/D738iJtKvBMz9rUHr4gLytkJOASvJV033MMcLNtg4CYISwBMu+0ICxqv2xqHtse6iXzPjLkXzWp6Q5bLyqP5sXIjatbbtDanY9IRqKlQk9HnKrnDJsc1l05dBOWQbW8j1YXZQFPrCwa5+7Ng5mL1oBLLzsw+TNMFkhiMDTrVpNpyOeR6sVGnhv3ByokgXT+SXehomqUTiH369qihqK2hDgQL6pnR4Wr+ShnpW3LZaamndjCoA1N3nX8u9swbcjhlKQn+07gdGaf32DoNBC+Ga0CNM57HRk+aUcxk2xO1jYMSkQQJrY5Ecd0iQ1YJex2KvcTv67CVlR/TnJ3YGk72syDdkIZ60JNkfNByRRBysONTwquonYLC+cOHLNr8Qmg3lLgsZXoYOYZx5TgFf2vbN4eXuRZQdKzkQLR8UEb+sF52IAYeo2bhuSiRTPHUOOOWq1iYEX5IF7e2fuL0JjcRNbEgNZi2ycBk5UpgTw/Jv/nT6RXOr5V1VQ5emi4jOUTJR9vhlPvu1CAM6qSZErNymjxaYR4LWp0T51fUC+WRCEM8GKVLDGoGIK/MhjF+yxfyI6Y49HFoTAwUKgTO+P0pSj/4Pv+/t6ABTjPUkJmNGWIpwUOP+SZ/4jFc5rGFIZG0F/iwq9qkAPVhiCAO1KTrZnaXpVVKXEhFVBV5PxUVe84d2Ln1FiVrMQoAVulW01sYf56Q2lWjy9/I4soTSCzc3O8JS/hIU7qCI3x1w8V5LSU79xElfb2KGznQS4rDN1PNs8OlHbw4yPlKGCuw1ZqtOB3oWyxZeyl9VJvALthatVr9iKVEkY6pVx9GCfJu7JCogns2mE3FCvOy2pISj2i8MHBGzDyvDnTWwusaFWFtNf751k5cEOmUpfOBgtnhfmt60qBi10ToEflb6gIn0/LV9l210XdxBJWSvNm8LHYu5mMZc7NxYWmDHhPbPlLSOg/rYqh86+UJ2tHuYDFNDTsldKvUURXnR726+BEgCZwPHaoQz9ngZtU1gFglXJKleQm37ynae3cOJaOr/tMEXR8wC1vMtqZnm131srvetuWpj+8tvowUuzZx+1Gm43wrf2Wt9EDcMlwgIgNHkfRdlprmkcEJwjAMDs6UOjodNdxnKh5ndiHoWrI62jJMdiZl11FkqWen9pdDXAwmDkrev6okSZUapIy7ofhdQFuJL8gVVOTGBIS6kingsLti4Ee1I+cR3/VSw6udagBf0GnEMchsu6Nt/k9/SaQrZpBrc/ppDMgn0dqrbKVku+c1gHQilyaCSqNV6SAk9WbIfZP88qNUpM9Kis8p7V6Na5fwTzCJ/Sebzr6X3+/8Tx5w0GkjfFUxOZF1lATopOzzrq24DpSnFTsYiXDP4CGIT8H02wBnAsC/M8VyUV4b6PXF/PxkB/nHC06mgXHt3NUiJnfLYhwQ+1UqmC8qVHCBoFFZq+yT8mHZTKUig1BDWhBf3tuTnhm1wklJLZTcXYWQjCfnxo31FuJTak1IelaY7ASUbBClRBKXqWghk3mAYYzGGK4sJ3WrtiLFbI0tsdWweRlBRAOc74URQLtJuvYBYOfnYgmHRlfpfWL/asJ/mNSWtRjv5c9ZcEFQ/KKtr1+HoDclYlGWS4MFJ+OcSy7GEwa+GKMaN+5YmfDuhNzj2obkWq36PaxwarbcSMAGhjgQ/qphMGBeYCaykTZr8r+V12/YsHSfyWG0p/5KJlw23QcmGQC6nAOco2FdHUFMh6NMr0bn6ps9IEcH4VkobE0C5ew/GsR8CDL3zIMTypge7wPcAxVIXHvp/sj2k2jphrJbV+5QGWOVA7ps4/jLw3YbytVofB/tM/MsgvHFYWXKCmGUHPCRWxIFCZ/j9d5wkgb2lpQS5nJynKCTDfAaLdjZHTp7mEDpoRWQiMsWP4RcbtSHdy+bf4YqcswvoSRNmkDK8X8YsGj3+plwMkFLgdymNKK/ll/P2NgUMXxdtzAgKGbRoaPc6S1IQPyG4Ar7bgDbPbHzrf0COpAl493ZbNbESgooUnoRW2pek4q2h7ncCGlMyi5sIzPMOpGtUMhjFLpJw3tmD0qJ/cST+mCZsBBqCyIYZfb6p6HVTcXgZ4SkhaH9TcX9GxQAelugg4jEcv1aLRNNZnRSOVMTExkrpZf0EO3qLDPLaUM7UEje3HIvETjJGaJEEhvvc4EpL3jDGLj6gS175KQF55ojmJvDh4lO/AcsVej1YAut0SQhgMrDKm3hUnqpmFG64fJgchQQmH9tTuT6QAVCHsUgygwjOXaCnXVflTUVddxe6EsipZPMWeYvvDYdcJh6vLHSRntlELiJlEul1K63Cp+EC+vrqLR0yRguRVVdVXPpLbAzrBdV2IkZdJydzT0I9Ug9wNMhZ5NlxdrJgfQBj0ke4cG8ZvF0LO4vDNnnxMLSPVH7cnjj69+giDgjpBe1oexXXFrpCgPgQ5qsgDf/o9PSI7qPDb1qI0WsQ9DHtw5yXLYM+q4MBPqcqy837bW06XYlKXkxzDewOM6h0lO6Z20MoJukfKY376XLJFW/nUG3O2zdm4st7kdfnQGmJNTislq2Sc4D2igKCgt5TbCotEskQXMCBBStTKBUf6Vd1cIKXdb66b1pKk+T37INrO3sEuk+trJO5BJSS/DV4g7cyeSjZU/gCG7npkk1qft0pSVM2AKq/+uUUP3FERZELGraOZBsOnzN3rFkJ/3CJVHjNFGHIi5Msn8jMRHYWxd9n9gqtUTT/gJYoezR9XRFIsKcT8OrS/vf92TwhPxgpE2HIcsxlwUM2Z7+waWdigibruxQSqf3SZWLzbhbr+HWd56gMO4YKqZ3Q4+2qyrKxyGBYHhJs7aECIqy/XBC91NJaR0jrf+h4cJlt1rYBDNBzUdmACMZeo9KMTfoYW0cptgledkYJfWpekE2dT0zHJwvJjtiaUWjit8JSIEIMGuLYG15RqkMlfXGeMTKbo7VklnSPViYwhyeVjUMF6E091Hi7XcUYE0Zq0yye4njlBIfT117X/Vh5IcbxcfI64NSzTIHtOiImO77tFiO5pjCw0fv060Y/waNmqCEJ/Qz1nS9yRwZ+7+aNehXLhft751WXTqIMnczwYz+dIaqqJpZluCCCNUnIJS8xCehot6AW+xXwQjgOD0D6pwZ5BMP0rPDa7Q6ySGwBWPu1UhcxzJ2oS02FCIVAtSAx8WLfBB4StGGbQ8E6RJCLmmt7eTI91x7sDdLY6hKdmuUrbS4v6weG0qVhmJqKNNni6zgPvRq3evG7EL8pT2Q3y2sc5VPrzGualfN2XXXHginNor03SlS+kJ6WeLDI3VUCMZyQQCvpwdOkFxqP0uCWnsc8kt1b6iqfPweOFh8lenCWlJwcFXnbRo4YfUbUHg5ZbosGHKTCm4hyj6VaSLAGL/75cTJSan2EEm4Vc0q/1PZfMivAgqYW0SYBbTsB9HM1IumN/ZGl1gkFntL6BlezlCRtvzJxrxuJM6ZSbqjWOR4Mo2dlYeKY2ByLkvzm/tyD80JWXnh3Bvfh3DOOUjybf7+WFbtYrM6RUn89hCq0cEMCablssH6S0CK8ZPDRsO2icNty5gqabBmgKuUi1y2+/W8Wnp9H/VaCB3KTCht0+U+KRKjjpl+rsklq4PEHg3OyElJ4nXjEh3nKRuo+8F2/e2Q4/rHy4HxolEMSy2+yAlRzpnOq2ccA3eOv6TU/ygf4l4yTvA0rNRzC+uyYv7WhSUZ5Gi5vLymRRLlgH9c1C0PhA6mXmBtftLDxD/06FvA3tEKAtHHQf8zCymuCyGmuoahB4dfVMVcIKXISS40B6wbD0aNaovaIlfOsShOE48kt8Wj2C2qp/gj7+ScFvl0y+kyEBk6aVF/QKPK7afxrybWgDH2IEatTfZSLIuO+nZ0j4w3UOYGbSZZtmIrMeikX+0kbm3ginrqJEtPCeNxvFowxHvUmh7cUxNMSu0eXIzMjOI+HJkLLLlsGx99HfPp61B3TXvxPhS9eqrLt0T2zpgYvEBgLKItRY4jPDsR9SXe4bLpRgUfyjzzl+fPVEU4NLp2b7raJfsRxw1gbl4eiH5t2ohdijRJhAsQq8DQLbqHnAh5R3ecw/M4n8pL9enu9nublinF8mJ62Cc3QQc/Jqf8ef/Pn+l86P3b7SN6yZI8HSv/DhGIzRd4qwmIvxSm362o6KczHkzrptF/w2FVNuwT/gwDM18YBQyw2SdxBcPgTpzBHqUzbce4jPEtVEQ4qA5qqMpUHXNZyXRlV0qX9IOLQiF3Lls/vwcWI7599eldRt48kv/FLJzI8WquEGcjxq6nrg9GmYbmC5QSFHH5+X4Iyx4GPnbFGQDfPZ3dFqSj7UW8Hg3lwFB6IdGpM6Re2/j3YTGmHiDcEYzQP2xnfq34lYmE+QBor5bPKd2i91t3YT27EOnYep2d7Uxh5EU3KtvI+Bp1N1DUyy2lJmoxH1PB84R/19IItIkgnF7pl00vwgM8G1KqeI1hrFWisS3d0+6E55JYF+Le7mWM7cN4WOstG8clgXRopK1N/HJeBGx4WX4syAozXhSuf5p2p3PE/hwZwD0+m1P/iIPW8chR5wANrsDxnXZaULq1Bsj8A3oj5ZK3fchVwRt/nA40em2jMU3t7PeWqyTQtFFjb6MxkBMZA1uwEB61GyinCLCOYQvLMLjj9J3Rak/Tj5sHGb64bNQVswFDKUP6etcwAhq7KkFbtHQouccAxGaIgVQkKVVPZ361CrDx6/JojSKT6oigC6zkYgE0CszxMVWxsbSdMFu7K+xH38rhGZTkYvt/7pFLXDSMEQ0WTJJbQ83ZtohUc+y/TZG+vy/ALxPf2c2Wj09DvPmqVhvX1KXGQ/XvAGwH8oaSB3KqWNbAXGZWaq3w7f8I+MN+v/Hhsd3w1R2rsU3SgJIabmw6mkDgWJIh58oE5+5vnA1fCGT7XRdqRJ3fi32voWScXzxYaDnsoIP3mVNbp9xgwwxwCB5ve495e1GSzCE+PSdTlOJ5SwCD4kM7tmsWLQfAJmVGzctLRK3XkU6LqLPBmpRLNngpZNM+eSobBI7T/LWFxb0xEgJBMg62ef+jM/xbGakRx1pwf8m9/AGmhMpW+vupp9wMnsnM/+q+xtFvpGghOREUZfaAGjdwJ7uesBwzU0gBUSufHvU6yYE7FR/JAKsp6sxvFP4ReqX3GilWYkJTnrq30JN0Hhhf1CJmLEzNfySIY8gy9SrNY0Q3NFhvNK4PC8cvWtuSEac3WbXl8sCsvjOnTrgBzIat+Bu46xz8yZW3G7iJ/gCSx5d5n+/+vn9WaxiIeHBory/HH2kqlFT0oOeLEJdY/edRcYMvKrBrgRaFGWeuIm3wecNLBnaPJ6E6d7uCa/n/O5YJmUdbvlSi7VOpaW2yzN3Q0LmdtaLBDzUZgvI2+H/rXAYzjO3paUj4Mgsi650XQSS2q2RdfqvfPEr1M7/6UayT1c3JiDjzYoDj1a+1xUddJRCiceumRNKug9AyD0LSHqhIKYlvgErmA9TxqpPiPosBaHZDebRnsnEq+ifx5nuej57spYlkQrC5nldvgQqbIBQPw6C/FqEqIF+RgOvMQgD6+MYHenTBRt8ZhTKjtGsAw47y/aRrgBSHzgxzJeeSpdokdmh0C27/M3R3493czB8Y7ggBHVSUjXeGAAIQcB8BSUki/caGv6hexdmfBf3KOXifVGCDjMTE46DgmHEhr6sNz3cmIooJgj2bEBT2tKcnXFPA/3Qd4ogYPEcEEDUFb4RESlQIJX4zC3/p9Xght9KaljI+fQ2KfRoAQ3CxPDnMoaeWr18v3fpYkMJ+Zjdc61i+GXz5xXeDU0fiYCiphcCF/q0qKl44G16thIbrRwVTtcX11K3AufGeZmS2zQL06bN03X+po5/6Pux8ORZ9MhVgp+EkzCY5EuhzyLd38QwEPm/EQn+CYLh4kSi4lHZFb7c0YfiQ7fk5l8hiyW8qctHyu9T2lZc0g+jfYH0xHjBbtblnsONO0Np8x5ACqis+BA2D83a1m2vqCQ01rl3eXO1j+AgIyxX6tp4nSnZCPmI6uBN7iNFB24I6TeVfWdztfffkq0lPwb4T1WEtGa3A/Je6I4i3T4HwwDGq5XBDs8uLmYlEmDB/xMChVDRu3t9Pu6u5I3oDrSVnPX4oJlJYGZgyYAeRN6u+O7+2fiNJdp/BZVzjq1eC9xx4hYvwX2/Zoki+v1JvnKLuqOu7XzChBGyvI6umCb7H2gaosxn3F1taIr2XqzEaHEu2U07YfwUF19vHbfzaiBvRDWd5kYNE2yr0X+2KJUudgJNqQWZe+w2Emz02Y4WkCmI8hJCPU0KyuHX+atCmemt04YXl/St1gsX1DxNpLFDYn6WMbv87PHDK4Czjxd9BsjdlASD3wh6yzr7JF3VSlJPB460XhOhkJeMZ/T+kUOWt6J/KqC+CJET5gRU0trzFFmTATfTA5ulhj3lSC/qIDOQpxT/DbldQKQvvKmHHAELAI7xcu1sdEV+QpQrv5RzdMSCwuvAPiaOrwS4pE9qQkPeE4xMHlZv1UQo8Fr/KOEc5H6pSZZQNhHLw0RWGay0NlMLCtM37lXoc0U2ntRlpk5Tib+I1ifg12Ppsvzr2lPqIDagXxNyfR7p72SGCLdnhBEHgQFFmNob71zY3AUuAziWPV7drnWwZv4faQshNwcnLp8BCv080Wu/QYkP83MNQ/KlH7AH0/Dj0DYm8ovXsUepKoo8If5yv+3qFBd3rXWnjuDIVX1YaCPJITsKSacL+A7oTZwzRa9yMWP5hgsjsriKqFxrIk84BenHP9aF5DZYqGLyNefa5eKFInDmmEiZGTjZiRbFLyDmzvfeCd3GuWDqEfn8YH6uuaQxLGqatyK64aaIDzEZYTxbt73YIuP6l7Acew1IR0LVdF31DrjvbY/yiZa7M4oBuqABD372/Rfs1NOqfVg+bY4/boFzkEy7TIlxu4cApAb0s1JGx5mzHovtXQTjrzO+9C+L2Y7PWPbsUENk6dvFPfYvWySBN9AMIfGsec72AapuySHoJ1YJroSkHGh+avNINCjT2rpin110gyhVg9rK/Vu1rBSkPwxh2xefTeMHWr/eCBFt8/WMu/z5f/q/0yPNqW8jDD8jV9TopWjYeBwu9CkNHiUlHkbOIoSYbxXXR+MWu5XmybCc0akPgePva8v1XEvkVeT8kBAAmuQAOL2JxC4zKKfk5AC16hqhDIKXKRQbx4D5hcyPFC9VIPBkTswEpEB03vYMxYguaMow7tAH5LlOM9X2O7LFXb1wmXA3zSHgnp7JVYa6j+T/+FarMVT3IAmJZSA1aVzWTDCr5TGP0c88+qlutLbbPEmLIBmITLrN6HNPCGS99VpPUeLfji9KhgMQJXV7cFSfjQerHg6Ko4JY2KXX0LhZii00M1DpdKnEe/4g4oFqARWJ5F4gsEeqX4S6inaQDs5nyipTZ7apHJvXso8l8/cM33Fc1JbntVD3JMzsrZFq0hZXXIXoQY+VlFcLmDnQj8Lh/SzdlGD1dSEjq80if3vKpzc820b5FdADzFrecYLMSlgDt+fLvB9Uneipu5XZQyiRqzZUy46H0UZVdXPP2/tkx1nUfvO6LzC+0Bk0YpuAe+4M8EN6yGOhDn3K4+KOwPEl1ywE6MNDunDz4YRlQDUcRYHutDdqbRwwDt0BV4dIUS6YPyU3og==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:04:16,755 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:04:16,755 - INFO [Shibboleth-Audit.SSO:?] - 20220521T090416Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_tjryuljsulhhrzrwjxml1d84mopcbtc5aok9|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_a91561efaecad1ee8c31debab0c85a97|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxJGeDfyNpq9FAlFth0E5fILd6lGoLezmDoqC2uBc02ObZDZXNznRTXjy0EuMJEsby7kXvfwmphoAQSwixZUwxRvix9e55aTwr92j6JxIXqNA6MNFP3VRYWq77Mm8h2328fN25NY3IX+rRXlsL|_b015c2e34a6639aa3cbc2e1363c22fcb|
2022-05-21 09:04:18,647 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2022-05-21 09:04:18,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2022-05-21 09:04:18,648 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2022-05-21T09:04:18.647Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_bee0b7ee-6033-4190-ae91-78f530efe37e"
    IssueInstant="2022-05-21T09:04:18.647Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2022-05-21 09:04:18,648 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2022-05-21 09:04:18,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:04:18,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:04:18,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:04:18,648 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:04:18,648 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:04:18,648 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:04:18,648 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:04:18,649 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:18,649 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:04:18,650 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:04:18,650 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2022-05-21 09:04:18,650 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_bee0b7ee-6033-4190-ae91-78f530efe37e', issue instant '2022-05-21T09:04:18.647Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:18,651 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2022-05-21 09:04:18,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2022-05-21 09:04:18,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:04:18,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:04:18,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:04:18,651 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:04:18,651 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:04:18,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:04:18,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:04:18,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:04:18,651 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:04:18,651 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:04:18,652 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:04:18,652 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:04:18,652 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2022-05-21 09:04:18,652 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2022-05-21 09:04:18,652 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:04:18,652 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:04:18,652 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2022-05-21 09:04:18,663 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:04:18,664 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:04:18.664Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:04:18,664 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:04:18,665 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2022-05-21 09:04:18,854 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:18,854 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:04:18,854 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:04:19,232 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2022-05-21 09:04:19,232 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2022-05-21 09:04:19,232 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2022-05-21 09:04:19,232 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2007630032::identifier=rick, context=org.apache.velocity.VelocityContext@1f9482a9]
2022-05-21 09:04:19,233 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2007630032::identifier=rick, context=org.apache.velocity.VelocityContext@1f9482a9]
2022-05-21 09:04:19,234 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2022-05-21 09:04:19,234 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:04:19,234 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:04:19,235 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2022-05-21 09:04:19,235 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2022-05-21 09:04:19,235 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:04:19,235 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2022-05-21 09:04:19,235 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8146a9148eb6eed7b1193496d9efabc03da788fd03e332e2f8b7fc161d48fedf for principal rick
2022-05-21 09:04:19,236 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:04:19,237 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7ecb44d8'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:04:19,238 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2022-05-21 09:04:19,239 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T090419Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2022-05-21 09:04:19,239 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2022-05-21 09:04:19,429 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:19,429 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:04:19,429 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2022-05-21 09:04:19,429 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2022-05-21 09:04:19,429 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:04:19,429 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2022-05-21 09:04:19,621 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2022-05-21 09:04:19,621 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2022-05-21 09:04:19,622 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T090419Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1684659859622}'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7ecb44d8'
2022-05-21 09:04:19,622 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:04:19,622 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:04:19,623 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:04:19,623 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2022-05-21 09:04:19,623 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:04:19,624 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1049d028a786db227457b76418957005
2022-05-21 09:04:19,624 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1049d028a786db227457b76418957005 to Response _20afab574c102e9a636cea076c8790ad
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1049d028a786db227457b76418957005
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2022-05-21 09:04:19,624 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2022-05-21 09:04:19,626 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:04:19,626 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2022-05-21 09:04:19,626 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2022-05-21 09:04:19,626 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2022-05-21 09:04:19,626 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2022-05-21 09:04:19,626 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2022-05-21 09:04:19,626 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:19,626 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx9d6/kdtCd6SigP82NiCtkHzO7OM3ONU1yJ3ueP/j6X/rcrwStRAV6OWSRJ4lzt3T6o5FVr3evX1643vZ1XrKeVgrXUZra9vQ4581QtA4H5+Npj8unodANgGOmOo7MlGbZBw4QcdonWgR+Kgt with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1049d028a786db227457b76418957005
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1049d028a786db227457b76418957005 did not already contain Conditions, one was added
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T09:09:19.622Z, to Assertion _1049d028a786db227457b76418957005
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1049d028a786db227457b76418957005 already contained Conditions, nothing was done
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1049d028a786db227457b76418957005 already contained Conditions, nothing was done
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2022-05-21 09:04:19,632 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1049d028a786db227457b76418957005
2022-05-21 09:04:19,633 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 8146a9148eb6eed7b1193496d9efabc03da788fd03e332e2f8b7fc161d48fedf
2022-05-21 09:04:19,633 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 8146a9148eb6eed7b1193496d9efabc03da788fd03e332e2f8b7fc161d48fedf
2022-05-21 09:04:19,633 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:04:19,634 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQx9d6/kdtCd6SigP82NiCtkHzO7OM3ONU1yJ3ueP/j6X/rcrwStRAV6OWSRJ4lzt3T6o5FVr3evX1643vZ1XrKeVgrXUZra9vQ4581QtA4H5+Npj8unodANgGOmOo7MlGbZBw4QcdonWgR+Kgt
2022-05-21 09:04:19,634 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:04:19,634 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:04:19,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1049d028a786db227457b76418957005"
2022-05-21 09:04:19,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1049d028a786db227457b76418957005 and Element was [saml2:Assertion: null]
2022-05-21 09:04:19,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1049d028a786db227457b76418957005"
2022-05-21 09:04:19,634 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1049d028a786db227457b76418957005 and Element was [saml2:Assertion: null]
2022-05-21 09:04:19,637 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_20afab574c102e9a636cea076c8790ad"
    IssueInstant="2022-05-21T09:04:19.622Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1049d028a786db227457b76418957005"
        IssueInstant="2022-05-21T09:04:19.622Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_1049d028a786db227457b76418957005">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>2KBb7vYneSy+l8y+JgUlzhw6gHk+nTe/C2LJAzTLLl0=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>oV1Zpq5oxoX1SExTSeuX3YMb99cHbIq1dNH1AkZw6oKEVmVXu+zhErqNGxDpFOCRY+tIaxz0XAiURnjIBHfekiabFxaXwuh2kJXVp5ck727l1tfbtR4nUSBHMXSkn2xL7NmjcJYAESumlGwp4GPHkTOOkDloRxOyDTXtwGFSbZ77CW52KYYOvIvKPT8H85fN2EFaFp6yRKodghL0x+wPdIqU7jAlANEMaRYXycu0fljY5Uqxg2dH8rMfW0RvQSaTPLPexA+oPxiLfLIAQs8OvWnZX1+dcsQQupb3D/eJpydUee6agkdrGeUEllekIrSLsb3Es9KHGdilTAvUPScwkw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx9d6/kdtCd6SigP82NiCtkHzO7OM3ONU1yJ3ueP/j6X/rcrwStRAV6OWSRJ4lzt3T6o5FVr3evX1643vZ1XrKeVgrXUZra9vQ4581QtA4H5+Npj8unodANgGOmOo7MlGbZBw4QcdonWgR+Kgt</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2022-05-21T09:09:19.632Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:04:19.622Z" NotOnOrAfter="2022-05-21T09:09:19.622Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:04:19.234Z" SessionIndex="_48dd8a9f28b3f289d0c32e94eb0c6277">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:04:19,639 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:04:19,639 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:04:19,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_20afab574c102e9a636cea076c8790ad"
2022-05-21 09:04:19,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _20afab574c102e9a636cea076c8790ad and Element was [saml2p:Response: null]
2022-05-21 09:04:19,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_20afab574c102e9a636cea076c8790ad"
2022-05-21 09:04:19,639 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _20afab574c102e9a636cea076c8790ad and Element was [saml2p:Response: null]
2022-05-21 09:04:19,641 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2022-05-21 09:04:19,641 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2022-05-21 09:04:19,641 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2022-05-21 09:04:19,647 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_20afab574c102e9a636cea076c8790ad"
    IssueInstant="2022-05-21T09:04:19.622Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_20afab574c102e9a636cea076c8790ad">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>ESPrh0UjU/3lCrpyMQwBC31dcXQFq1erbNB2d/jfGFw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>efPfUQrX52dKxtHGqBJolPcN25Y7JFfnNR4tWdJo7GPAJwBsUDoHVdCWuKfSgvFerR+cGd+nL9gOVG72qYuCpU8BVEdxnMzcZX4Poxu08CA27G0hos0sApgWOmIBmxqkU5CZTzqnlTgaXV3VjTmSPPQdU9fvBtRLEn+f7Oq4ezLI2dNl6933gVH2dgEcF6VfXArrI8E9WcPGnQBciEI9U5x9lYZ5BOFucU//EzLDAcybBKAePBB0hegixWUy/yjMJgzZ3f1iY4vBDz+Y5eF2C2Wu+4gOKd5uOARjcYrpDgqz04eDDulsKospLDY0Le+wT2G7AnM30/QjV9UtvZPcpw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_d822e2888a4f36ad0521973a728e0204"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_fa543c6408da89e18b29ef9994574d8e"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>rH+9yBywK9E3BXB4PlYuXHKMBKraSQ8/vdVmAD3LvYVWiiYblANC5PqkGdzRkoKMsElsaKREkzzx1KSH470e+WCB2Rprp/1G55DIyAfFCtWCVs/U+kqHl11CR0MFvgO5FKYiDi+/OfIdnK0zeraRtURsml+eVXttv60ISY1oR+4=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>BULt/FctiSicrtPc30FawKyFyMII+g59FdIrOK3ArNlAJojmFVDU0clAEY1XC3Xfr0v5vDOc6ebh6xvNqOVHqr4lB/7AdNQjtYFmhEH0rhTkEM8wPD8CqJfjUtghsjwr0e9II+UtRlmmUOwI48Qe0SnbeRZ6qG4Zmb/S6ae6bsrV7yLy/lYMh2cP+HH2fmF57Hf3RnNQ1vmuEkNTpwUXGkoKy5l9AZPTOEP+bylgKvO5vGPQKYk+e3CpgvMf+xTRn2xb0/qQIMrz3HBFBx97KhmocB+TZja9NQN1Fy/1ECEcC9yQIu2nUkInBr/5SeDOJxFYL7mUr3G2ek+MxwwL4ysSVsdLPcVL6kj/hy4wNcVtw5g56vODitE9isvg6SFVtxNNaz4z9jQWLl8lp2HRkmcgexcL3QIYNXGhm8ArRJBS58ChMr6aOoDsZuMKpKg2wVsJHVoRbTqZeMM+SL+mfUpbaFbcRUh9JuzOK0fcP7eNz5fbLOsmjz5BFEJE3gHQBkQJ670bKQ3cL06+CM31WdNUctNA6NHRemq7GRLjRCp77MCONzOx7rZ4/mmlj5rJ8EatFaIYLbriEhwtOrPgRSTzV2QklHQROLFYTfP6JwL+omzmK4xhvibmuaPwP8OcQeB4jdaYXNZXibWmzyciwm5v1h48KruSSeuNy1XDjbf6hg/ZJyTgkILFHQIJfwMHPRwr2lwDHJrbBM9ZbEngmRwdSjaUfsBbeLqF1K5fBBiJcoldmqegWzlCmcGuA3k2NCTbcD4jb2D0tJUQDDpVpwJwHO+3U1onon89WupQUIgqICyulpUqeDVyyxDicljFa1i1Q1vVb/nlkORapFJPQGXlB8PzRLgvLYZV0BUMJFtP11/NnHsEGpcuNn8R3Agu4LZZ63zTmi40PB9XCjWKzl6p4D4VxV3pI3BrkaRYI7JRrmdbUaLBDE0q+EgOCXS35LtkiuOlcrmy8sOS6U15qb4QZ/tQRXwphDN72ioIV15QwTmoMXWXywgsFavpFDOLOHxBuQ+vLfyXlyxaP0tcNWudI5AASgyy8V7vstoBkQoef3VK0QOmsb49Q/x/0J1mrWLgUXQdpOlg6xlQ7yYic/4o0BgXa/3lpGsi/OXivtZbUZoimqtXkto1Iho7isLhKuZGOxqKJcXRIsgyxxh4TL+sceVmHGVDOHxRntuFQwWVgygQUVRa8AAj5BS6rIMsX+Hyb7CAtHb1RO8pcYGaEdCP34kMsdmuu+d5N480XDDyOek7WowS0pILoJnap9bffCNO3TExIYaEPWnlVZZd6kH/7pnO6xUTjgNVINz62hTQOD35GliSf8aROspnDfVZtb/lawMBF+AWdXdbjxvY1qe5dfJHZLyXI96+k8Fshr0ATpfClxpekwUUDfFA5mof5uy9eyGlKqt0cgDwVVM2RmUXe/wxisJrTtx1ej5iY59tyJcscrf5ybAVGCDowaVC1tBhkpq/LeRx20NrvwBqTuxT51y9CfY94lUwVR1O71A3fDPpLi/8uNcvlXjMdUmuQTGpf8e+r/fdl1r1jWLqfit9ZwwPoPqGDRTiaKoOSCrfRP/L6ohVwmtFrcW/UBm7jsRrfzCL3dGMLiPe06PQptcKL9cSmU/F68UFVyU2frlTKaRmOBR8QuzNvS6Eb/lM1pH1x/2n8ajwKbsXtK15gGOmGm9QRSJEfrcXpFjIXpDOjDMj6zDsTho3K5Kv6Za9pfOo+VeYZUwb+BOp9Ju9EnJ4nOEHDk35xfAiiDR42H305e05C54ZXYGZvDW3N6tX+SPntK2N2ggBA3jfKuOfJCbVym3sxKodVUylnBh1pnazMtFQcGeIz9RPx/Ft040CHI91V4t09Xe3C+5ewLFicEsHmh3fpP6AAeT47W+6sBw7Oe+/j9iAFtDFsu5spZOyy/nzF/Wm2ajzccq/5tGcnqtwJ99fBj7JJro5llli+Qf7mIJH448sbTd+F9gqy2vAPReoxyIEtNGCBW/AKbELcRAwDck/qWYwhB54cjlGoizZfGYeXRyAC62RFi/Im+5Kvmh0Wuq+QYUDmZpEmAGy/7N37ZSD83mrCjerAJXp78Xg2t3i+8zN3qBECDAco0LIClO70S3bhr4IrdrORuFvHVkmQHC/2KrHFbpYcC8FJsDyKqPsQKZJcoYFKoBkv+heBZtxHN2K84rnGiN4X80ZbxA1oC5nIAQ7DVihhAlJSiDdejMTXD9TpzTZctrzGYSX99W28l0ayYx0W7ms/EppiX/5E/gEk7iWWX6qW3wGRV4fXahGcc2Vh0XWq3V/G1TNX/4xNwZJo4ri+aGucNpk9Eo8j/UzDw637gNz860RNXXFPrYYhRAgAkTXOXZ36U1x4JABvOQEHx+yXn+EB+vQ/iYfmn4Nps7DMu4zzmengJuHWNUQL7b4aGbQJI9fEqVj6EYRcAeeWVAfnDij/K+ZVgA1UaegIiFzkfGVicJVnEe9chrbKLdQtRJVFXgzp2M5a/L54l2GFQ3xhTFVfPzIKAoGPeLiv2PKGYBljWRDS3nbnEun59NwjYUoXNtkh5kXkYrTI36GhOit5vxKlVIct00yLPaeuqaUnq3G2Mv93wHEwWi9N1J26D/VJaAEE5iBkqrgqOAgQj0sxT0bh725rQpeOluaLjeFUVw7DDpA6ON6jXB7zSlC2FhGBImVV3iaf6FjBWsBIY5lD3AXlRdIDF3Gxzj7q73mua7UtY4Dx7NLihRpH7b01FfLN2CrqwhSxSdzfZ297MKq0r+xGyn7COppT211fQ5Oj6hVMAC7WXiriZ1XYRIWYiGMNV/FSB5K1TCs1irHZTfowo5F4iqcHcqaOT9JOJn8dgCkwSjWvtEhtKbrMByd0NSICxh+NeeAzQg0wsMHgiyhSBhxpaZE1xOiljgonoi5fLrq1aG8eVxS6Mv9Sjs1zu36jo0gfMbpwV9SeCqKXudAr2piob8azraQ5UoAt8An5qWSu3+ZwR4pZrfr4z0Q9OMrqz7y/AuJZ8T7EYboHip+Q0uYzosck5QyiCv5brsHXYk3Xufpor8+kIQNO4hIJi0avs34TuFL9w7N6nUG6c8ryrLZiGx+f/S2/fFpdhy/6DwhMz6TT2LINS8J1mgxa0nO+g+RTuquiN6ojOfITHgGBw+Al11VQ6IEskKdmghQwKaclkDXA5lJNDUKU77k/OHbq2V2NmE1e2Y95Maxyfg8fUO4v9GD63sIjvyQnUes3EU1Vz3CQpN7cw3Ub+dqTx1J9hHtNLltBH0po5fxFyZB+dkawRiiakK488zdkwpBms9evCtQKiEsqXl4Y3B7fN1V0doFpBgoH22Cfobvz7S0Le7czJqEosiUkV+6c4UqJ0lw6TK3LSFx8hwD0VZYnCOyKl0XT6cg+7Uwby6B0EVrSY/ezrv4J8o3qC2Go0fbuyyurehCZ7yC/O30FxnRDJNl0v+GnqR+Z9HjwiJ2Jar+txhTbpTvvfL3HIyJSqmWTLBWWOONorpG+DByKdG7x4J3LHGs/Drsja8rrMTtnbEbwI+7Dt32gCcYkfv4vpWBCjP2C1/d9LB9FgdfNZVWWrdOQD3EONqzz584wUjm+43O2QUc+tF1bQTr+1xaRhyk/iPYcsW9eUsvnoeiHUk36Iffy/YhsOGxG1S1SZARCzIqOgzWJeT6lBpQ6vzbNbYhK370FV/dAMLVHQrByS/9md/uAEVKS+KsOaqbSv57878/CJfN23TbnvO0o2Z0tKD9NgVekwHuuSGaH1AYTCWCiWCkeZBbJZTnauOTY59DWEUioyLLp3MpIX8fXo1s3t/4kVGJ92m0hAexY++gCIb5rPrKWDwNqwx9sJgaCIigxX66oMF0fpPONt26jyLFYJOVlFu4J7wAAQfa/Fkf/zdyHmCWdKwbl3hwI7Xf6VVR7x/HHabjSSgOLGo5LCpJtcrmtmlt9zcNio+AfBqM4H0CVclVnYI8ge727ltyrUM4WjrBGPnmtpnV+hwDcCXiFk/mgIXeG6mIEwCnvwOP/EPQfGIBLLSUkaRGvcAiHPoHwqwWCNWnfUdwhHMOI5gCqG+FnffHMH8vJ01iYLHHztD1ioeKvcirlU3WrnRwpDdUDZY/KJYhGKdDTvqNV2tLa1yBOdvZXXd44Fgyh+lVbc/KT5EQxvH7abFIyvftoM93Fn0vpVHWRJkdX9xdoLAs07bEFstH2ZUJ6rWoO9AviMHKnL+BiMebT7KhrT7q5QQNGQMZcQrjkeG/SyPINt6ODBL2dKblS8BAzUk1W3awQFE2Fdu38e8nUEjZ2lm/bH1Y+5Z461kfE6d4zqxLmEGdOyZVgOOKzGNx5VS5ASEEQGLLTdqxGujIUYQrxUO4/eAsmgcVhR1xqTjrfYcOYaPgo+zKvffBA5FOdzyWlwJzvspZFQwGD/wJVdmWDIfL8UTyNdqLb3vFO0zWLGssB0MF0G1Wt3FsRhSnNf5J3P8m2A8AjFqRY0EsUQKWiAdYxhNtsEVSAO14enYyPmf5ePPp9Jy5i3oF+kBDC02iMsWhvOThn3GS7B56IlVnHvKCKQITH7FkHb+LhizqYtm1OdBt0UYMaQl5SNkdqehVwOqqe/PY8Nhn+T3r63a7rHAyqXfE57392n9ASVDLOsejUUdcfRGs/qXSnrdwmS/lt9wYjsUb++lzf9RAqU+ekyiIODUGnGX5UNqJECptjTerIH28gcAwjcJWwq1nO/jsF65yfx1jcg6EZPvgdn/3oGZoFOYO3Kff/IOrlzB+tyHpUGESmNJ9an2HVU707J/q5Myowe6vAfg/cQSirzKueM7y81vGwTwAWw4efquHHOw85mcyYJGLpFZcLpwsFaa52y/vPgnQylH42EAnnWXNHvtt0xfvN9d/JGJBrl0j3ahpLIduh78mrD+kSvEf6dciww2NZ5EEbLG9HmJ/fPUtQ9BV/oUdc6H0k9QgDjg1+/mHr+q/xXL6l1+HT88kZcs8WSUzwU3QKjTiumwhqqMgqDoSkvjz6jApPd6l7C03L2l22opU1ubhUyBglB8uMDceNnYuQVWjq+UVxjxoGD2QOcrJqYNgnl4d69RpNrcn8DJFhTDmHyka6gkSfcrL86qOflHCA2O++6GwOnrc/MkaC1Cv36IDKFQyFbjNIxhhbD7H3vrwEOwA/PB3F1xsde3jYxn1HXUwJuzJGycsfOoCZV7pV70Q4/+OLAYjoe4OlDHJqgTxQKamT9HdIgr5NKou79jQc/EIEM23trPxZaOiMaiXgSngJlY4u75GDXZz4L11zG2pkXPhG/kx1KDzImQ8Zid14IMnuIEety7BbursFT+0k3EPpVAvRJ5ip1BTOGWyrPAl8HFvWbTguxJ5wZ74+emHl8YA/Gw8PSZive5i+oBw4i1GhfcKbwVi+4AVg/2CiXKFDu7wdcDzmEXcVYJLPP0/8LdLUTzxj/2RpRnB/OOqrCncxI/nGeNLwIM8sRBGMJ999B5wystQW/ZiSVRCU72b5tVTQlAXQoAMgr+DTjgxQQ5Mj+LBbYPBQn8kO1bKwy7zL/2dWpF/SUn6ZXiC3Meg8sDRbMAlDK72/3yyiHfK7wectabf1zJUkzi5XvzuUV6F4tl2yI8+ovUW/ThZbqU40aZImPtx5/HR1K1ztiAAUkMfKm4dRzLey7tDXu+h8OaWdxZVXG0ik/ITjThhEZiaInIG6NQluhqH6ZITchA6ECpjtBGLdVYya0087g1sIMAdG5JKB8mBagnutRzOGEG/SKXTB3fBrahoqyGYsvu0siAIY83+23fQFP6c/MwAtGxyxEHfxNvj7AIk6qaZ65IT9QQXo9GAy2YewmHz2YpeQdwOSIv7nddafVZqr1F/g6wVauWSzl7LkqnrfSrSErV1+1w1U6tHskMXNXGsg5ia6R8lbCfpcrTXMnaXepYQgdLl4Flo4J90YjSaBe36KhmJQp6H2F56Y+Ul0HeYFMV7SYQKwFuVvtymJbpHkXp91mPoDUnDzl/ZTruUgPoTBvBcomvXBn5TKC566XN31v4iRRBfypuOLJh5m1i3P/RORl1PoookKH1yA5qEHaAeJdUYYAd4fieosRxBfXVOFlLif5wFgjW8uLYIZST8Ne2UtVFnu46Jb4aH43PWyzdbaP31Cayt2NHhnxS707ReHrx5JV7n/ahCyyRw+aJSbUgcBxBDEHW9j+Qx5zd2tQqXO6K68ssSW5m+Bx+yZJv7P2HH9EM3BZhYS7X9iuQv/RnlMR0zXtiKrNQejRR5eoQw4Om2l5q5TMDuuxQPjlo5ct9V58VRmeMSSwEURELHnENk3ZcCs7qGidVSSdpVGx9QmrLQ+/jIw0ec+c7U3Pua9nYBHyRnGnLbBz60v4mf27nqesCn6xsoYUNCsI21G455iYmPq5/0oEn60gB26b7CgdKSmk16Q5oWxbNyv7Zxlynxmhd1MgWYTEEVwRpLHTw06lPuYh/LbeLdV+Oxp3PMOxSIx6OoeqnAC6EgY6vPGy/+Ty3Uu901/KVMqiWooGxj1/KdByQlum5AMFo8ZLhih0c9ITd1IiCbJbWYP9vTEFOsCeTdnqreAEEtusCImSSlDFMECVGqgP/zIDBDPWOz/fHmiREcYHMou4gk5p01HU1ZIRltxspivfs2b06vBc6IjPoMyQWevVsuB3ARTFcBiNvcF189jcdaXhz3fPiK45N3vu10IBd809il4kkdBfx31AZpe5kJ0/jb9VmIC7Uq43KbbimHdTFqmhhSRUDX8ch9WK6IlEdbSaQV55R6h2/cEIxInUZBHn7fmaWPFmJ1OFeR9zXRkJ2U2EkzUtpBhBzjpohsYQZ4RelGajbE2f6vk8Otb6WBZDUXGw/tBSJF/S1eVQeaIBhI0aYbhm/NIyJMn2pFhQYrmvLZEeGV89S79IhCf0AH/PNn0u3KqZu40MmxVTeFR/2mxp6L8YYIoYNBD7/zJRcw9dnQyu070VbHmiOtTZ4BT3V8fa1RA+D/XSkH04ASoS+O/qLFlpQi7QjQ4ccgy3/pi+D1JFeOy55C9J6qsXWOvTVvqancUHRu1vTufa6jvTg/mmIQqUmmjGgQedydvHzcgTgbHYENUyIuItTl8OTnMynNZgxUaxQam4CosDnB0fDnjxRYHL8DGwjgSnuMkOyMXzKVDrFrgwvf57Lu+XNTsuqnBv2o4DWTEE4TlibUpg6Kna6tjRw3Q3hT1R6diZTzHxS6ZNga0/HzI9r491fD0KL8VG5TuhRZ8PYXjlAelfUOfYrEEBbIXeogEbWhTFVqrlpuaa7DzxPRqNRJEfohCbONrPcMQXRc5YMyw5sy6kZuioQwTgTzdRmN3rqvFNsAuZejQTRObMWeFeJPedGVgSfkmGsBE8gvx9mJYpJKsxjvevc33qNRNUXnZmY4gxFDgT4UyeEZ4/8eS5gptxvULKjZkzbGQckh7RRD9dYumwxgIRUHLoszuJhVPerLNtMLeOaYDZRaIPFNuctk+bHl5djscs1F5/xFAEpzsdw5pNgCJ97S7sJfEV0BXQUgjrjOgi55c4+QeFsDbuQx8cZSzH+eOmTzZOwr5Lwel2kVw3Uu2ulbgqUp/4dr75Ev3V9xB0YFANlCHgTmRne9NKDGjZucWkpUNE7t1KuAdGmfRpc8I4MqI8TjBhwHE+ZhXYaxKoXJtelDCA8wO5h0AUGJYcKDhAOg/ySxovk+fRjGl3Kxau76ApeDqSeuzJmp+Wl8t9HsBerzXXpIBRCUW0D8g7gPO8x6v+0SJ67RC0dd2PTJdAX2uYNWfg0QKKGTzs8BRF5UQWE7fCfFw6yWUcjQgFDnbuTu+9M0O2DjBkK2+bIV1m7/J0VoecIRfWNY26ixB3syHPECnoxSLqG1+SvtMGYZR5YodcW1lYDZ2D9hhVFDIE48mj8YtN0ShFdeicXT4vlH23E+zZwmII6FwFhFngOWum9j3Iijb3tbyqVUjZR6OG7s24p/2N5y00/EkV2M4o0tIFL54BJcMazhT3/DAOShu0GPA8ALRbRkyzLeV9WjznSW7HNTloM+H6GVIx7H67XCJTYfoaO77Xrg0GY5C286SEmndsZVZDv8YGC80aJW7zqe5R1LY07XVbLZlaI9i6hly+tzlLlyenUaa6HAvVrdJlVsIIDrv9EPXr2SZu0WUSVrPZI1a6vOyo7RpH6ja6z/5JPrjmuyHT7MbvNU98Nz1H/A44VZxJQG0cIAPg8vUOI+m+Ubq2I7++3Or79dfD8Z7+OlpkvItq5JtyXGclttsa4xBBIHjNk+EkEznqLa5k3wv6ZJzyWVl/cQZRBmNoVL98I2SOY=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2022-05-21 09:04:19,647 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:04:19,647 - INFO [Shibboleth-Audit.SSO:?] - 20220521T090419Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_bee0b7ee-6033-4190-ae91-78f530efe37e|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_20afab574c102e9a636cea076c8790ad|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQx9d6/kdtCd6SigP82NiCtkHzO7OM3ONU1yJ3ueP/j6X/rcrwStRAV6OWSRJ4lzt3T6o5FVr3evX1643vZ1XrKeVgrXUZra9vQ4581QtA4H5+Npj8unodANgGOmOo7MlGbZBw4QcdonWgR+Kgt|_1049d028a786db227457b76418957005|
2022-05-21 09:08:47,479 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-138709-wiw3XMp2JE0t1FZX0RN7ruEjCmDp-51j
2022-05-21 09:08:47,479 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:08:47,479 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:08:47,480 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_be5813c3db7a4684958ab3c223910b9a7c875b7"
    IsPassive="false" IssueInstant="2022-05-21T09:08:46.632Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_be5813c3db7a4684958ab3c223910b9a7c875b7">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>mqgZmkyR6UZzO+z62cu8C6PxH3ecH+mAS7h4vZnnUsU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
aI/qQh8TQFIoneODisGrGCPELV+B3uYqBW5mWQzSFQEQ9h0HVTRG0dI7EcGJzfUwBcD9OdXRgB7v
tKKsU5xi4BOop5T9s98GTxQkkSl/7V5aPTl2z3G/vX6G3+jbGxi9Efm4QwfYbFGxFEAMFKKYRL6t
/Bp7qRTrL4ZaIbEbEuaIzI22knaP3+5dnaeDnFF+nXQnK8ZudIPIGUScZbGXIfZVe5xLKPED+l+U
NU4v9x6SwCLfp50yLRh3CMn8QQhrNuKnDTiXpHKF0OcdHWRWRMCBR5r8dNPb21xsTOTeZWtr8N83
9CwZeRPH7DqrcAYnCTV1YeX/uS1m67RaaNUpUQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG0DCCBLigAwIBAgIQJT05eT9C8MMLxPWjiR+NjzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjIwMzEwMjMwMDAwWhcNMjMwMzEwMjI1OTU5WjCBoTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEcMBoGA1UECwwTMDAwMiA0
Mjk4OTQ5NjcwMDA0MjEwMC4GA1UEAwwnVFJBVkVMRE9PIC0gU0FNTCBTSUdOSU5HIEFORCBFTkNS
WVBUSU9OMRMwEQYDVQQFEwpDMjI5ODgyNDQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTQ4f7v+iIqvjQLCZQyJCiWK72jzbm1lNNsOGLMdNO736yJo0iUXEygaqJ4awu+Nf2Ase62f
o1hROHtOnixvceJN2rd9BMKm/j3BgeU+vlW3quq8AFkm9ikL7R4hBZopqT5deXA17EZ0tpQv6I2z
WbuoBYunvJomVoFZYRwDWFlHoQRBJma0LL8WTrPP7t4gvZMqYSpEqyeeyX2cv6FS4uCOXITFzWAA
Rp5rdIkL1YzU+Tr2thgVf/BvRYsVqaCj+94YmoJAR1/pMOLIKhfoWNxOKuTu0Rpu1LpKr72FYsZv
osn4NHBDoVJncq/crrxpaYF1FqorTjHw+054l0YxJwIDAQABo4ICJTCCAiEwgeQGCCsGAQUFBwEB
BIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNl
c2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2Vz
Y2EuZGVyMDAGCCsGAQUFBzABhiRodHRwOi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20w
LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgw
FoAUrOyGj0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBM
BgsqgXoBgTECBQECATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0
b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL3NlcnZpY2VzY2EuY3JsMC2gK6AphidodHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2Vydmlj
ZXNjYS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQq
6jjjeMXwQMpNNecEbqrEsJ9eTjANBgkqhkiG9w0BAQsFAAOCAgEArkOzqH9sUsz/QCwLRUKXqsYS
YjB9o9GmKorBERtR7WJQIxk1jZxDM9dR8LTOA6tKOQ2LKzaRl0RugagliM75Dkt4AdWFQFzZ14c4
o+JXsvCNmRtncFxY5KAJqpeIgOHigpnOb2qdS5c0U2tMa48SYl5DgTqs5nlyLTqPIsF7Am80lsTn
iNdbvyPjmyrqsaUtIJ7WpBhyt+k5TEr4b4XWOo0jYwJEutvrYXTNihmWMfobEiC11+qziyWmBrrv
dJyg1H/XGJKFZ0atOOFUCfvoqFZrc3cD9uiCkLX3ljeehKkWyvNbBoj8ETmRPjg2vXIbPS+jR82g
fhLtUJbE/zVWQCoVtKowZqlY6mMcAXkqhdHTG9jfIixHxMMqMr2s+Fc8ywXlZzmAI1ejP9/LX9bV
2b17e4QxQMKMH9f2sVRvo16n0KtKGH5Zy3j+Dwkt3iIsN1F8Lo7vymqtqSUZ3EyYKNY/GvvmrIc/
snB/mGw4vqxYIXlIwwpm80/NRBeR88OFR3PYlUYKxrf9HKVRP8HqHG9buYSQdDdVe7k56Af77pCl
88LDCL49/8hb/XzndJjqvSLbKsU6UWV6q2e/kkQ+UcF8bBUMfHWLLK8xALkzrg1EATC7dviFBnS1
JXLmWJjKwHfWUkBPJnZbMCiKfgyNK5vTXpzzOszUdOFBLRTbtco=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2022-05-21 09:08:47,486 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2022-05-21 09:08:47,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:08:47,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:08:47,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:08:47,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:08:47,487 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:08:47,487 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:08:47,487 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:08:47,487 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:08:47,488 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_be5813c3db7a4684958ab3c223910b9a7c875b7', issue instant '2022-05-21T09:08:46.632Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:08:47,489 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:08:47,489 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:08:47,489 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:08:47,489 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:08:47,489 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_be5813c3db7a4684958ab3c223910b9a7c875b7"
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _be5813c3db7a4684958ab3c223910b9a7c875b7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_be5813c3db7a4684958ab3c223910b9a7c875b7"
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _be5813c3db7a4684958ab3c223910b9a7c875b7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_be5813c3db7a4684958ab3c223910b9a7c875b7"
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 28006387942418969225649916333139519355638096712380574766811124292301661924791783373435519521645343314222150486630544111279201208456534326021789549853743685148618935308478902334906724628767813199207089277413212107100136253421395783986273751615833433303294145160454079582517841805266304683646247889208889889285649761903626503112587855797858159314696858314376793384619325800929104640111043457518521477309769823877476635541777671075359495929393833402001839094854271118678662367631745138729125305417820632241324967181751700731063078265668737087296240734489903773792043477803426999131829187384000744293796058798748147374959
  public exponent: 65537
2022-05-21 09:08:47,490 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2022-05-21 09:08:47,490 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:08:47,490 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:08:47,490 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:08:47,490 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:08:47,490 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:08:47,490 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_be5813c3db7a4684958ab3c223910b9a7c875b7"
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _be5813c3db7a4684958ab3c223910b9a7c875b7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_be5813c3db7a4684958ab3c223910b9a7c875b7"
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _be5813c3db7a4684958ab3c223910b9a7c875b7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_be5813c3db7a4684958ab3c223910b9a7c875b7"
2022-05-21 09:08:47,491 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:08:47,491 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323239383832343432,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700042,O=TRAVELDOO,L=LEVALLOIS PERRET,C=FR']
2022-05-21 09:08:47,491 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:08:47,492 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2022-05-21 09:08:47,492 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:17:45,745 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:17:45,746 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd" IsPassive="false"
            IssueInstant="2022-05-21T09:17:45.038Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>FsGhctNQpqsaXtjtIExjKaxN26M=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>i2fpuacN8N6vkAq23c+3KvayZ2qb2Ie7J1e8pZSBkwL1EFkYhq8gQtyZc0M1yYqKkxDuZMAQC3GUT6KvzBiqO7jlwn8zwVccpWjsQuIlUBN69EwdXbdquXqxKW/QY2/pPZNQCMvnpNxUBQZmi5qewAuV1e5LJQeiEe/S7wBRCkx4SDmx3GIJWI9E0sn7R3raShYMonIrAKa5zH/c0tV2/cBjKO8O07/Ig9eKH/sVBL15Amz56Jfz6vtMOVPJQqY7tzYW2EeKUZ+evTXRF+T/ISEDHkOpmBIR0cN3rkWxhu1PNt6RjIenuPm3OBCwtU3qkv5zHTsp97znL9PhfeUGDXLkJFx92rq7ureD1PbcFNNyhA2rXPB038s0imUHdjjMhANCX1saoEFfSPMgUBldPTDebz9WXMHDKDe0hF43FetyUU9a2RQqEfYUD2d214o4CgypINN4aC9Y2CsaB5BOHlH3jdLeRBi7PIrgDujCFRd6KO9+qt5SYx+I0MkhoRFoTB0oynWFFYolHpgyjC619Xd4rUQbTaKOLUnlZ31CGT+vuBfmXH1cUeBx6aLr8NoH2J5aYBHhmG/cUIGZtwnrN+CglNAsH3VTrEyJNBxM2AU0IMhsHscEDrjV4ryCmqJi4pjaaMaaVNciM82NLtHpNKk2rtaN1I9915g2mjjch+U=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:17:45,754 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otc.t-systems.com' from origin source
2022-05-21 09:17:45,754 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:17:45,754 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:17:45,754 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:17:45,754 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:17:45,754 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:17:45,754 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:17:45,754 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:17:45,754 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2022-05-21 09:17:45,755 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:17:45,755 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:17:45,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:17:45,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:17:45,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:17:45,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:17:45,755 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd', issue instant '2022-05-21T09:17:45.038Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:17:45,756 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd"
2022-05-21 09:17:45,756 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:17:45,757 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd"
2022-05-21 09:17:45,757 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:17:45,757 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd"
2022-05-21 09:17:45,757 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2022-05-21 09:17:45,757 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2022-05-21 09:17:45,757 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:17:45,757 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:17:45,757 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:17:45,758 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:17:45,758 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2022-05-21 09:17:45,766 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:17:45,766 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2022-05-21 09:17:45,766 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:17:45.767Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2022-05-21 09:17:45,767 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2022-05-21 09:17:45,768 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:17:45,768 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:17:45,768 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:17:45,768 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2022-05-21 09:17:45,768 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2022-05-21 09:17:45,768 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@138474901::identifier=rick, context=org.apache.velocity.VelocityContext@3987745a]
2022-05-21 09:17:45,769 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@138474901::identifier=rick, context=org.apache.velocity.VelocityContext@3987745a]
2022-05-21 09:17:45,770 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2022-05-21 09:17:45,770 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:17:45,770 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:17:45,771 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2022-05-21 09:17:45,771 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2022-05-21 09:17:45,771 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:17:45,771 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2022-05-21 09:17:45,771 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session aac22918068ece9d3de04b7cab9e537e81bf82e2cfda3e2e58b5521764412a05 for principal rick
2022-05-21 09:17:45,771 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session aac22918068ece9d3de04b7cab9e537e81bf82e2cfda3e2e58b5521764412a05
2022-05-21 09:17:45,772 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:17:45,774 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:17:45,775 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:17:45,775 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:17:45,777 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:17:45,777 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e03d59bc17c41bc9b96cbd557a0212a6
2022-05-21 09:17:45,777 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e03d59bc17c41bc9b96cbd557a0212a6 to Response _b753982d3cfb2532083c071ebf243ffc
2022-05-21 09:17:45,777 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e03d59bc17c41bc9b96cbd557a0212a6
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2022-05-21 09:17:45,778 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxhvHqbu2IDW1rxWaDDuERlBVf99uPOL46tNAonZjWdVakACae4b/oL6oyffBVLLUCFYPfqhFwqUnvTfUgsNBEsuQI2gnF/M8AvwC1eL/U3R6/f2J+wCKj9uXZr2SMUwtGfq4TweTB with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e03d59bc17c41bc9b96cbd557a0212a6
2022-05-21 09:17:45,779 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e03d59bc17c41bc9b96cbd557a0212a6 did not already contain Conditions, one was added
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T09:22:45.775Z, to Assertion _e03d59bc17c41bc9b96cbd557a0212a6
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e03d59bc17c41bc9b96cbd557a0212a6 already contained Conditions, nothing was done
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e03d59bc17c41bc9b96cbd557a0212a6 already contained Conditions, nothing was done
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2022-05-21 09:17:45,780 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e03d59bc17c41bc9b96cbd557a0212a6
2022-05-21 09:17:45,781 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _e03d59bc17c41bc9b96cbd557a0212a6 did not already contain Advice, one was added
2022-05-21 09:17:45,781 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session aac22918068ece9d3de04b7cab9e537e81bf82e2cfda3e2e58b5521764412a05
2022-05-21 09:17:45,781 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session aac22918068ece9d3de04b7cab9e537e81bf82e2cfda3e2e58b5521764412a05
2022-05-21 09:17:45,781 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:17:45,782 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxhvHqbu2IDW1rxWaDDuERlBVf99uPOL46tNAonZjWdVakACae4b/oL6oyffBVLLUCFYPfqhFwqUnvTfUgsNBEsuQI2gnF/M8AvwC1eL/U3R6/f2J+wCKj9uXZr2SMUwtGfq4TweTB
2022-05-21 09:17:45,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:17:45,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:17:45,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e03d59bc17c41bc9b96cbd557a0212a6"
2022-05-21 09:17:45,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e03d59bc17c41bc9b96cbd557a0212a6 and Element was [saml2:Assertion: null]
2022-05-21 09:17:45,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e03d59bc17c41bc9b96cbd557a0212a6"
2022-05-21 09:17:45,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e03d59bc17c41bc9b96cbd557a0212a6 and Element was [saml2:Assertion: null]
2022-05-21 09:17:45,792 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b753982d3cfb2532083c071ebf243ffc"
    InResponseTo="_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd"
    IssueInstant="2022-05-21T09:17:45.775Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e03d59bc17c41bc9b96cbd557a0212a6"
        IssueInstant="2022-05-21T09:17:45.775Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_e03d59bc17c41bc9b96cbd557a0212a6">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>VNufyazl6y0T4zrrF+qYMUjInaAS/GPxjTakEIPFSP4=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>I9W56yYaLRMWqzZgnQkScK62+glvuHaOP3gmKu/HIoBqzX0o2Qlvywo+73ZIhM6z/NcS24t/2K6fTdtIx7+N3eoznM0Omkebb3TCkdLaRqWQ89eOeP8tugiMtS4rqaMIch5o6gtIA0DRCfHNLng8sPrHF07WCyogqbtubROR6WLxewR9azEQGiUsTT0lTzdXac5te5NzGZiM60H6AzboTHrdIGi1q02eZg9/caTjGmX7J2ArCBKpcUdMSsfno3nIHxgt9l7pvoDSn2gUjiVz9k+DXYh7NLXmhWBAaXhrf8yki/vo/2w9JArN2zraWtlfFrOV9yLn+zNR9Z5r16y9aw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxhvHqbu2IDW1rxWaDDuERlBVf99uPOL46tNAonZjWdVakACae4b/oL6oyffBVLLUCFYPfqhFwqUnvTfUgsNBEsuQI2gnF/M8AvwC1eL/U3R6/f2J+wCKj9uXZr2SMUwtGfq4TweTB</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd"
                    NotOnOrAfter="2022-05-21T09:22:45.779Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:17:45.775Z" NotOnOrAfter="2022-05-21T09:22:45.775Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">o57ZJ2cSfMkuU2bWv5vgl+HhxBNuyOr0LkYyJLlIL5s=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:17:45.770Z" SessionIndex="_33de713b38a8e87b5cd1d60cd924a2a6">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:17:45,794 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:17:45,794 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:17:45,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b753982d3cfb2532083c071ebf243ffc"
2022-05-21 09:17:45,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b753982d3cfb2532083c071ebf243ffc and Element was [saml2p:Response: null]
2022-05-21 09:17:45,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b753982d3cfb2532083c071ebf243ffc"
2022-05-21 09:17:45,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b753982d3cfb2532083c071ebf243ffc and Element was [saml2p:Response: null]
2022-05-21 09:17:45,796 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2022-05-21 09:17:45,797 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">o57ZJ2cSfMkuU2bWv5vgl+HhxBNuyOr0LkYyJLlIL5s=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_b753982d3cfb2532083c071ebf243ffc"
            InResponseTo="_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd"
            IssueInstant="2022-05-21T09:17:45.775Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_b753982d3cfb2532083c071ebf243ffc">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>fHvX5YdvYzgy7VD3SCMBZ6XAazyC4lJwlyQukr1NKhs=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>ZF7jExU+nxGfhiA0iPIKuSLqr/+rY1ySb1YxSHCuxUoT31ei1AWD/FDeKa7dfACCuanakAOu4CyNa51Lbbu5VXhjvdPX29lZwxbQ9kKu5pTGS0udsToWTC+izl+T1DvSHdk/D9oyKAbHq0A0eFXj9a7WQzcmEV2OB1mFIWKdRdPnckH6RT/aQ2dtrikjRA6SH1ze0Cn5i/nsMAaHF4ALTad3MVlfFm6cYvRmvGBerOwUMCuHGX2WZ62RqCiCQepkDVDpjIpj8S6FZmkT+2hYEPi1QTNOZnzNXE6GksafwMSTZ/RzmQ+6BCe+LqcNyqu9mfeYRFNdnucKM7kVwS35tA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_f85a5ecfc17b6f806959b6f5c3024a0a"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_0a99f688e37c67b8df2a85d0cc5c05e6"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>mjZtyCbgCvLoKrlKEIavj6FLNSyFlOu+0ME/xsxX2CqeYd1JdYATeNcPUhVgpK119T6Iuop2XBU3oUb7szDEJdox3iujkXLsV5mx+LmJIGu3CS5f3wad4aYQUNPyLlXMF/N0BZHsNMgG/MNQU6HHB2MH1Ekyz8IHZnyMSHHTF9ympIjQLjsT/T7XjJ3dtaxEzPPFWWjzPMnSGCSvSQ37Xa9ML/toPnDjRXIvcQi0myOy3q0GmHqASULvelpxwPc5tBIiZMvu5PvYiHbcBv2RTDbWra7s6dAgUW8JA/8biQnGEEgmebgM0DbE8ra2qk4n6OiPRnly10ZmeVtXlTKfzEbsfws6mtgzx2Vw5WtdGLdShbjPCOde+VSFmwKPO0bXV/tQoNy7IOzrGtIORU8JpmApBmFl5WF5HyNdjloqQHqJfEtPQqJd0m8Gsz+saCiocm6msehZBrsy1IB+nHTqvaXYlfZsBPOC8U7+xRmeKcbZLiUkHXyicY1J0TtBngwgkauiHVsIAe3FR1hO16XR1QZAJuJLIc0ZTFQOT6jgAdokq+N7ZFzU5+jCXZ5c4VsNlZKWE2LxpRjnM36EPXiZSdg0pGJbRh3oiV4D4vKhS54ZYargmFHsFcrLLCrYXYsp0jiiBr2x5JXWkdYFV1XDzXoxYR1bQy04SXxFgOq2j+U=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>85mOGwuKXzliUD4sfvrQLpm32MoRums1GOw7FmvMhIOadeKzsgQXswVuvjzepaNtBiTMWOjUTR1TgEXbzMC4AyiGYWPIPc3eMEBCd4F0eLAmCZ17OW9u7CwokiX22OTFIo0mB3RD4tX49h0BRlJzZMEF7FkaNMnQuSk7EDdZbJB4q35AXGZeswQHh+KqNG6ShDP782mVbZ91iX2pOfAODmZG48JFsvOwYm8RBOLHdewozDfELv4kH5NnA/AndMWIqA3XdNpTlfRjwjKlBoI/ZRC1BB0YYyHPzo1pgaSiUh0YTVi+W7FTdU+JnLgRoWSTBnYnw4q6LZU9LjLyMqcN/W3MzJ6uv0HApvEn3nAbjK3gdQjoMdSEFOp9Frz+DGRV57rTGp6ErsG6ccqzGrstfF66PM44B+cpAOxolHrFHf6+nkt5fbLMfMSh4+tLHQyNqXIh3rEr+NVqnNcpfJRcKoCaCFGMhVQtnydar48AXwypYxZoN/zzUZScc8fet2zcuJ1uFI3iRLaNqxR5ZZQSY33gMKgejTVoTZzVsDlCWnEvebs+U8QFRL2Tg2eFDKtUEjCUTtNYJyiKn5shHIT96nUdhueTFQ2z4/XqBzlm/jfGsLgR7cGHNuBz8TnFYHiUj5RLQFHC09gizsJhG9KoFBCWvQVcGma75B2x5Oyyg29Tq7tVVlBi2puIp/aNdwDS+ZrBY6XPFCGkNx330QFyKvHu7VapL7psbZTwn29i3qdKey2brs+DcHVw/2FWaDq2Q5TjXavoFCRZYnil+OiABusYCG4/skOwlvRV7hl3EpUdmzahN8PB3yq/3RVMlZ57Jl2I3KX1EiGQJ4XYavE9H5a/T0HjEkqaGtj7RjLM+wbQ2p7bPRz5BnXqSkvpBgXMNLIoLRGYbUXA0NhKtUra4j7zy8Nx65oaxc0tpDUx06D6KaE8zhfeLRBOJMQWKXTlYkRvqzyasdrKOga9hfrj4ThB/5338T+1sN8WWzJ8kLcJ3BZnuGIz57mN5BOqEBij5XVTJkqXLor+84rnJPR7EGpr3uC2L6IWCN9GZLpHBR0QxcHsShRaQE//BC0WHbW0mm7M+Zypi/TGq/PQYLWB86HBZftDofuOQS8+nQFUm0eMHVpud+Wopz+Fy83se+a+p2znbKBrovY+6xzEmLo4lqSqAifdHcr0Gvct7sWmWkc6AVpPlgneAIlm8bU/SOvs7wjYlFb71H3L6TJAlHhmG8NPzzSiI+Rl5FiK/b71uF/CPpRu/YIj7tcSKrV6ekfv1hmdDHnuo/bkXCqIYYe5sxxplUD9zABYVsauiJKHdcn56ncxFF4eqqtOJtRu+WpoN6Gg6bvDzJP2aJW5aW4488qcjQrT+2J22BKd9qRksiS5F688hEeG1CEK1aMKCrSoZAydTHkv6fdrKvn9KsrqTK2NjPpuMMsWmMuLsF5+3pQ9TNbVoyflYSfw7wI6or9qvJjdRSQx2YQMMuZTq3Cx9NTkC5kl7Keh5aHbGPJqBAZhqT1vTE7AH39sLKnJTtpnMNpqS4WqV/QVeMX79+CPcxuLhADx3sr8ut2f8VdsRRTfcj8GjWoUk0vEs8atrXtR8DnY/F4IIrEywG7GJ/Akzija7q2B5Kunq6cD/xoanDwzzRP+nGHUidfUgzBM39cqQ/uTlsd0yti/MmNPXqsGURe2cw3OvmKVxnq3RqCVSa5d0WqIn5N5bU4y5Vj4eGsomw7E8Cq4FfFbruzHk4b9tKD4WDTfFdmaBQp9tPaSot5L+//5ayxJ+rvXoVdBf512yE5sF8TpXc/XPp6mYMSN3plPVDlV7qDxoxr8lX8135bt9rl345G/npqBN4SIar24SaHzByBxr8aewRDBd0vmMDVNvQ+9q/TVt4glDFgAQmocElF9aKZrDch84MtUCr8Uf4Aq2n4xPdyaBrldZ5HGa4UCpTBOd5QIUsPaPVUK62YqPhKSB5I8WK/mwyt0AxYwVEh6FaO2hS543TByKJ0jHg14W1wLuwvx0nvmz4taqHnRumO/MP2pwppwqefD5J7lsHaIh+WGqZWNav4jXsr5E0ac6BykPZPL6xu5TpMnCsxCaD9y5spTFxDaKFPdC+cB2KesvVItirnO8XzFmODUmJC0wxujSFOmWCXO3WP9g3pGTEBeOFFQ/Ot5/s4ZyLNctkt8OxohOr08pW8ywCWwiWt7v+CyzlKcyrqjFDdiT+qRvT1enTPZw5cKTSRSkmEUV0lhukSBvOH6mDTBpKon6nZLtWnYfhaSFpY1nE3MGbcSQG7dCVLMIDG3D/ja7TUSPR16pMCA+2mI+jKflwVCsFAm8Ouc2Pds1iw1v+Lvvz+hbI5IaJbTz7vxwxR05Xp8EI42+weFcAHoTenJDz+OC0uwZCOB2YrcJznXWKsbbPou5bRn4+HdvBk5iqqprADPQksw2PjjtCMTStstIYOeB5/Gip1+TT6GHnOLxPyvIr0E5P0xq4h/aI7G/SMlaIbvQw18tDCw224ylOU/Pw3plHw7VZLw1IaNO25O2tz73/R1kXluHsnvIq34mqmk2QAOzH6rn/nzr/6XWHwaaHNigdZN7R8fKCPhSXjSuIWhZpk9DzMFeajfoACAoPSkIz00PUQeVh+dZuq0gdR6beeubySdSith89VWTUNBrN/XCAhi4DisFtuhbbQmqAs2xdOcbrnjnRdP6uYGEf2pdfFGNziq3JY0dA3vCw56tTlUx95bxT5DlZ42EE1u+hpWuGOzzPiqo++r9zMeDtWErhJFoyetEmpAVjChhWw3zvmZYtyVy2t87YIfHYYHwv9GbzJR/07PmTJrbKOea6ZQoSOM2UAEd3uAOHsAx/m7JWZ0Bu+j3bgbLpb4aLBgmASZNMKqgtk9+8sNtQYW5OIO4x8aEcs+a+QtE6qKYPQO4xjpTTB3QXLfO0kFU03KFArM1WAZGryIQE54SWlnarpSNWQZPeW5AR6vYOlWlZac2aVaXAT17hEmVxwqM1cUHDkd/ZwM35MxiYsmmFSLmN/FzFFxlQrCYcX/9kWQbngAmehcyCeVmYFOcxbN4ikx5IST9nQV84lcxdI78IXbjT9g9jgQbf2LM+v8vI5G15DESrotjAPEEG43aRmb4xcot3Mqu6mYYDujG5Fe5stTsEL2uuHty3O46Gl6IBRPnaL8bubH0ww8mTJESMnGgMhc9HORl4pOPivAuAIz82oZcQGPtdgSX19jP2B2wq3Vm/KXcCHHsFyi7Y86RWiQlWAs2x0aWlHF/OWT54NaUBgN1Kk9SZYD30LXOmnOi8R5IoCKSP/8QuRlvO4TVvVcbxE/dsQecDZ/xhcqoUJo13CYlFmETnokVruarCQcdNCPFlilQ5vSill27zZ5S82/O+AMlChwQq0Uw2S5TMCz8+asHQSAAHFEKZCqRmCjoEuZyyu8bCAYtQyP7LijJUK5pPKyuS7Ie55by4TFq5VDaYeF6mdoFOlD1UxjFjuPgBKBXeLRRQMapE10SXmIW/BdY+e2XUdFuZ8dP8nP/7kJeb1fY098NXT+9s3ubyoRgHSF5YanPGD5K/z39Eoi5vvNBYjCiCWLQZ/H+yXFyP2uFCPLnQMdZrlGd6JI3SIf081o/4h0c1xUyS0KcB854SuTXR3GiMegcm45kg6GjGuKee1X75QLcl10vNNqEo+DMnjwaf/RFtO5bBugu07PEJ8I2szUw5Fg2w2k0VeA3dqiiSwa5Gt7HOQIy5lpxQ6/qt+z0q8gmUrU3at95wYP1pJ6k2XGobXWtD8XTQ9zThTRGfDmnYPH/5xRT9DiLWvXIzEbsOiTmO39P2Nh8R9ECHm6i9+Am6eRa8S1kUsDk6izUhsNQpttMrsCvUOKETKlgLf9gSvNKBLQH64YFE1e/CUPMvHNj1VfH6oTphsm33r6rMtu6bZ6wqHoACo8kXumCXbcbAhvqekZjwGhYu/KynaNH8fLj23JbppztrQ2+zzfQGCy9Cn/sOFmNJ0hddJ6z3kKCw7HjzVLW7tnclc8L1mjpVytOgSXY4FHGxzA6NZe0TjIFOF75lRbd0oxLYGLGNGWO14RQeoxIAprF820itj0x3VN5g/D3JikdcDOPMWRLzc2ta9DzDD1Sb9etkbtT/QtgM38LYaHq3Yc2omubgLPLTEgc2wq79qqOp2SlRAM6Wn69ocwT7B10RPXkaUwQzuRcw5MOdXo0FeAxmks3+zUoKR2zO7B9v3i/vf5I8ISfwyV5GdhZpFNihPVOvT6Np1tY6LIfxFD3tn13lVMbxvyBlBwKQjtbL8uBkTm54BMpdxmcbAFf1EH0IKDyNyW2qthB0C9paQI9OuLzBSQdBHyHCEUNnrLT5pG0wRyIl/rCdcKhLixOSWd91siCH5u7J8AE/fl+xwsNFljHD2tdbdYiGM4Ar+I1ajfAheC+XFzSiKo68atf1nfme+WloXi4EzR7MjWjJ9AMtK795MD8RWv2GPvARdHc8ejeTFb1NUKajA2hf6n3/+WRUNiAtvAVxV43XZBRTf2vwlipjnhTTfuzZSnC0T+YkI6suyyMtUDMOK+WOhAKjlvKIFRb3c8v/bo4fA9TTL+HQLf+U51RCL64M1n+tcAKjWn9NKkBEtppeXn4GbQGvtrrwNAaI6ZNZx0CWuKGPaDhU+g9srB9q8+zpVoLt6+5fQsf6wCrrFAUg98vwP1jizXldmZIZmMAEqqa9VADVkeT9txR+irg6Vm6DXPw+7+9tAWY9M0R+ekVoq+WXCcUSdMU/mDdVHawMcruUYlQnH2FYeCAHlFhHlOw20azdgybWF5MYFKlnB67e8jvC9G1VbujAAoz13qtT7DHI1a305wI2urdXHjhQLx77RTaBvv2wNkjnmqsrIwjfmc8Lu08F1kjRqJb7sRafr3ZPNbgWLVApQAMlODG7mOCdZliqrOZsZnO9FsKNi0oXj5Gqy/AU8SDHf/PzAC+BNpkjnkEGwgUkUh4zFnkpyzn89hp/g+sF4TXDo6M3yKUhrY2GZ1JuAevoN4R0ubKLI/SnntJ4o/SEGjsMkzQ2AldGifgr3EIoqPoLIs4kcE7xlY+9crefg/PBdBHwbvLNkxuKwBfIhfzABYCG8lhWecseF7f/a328FzrJ2viabjx+OAR4MHjw78jB3O3OPubcwpg80q2/DNKiv0tnzqU8vfvesCAM0LWS6lkJWiTJoDolWfT7jWi0C9avWEat/Q873T50WlilYGnje3oz0QhSnR+/PZF+IC+L2KUJS3UmDgxyzl6jx0LkX3kPdBl99EFcT6MtrhddRgujmBDF+fGJK+b5UKGTKdOncrYZVO8cpkFIrg0K/ImNzw8INFIADwdJgZzdeGrabPnIpVzaQtyMer1hoGqe/V94PeIsjb2sgUJ19pXwOn4/Y0qebRJDiF3VnU2BKVbb78tB/Ssmwx0S25FCY2trY1FuoUU4f2eHYWLy21vSeMiZJh6jg6UBOCRX1pM1URv5pbUIKxflc6S9zPsvP5fOrTqG4CYVhsVwsmbbjpMzwDPogSLmnVHF+iXMsH91T1bCmFXfldF9AUYHs64JvYSG2f4C2agt5WHlH3KLbnCdjSK/4fRc81CMAO2wt3ursiNXfKA4q3HHHhU4/6d1XzBoKIxCz7AAD3TGBiG0qYY1Y6NT9LHOHqIMd53F/KI8KiIEtFpFuNEpSE+mZ85kTf6ST42bmMrh6EoWgirZU0O5g5nPKCeP6G7hr3jkEevjjzDUGO8OJ9IWqg8RypsdOzqTzakEy9jqnyeg/8fMCuwqFgt95H2BZzh7hsdx+6qCkBLl4gDUALgig5UnyPqLfzDP8SYVA9afTEb4S3t/wflUZE+WyxPsnBtlRxYSoC3WhJgTz0lLbazEGK4Eoe0a3hV+AC7P2sT7//oE0TStLn+8RuKvSLrviz69znoZlEUF0I7u9opOiTTcyr7pMyjAfFq4vleeJ1TEC2slJdq9Khx+CSu9SRrOWBf3C6IeN8ZhR9t6iXjpEW30zyi/UnZung+ruTmfDDHvUHEcSj4GcwK16rzj/wN9hh8d5XER+FNjBvaTxfgXs8DTvAe1XdJLhgP22nzJjhdsE+VkdD0HgjqRu9vwWynkvvEjieBuM6cn9qoB3jeuXaHbckc4lu0FwAyNb4QY1d3H43aQ8b3/kNHqQaQVafVqOrA4umE6blIM9OkMfOyDKHHsQGh3fDAbpZaMNGLG91jUk8pvB4bpY2Z/tFQ1I7UbCyFc9fsxa9sJlNFqmqzMJd30NqpCCVwmfJ8uzzwB/omZm38F62K3i9NxcIxKquFFddHY1S/13eZbn4rALCS3+SJU0U6+KFgfTmV/Axa6NPN7kEU5UJHqqDAPl3/q0AvEY0dmIN+dP7vl/dGPHxnrJ9t6c8MZgHVSWfmGZxNIaVlHja3JZI7bX/gVw5stvEGbQ21ABRsT/qqHTqpZqhk4z2HMhcH8EZFRJMqkN2/f32PF3rAWtREjTvAgvU0GUoxfn9eiEdzmA+x73Vp2nUnb4vA+0sMwW38yedpRfbuqdBrEk2Jr+duT8XiNISYcYHtWPPUPOg2D+YFLgV+lzuuID82bWOMAhzyPcYrZ8fFiB6ppeYmBhggRXP9ZuJOb6Tw2pAsSqBtLp6zm75eAOXMzamcqNb3WC6WuhHYrfcedO7pobi7/HbY3ZbDh8IAJ8hjDHMMKAzpLfmnwoGqmObrGObmatkJiXrK0MY5w22Hrn5XT+EmusnpyAgT36udMQt69T9KM6Ym0jfDcklNb3+Go8/CrtJW5xnx6WsPNc+MM468jQrRLAakNR9YLvB3oorKA751o1z1nHskkFpQXx/UMcjXC509N+tecUCj6eAPk1HR6O/tiPvuVNMsogzLwPZLuT5wz+pFJxmyFDGV9Noa7eILBqJa+kcNtvv3XrHpZirVu8DUgR0e+HlAa/58+GZ+xWFPMzNTC4+hZ4BTKLciDtSeSO7SY1DoRsjNLwxX9QdkEp1whAAFJ3ShtVHTUypszxiV2xT7bmGjzABwRzzfl614OFphCoWcaTWQ6tvGmYHsXgyDKcs8wuTXXxw40mtQx39C3hq08xznATSn1iltfrnk61YxGnh7wCunqmq7jcqXX5WNJPrnlbPDPOERIW2EL+Y8hN7p9mvCKtfh0ZiiMpiA/cJRbUkRbKwFl90Dyb7YA0B97Oq5O21nzHoRWtbyE7c8jCoFGoabIklw1wh6PKLdDdX1/05i+EDO5U+ox+zyzkkyS0E9K10BqaH67y69BBNHtXlkYtyMW8VDSw6+S8rhU3lfY2Jf5tk7XMV9UroHfYkygZwwr2B9rSFn+676RxzgveNHdYmhD52bpsP5TKhJa/CD37jV8GH7xdETSU7HSeJ1x1ClZpAWJMKcDBdp64WAAUa0OMDgMviHfJm8TWY+7cvkED68m6PQEG/Qifs3d3D3BSX7xwnFWq6MeVfVVD3J6CsPG2M3atnzmzgk+c38PiJtL5Z3K7u4ACLH2fqfQvYljaUAsiew1Td4JkCuqiT4fn8w4TAyt1ppj+cYN0Ft/VEW4XwtCbAhyge5UeDxbGMf20OMq/L1lc9HgWpgLaOFU9l2nI3ZbxOIfGviP1uhdC39L+OrERDMcvAhaBxWtOT6dDSnAzwGkpDOW+5dp9Tw0MbxpprAVmCsJqPHEl77DKFNXamJL/p+aw5yvVj9rY0U8X4XbeNa9bdeGg0fL+ArQ1V+aTl00Rz71ER934CVCoBJ/JheYvpJ3q/KbhYqeHjYacmfVqa57gjLI9UaF5eu7wofXipEldpT83bTzRrUC6Ee1ez+zWhK+ASvKkCrLLxkLHSC3AhfcRX1CCbXr5DVk7yZDcrPIRfFLCJ9f6fFBIu0fV6EgNON25ARt2+F4H6NX8251ySJH2hejQrOe9fklQJ6cpC+OoawZn/lC/5UmkDBHPgYZbEaMnFSmwKUugPc3I7509J9T6Q3JrnEfJ+KshlxUOj0GCGgit7YBTgR5vSQnl88KTK9FEIeSyBcKmI9fTtMCHEnik2IuvdzglurCc4hEOvxB2pC0+UsS24hYx+RtOlZ9zKAxi6U93wRtECByGf96V/zPKm7ujnD5Ez/s4aS8i3cBlL0qPPoEmrT/08WcFZT9frH3wDXijfRuaijaxmyczRpCVtqN9mSmx8UeAg/lGlnIwXZHQRkg2Vto3Adndznx6Xb2FzZK45jDO7ASzQKdPcjd07vEFzKW3V5G5QDVr7oZ7psgnt8H+6zrQcZLLyVLt2AnuW7NkTXNsnk2J8qb1W/o81F5bcL7ZH8O5rfVJqFqZ1PiNb+3LTGXMkMMVPjnyvVbrgrChiJmH5acNpvF5E1OrqsZjWAtBtpMtBuyJF0iJPnhCEkOdto9ghdvTb9dJnduLlQHcARnLZ+ZYjFkMr7+mx9M7xrLS1bz0GsY/MvnP2BfCfOoioXEkKSpn5BI1DDA5NE+npt0+pNAb4FtEn3A+8GAjeBOZKS2MTTyzOWCnx91eF5tLdzawn1qOlOQNPJLbcfY8DYC6bDaiYAm/GQqXCydQx+/IKA788ZD6x6sll+Zs9/eg=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:17:45,797 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:17:45,798 - INFO [Shibboleth-Audit.SSO:?] - 20220521T091745Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_8bnt1c7uo45dpccaukdd5cmp7s2lg4uonshd|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_b753982d3cfb2532083c071ebf243ffc|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxhvHqbu2IDW1rxWaDDuERlBVf99uPOL46tNAonZjWdVakACae4b/oL6oyffBVLLUCFYPfqhFwqUnvTfUgsNBEsuQI2gnF/M8AvwC1eL/U3R6/f2J+wCKj9uXZr2SMUwtGfq4TweTB|_e03d59bc17c41bc9b96cbd557a0212a6|
2022-05-21 09:17:47,564 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2022-05-21 09:17:47,564 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2022-05-21 09:17:47,564 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-de.otc.t-systems.com, acsURL=null, relayState=null, time=2022-05-21T09:17:47.564Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_b38affd9-8f83-400e-a1b0-f952f2571825"
    IssueInstant="2022-05-21T09:17:47.564Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2022-05-21 09:17:47,564 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2022-05-21 09:17:47,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:17:47,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:17:47,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:17:47,565 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:17:47,565 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:17:47,565 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:17:47,565 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:17:47,565 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2022-05-21 09:17:47,566 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b38affd9-8f83-400e-a1b0-f952f2571825', issue instant '2022-05-21T09:17:47.564Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:17:47,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:17:47,567 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:17:47,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:17:47,567 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:17:47,568 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:17:47,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:17:47,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:17:47,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:17:47,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:17:47,568 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2022-05-21 09:17:47,568 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2022-05-21 09:17:47,568 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:17:47,568 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:17:47,568 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2022-05-21 09:17:47,569 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:17:47,569 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:17:47.569Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:17:47,569 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:17:47,570 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2022-05-21 09:17:47,759 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:47,759 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:17:47,759 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:17:48,141 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2022-05-21 09:17:48,141 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2022-05-21 09:17:48,141 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2022-05-21 09:17:48,141 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1303136225::identifier=rick, context=org.apache.velocity.VelocityContext@60054d69]
2022-05-21 09:17:48,142 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1303136225::identifier=rick, context=org.apache.velocity.VelocityContext@60054d69]
2022-05-21 09:17:48,142 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2022-05-21 09:17:48,142 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:17:48,142 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:17:48,143 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2022-05-21 09:17:48,143 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2022-05-21 09:17:48,143 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:17:48,143 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2022-05-21 09:17:48,143 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session bbf4eeda7eaec11b7955e7ac3e4922ab0f051e67a5a1a9eb4fcb9bea4be3aae2 for principal rick
2022-05-21 09:17:48,143 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2022-05-21 09:17:48,145 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@9c6a740'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2022-05-21 09:17:48,146 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T091748Z|https://iam.eu-de.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2022-05-21 09:17:48,146 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2022-05-21 09:17:48,333 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:48,333 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:17:48,333 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2022-05-21 09:17:48,333 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2022-05-21 09:17:48,333 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:17:48,333 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2022-05-21 09:17:48,528 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T091748Z|https://iam.eu-de.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-de.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1684660668528}'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-de.otc.t-systems.com'
2022-05-21 09:17:48,528 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-de.otc.t-systems.com]' as '["rick:https://iam.eu-de.otc.t-systems.com"]'
2022-05-21 09:17:48,529 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@9c6a740'
2022-05-21 09:17:48,529 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:17:48,529 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:17:48,537 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:17:48,537 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2022-05-21 09:17:48,537 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2022-05-21 09:17:48,538 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:17:48,538 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _35cd2ec7373fbfee632fe45a02d88150
2022-05-21 09:17:48,538 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _35cd2ec7373fbfee632fe45a02d88150 to Response _5836f245e3c2984a4e1dfab9d830219c
2022-05-21 09:17:48,538 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _35cd2ec7373fbfee632fe45a02d88150
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2022-05-21 09:17:48,539 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:17:48,539 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2022-05-21 09:17:48,539 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2022-05-21 09:17:48,539 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2022-05-21 09:17:48,539 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2022-05-21 09:17:48,539 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:48,539 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxamfFc01hFVwEIL2JcsP2HwsdWAB0sKej3pFa7JVULqFEhg4LlTx/R8IhGCiR1z/FwTlL061fxUhBuyHqw4h8dT5gkca8vSL4isVEjIkPlQ0npkd5ZwrtD45VyzGnwhca1u9+pOr+ with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _35cd2ec7373fbfee632fe45a02d88150
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _35cd2ec7373fbfee632fe45a02d88150 did not already contain Conditions, one was added
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T09:22:48.529Z, to Assertion _35cd2ec7373fbfee632fe45a02d88150
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _35cd2ec7373fbfee632fe45a02d88150 already contained Conditions, nothing was done
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _35cd2ec7373fbfee632fe45a02d88150 already contained Conditions, nothing was done
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2022-05-21 09:17:48,540 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _35cd2ec7373fbfee632fe45a02d88150
2022-05-21 09:17:48,541 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session bbf4eeda7eaec11b7955e7ac3e4922ab0f051e67a5a1a9eb4fcb9bea4be3aae2
2022-05-21 09:17:48,541 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session bbf4eeda7eaec11b7955e7ac3e4922ab0f051e67a5a1a9eb4fcb9bea4be3aae2
2022-05-21 09:17:48,541 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:17:48,541 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxamfFc01hFVwEIL2JcsP2HwsdWAB0sKej3pFa7JVULqFEhg4LlTx/R8IhGCiR1z/FwTlL061fxUhBuyHqw4h8dT5gkca8vSL4isVEjIkPlQ0npkd5ZwrtD45VyzGnwhca1u9+pOr+
2022-05-21 09:17:48,541 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:17:48,541 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:17:48,542 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_35cd2ec7373fbfee632fe45a02d88150"
2022-05-21 09:17:48,542 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _35cd2ec7373fbfee632fe45a02d88150 and Element was [saml2:Assertion: null]
2022-05-21 09:17:48,542 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_35cd2ec7373fbfee632fe45a02d88150"
2022-05-21 09:17:48,542 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _35cd2ec7373fbfee632fe45a02d88150 and Element was [saml2:Assertion: null]
2022-05-21 09:17:48,549 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5836f245e3c2984a4e1dfab9d830219c"
    IssueInstant="2022-05-21T09:17:48.529Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_35cd2ec7373fbfee632fe45a02d88150"
        IssueInstant="2022-05-21T09:17:48.529Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_35cd2ec7373fbfee632fe45a02d88150">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>5HQjhqgODcRvKxsajhXiPvWgBT9OB0j6xPQOTB6Txhc=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>FnwT7tplu5bPvljqzWLKxAdqePDiNNmTWCYyaIHXtYVUmq148huNuWnLsJO/+FaVYpqxsYuxd433fEygvjqYxKD4dJ6ZUpVm5qLNXnRmC2fwOy3jrFkQsxc9Qfn0z4HkpTUzSzvY2qQKeSVTD6/MlsB7gZWw2sldCjLSlsUGPWESqt3JQA42I91IUksmcRrS5SvVztIdG60JlNSSHnRbE8p6Qpjch6271wWNX9ZuoEC9V6r2+Cc8WLynlWnhgnN+6XBdUSU+cMqZ+HKkFie/ywv8aMzCCHQsMkbbgMTx8GcelZT0JZPH4sTgnTRQ4ti1F0oEfP2SE1bOa1omRzd5HQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxamfFc01hFVwEIL2JcsP2HwsdWAB0sKej3pFa7JVULqFEhg4LlTx/R8IhGCiR1z/FwTlL061fxUhBuyHqw4h8dT5gkca8vSL4isVEjIkPlQ0npkd5ZwrtD45VyzGnwhca1u9+pOr+</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2022-05-21T09:22:48.540Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:17:48.529Z" NotOnOrAfter="2022-05-21T09:22:48.529Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:17:48.142Z" SessionIndex="_6d2d9b426ef76ad87b32fc1c7dbfcb39">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:17:48,551 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:17:48,551 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:17:48,551 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5836f245e3c2984a4e1dfab9d830219c"
2022-05-21 09:17:48,551 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5836f245e3c2984a4e1dfab9d830219c and Element was [saml2p:Response: null]
2022-05-21 09:17:48,551 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5836f245e3c2984a4e1dfab9d830219c"
2022-05-21 09:17:48,551 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5836f245e3c2984a4e1dfab9d830219c and Element was [saml2p:Response: null]
2022-05-21 09:17:48,553 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2022-05-21 09:17:48,553 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-de.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2022-05-21 09:17:48,553 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2022-05-21 09:17:48,555 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_5836f245e3c2984a4e1dfab9d830219c"
    IssueInstant="2022-05-21T09:17:48.529Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5836f245e3c2984a4e1dfab9d830219c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>MbZ9/sD1ldZN8xB83fia2mi0dx7NdG06DVjg8DFmOGk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>QuHEGal0kdkYy/M83skqumh+V8iEAHto860hojZbDIycpw6+Nnp5rX0uE+JXbSLpu0coeyPYSrKK9Rj5/4ZWoIEtY9DFxda7qV9QcLL7qO6TlxqPBYe6Iv6tNXcLfYvuvrs1m8OT9gaSH9QJ3xOeOPQsUKTBAhcefZCw+Y0aNop7YJbB0n97F9ODNXriIAwK41gw00yOf9GjJtJZKZc7xg7cKCSNyTz9qVZ4NpjZ3iyOuu3Bndp8w0l+cFop4okUh7FtUKkKMI/ILa9CPFCORXS6zIXfpavTfjCdvBEH7KilP1TF2FqHIEok97qfD5IUokwLqlUoUTnWFntzIRa8ZQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_ba1d9d3101b723f162a10834169add8e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_4ffdbd37885f96d119c4e80d682d354e"
                    Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>NdUh2jjde5+TKQpWF1MGobnNr1mXsqSQkqGRk3V8bVuY/ru4l2X4nVEZLAc5FGrZ5mHYO5gzpjZQL4AXKrw60TdbSwvVBNci+7EbT7DiQA6OApMNXAGM88GgrnRvdIS1FP8jH+8yEHknd7ZjTtmapbgvkodjmacLjhJZyphsPzsWIKSS1peWYUbU5EcshTbRKMWL1ks2cvLtI6uzGDunqU4hqVdUPIi835ti0vSWdrfoh9koo02KidYdh4mcD2G+JtlaSvOmpMSLM3WVYM33GAbYEI2FWKCtBYoQ4Ot4vuOrnjehrFUxohliDGNyrznSk2E4KEmAKjYOnhF83j/+Bd36T0ASfQg79kEQk+qeix+gOUUthVIzMJh2bAVLSl8sJw07d6lk9XamvTk1lHh9v2lGaFl3y9HVdcvaQghL5oeUqpFawwNlDnEpnI5oghpYyyr+RkcGHb4bAgLgW15fZG/egAg5R94ZkuMrrIaz79EBXwpwa660f8OPDuK33r2nZ04TMrygUVATMe/XAkK5KaqVD3d/9tpZ75BCDzTku5GqXzkkddipFoTLDhhFHE7e4fIcr9hCY4wPoU08Q/8/16DS1J71M69GB5YZ+CnyKdEq+9M/TqhqFCTGg1OA3WWX0LeIDXR7PoU710otxTQmjj23k5229BA4VtZDcluAa7g=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>DL06HlTmVi2Je+UrifowDDX/7u4isySN8Km1HIkR/UuFSmyBVq+XqPELKu3uHIgx9BC0502F5jaVH5M67johuck6awrBXrSUJvTkqPuvidCEh/1OBZI20RuTuUISMh8YJPsa7cdlnnH6cD9xf0uMdPgQh/WNi/t1MEOmmcnlqo3RyogIGCR5A42xOvaJ55adzkTciFa2Nz3wj0kND8ZJ5DsFtr1Lqam7s2M4F1WkRYJPT9Cld39+IzF9TAQzDP7agkGs7L0hn2kHXgzwY7QEx/mv6A1YCzpkeMbWL2xKmONJsrwJz/sBAS5vqOrUxi4UI0dZRjmbLHXUe8yAKz0rPq4SZkzbeouW5CG6jgCKfu+Hyf3+gbLn4qOvRJ55e3e8pNE5JTnk1fh0cgXqdpGTze50+5n7StSZWGsVLWIvHW1iA4y+E6e+oxzVRZ1xTOIJsXl6Aakrtt5iTc28gODAAJcSZHm3bB/pG8NFSzSb5A0euKpU/CEQMmvnx/FL/vQxlIHp1Z0FCHP6TmYw/IaC8cva5Tia5hSNz0vf88bCeziZSAIkkWwWXri9i3yVyKqNyf5FdEjSYypDZD5ZelCvKWnZa9XEBe3LlY3LxFEgZ8D+1LVedV8sjd271fCM+Eiyh7aISrSXWg/tVBpwDV5ZXQ7N2vFNHjOHl0Ncke13Ek2/mkNSZZ5G/gx2vrN9td4ZQcP8y8P+tm7w3gNn1O1UnnW1V/RfvgYrwNKpZbJgr3C98M//FU8haqENm6ZKebynqutEcbmd/aArK7qwzJ7lAybV1wPtZbkGigAax7BgSFXjQ0NMTjupYEB//8hR3KRs0D+wH/To2mhd1GFqFUZyDCQE+3W/g96DDLxvcQxAStDNH8FcqduOgKtWKE6agv46O3UaJ0b4x+06SU32lizRZxlAD3/jbH2BTevPQKxtp9DtdFBlCYVmcQHVzvCDbzn55Lns58Po8/ZNR/z/hnJv5vhy+DL+2TxLlVHACj+ts/lVopBRg4+bwuTdKslLVgjEToLvasS/PNxSzhtDwAw2lOzSMWw6knVPZDVWAhEalf9BTP0Yw86kFCJcoC5at27bhO0qiwAvMTZdniG8F91jBpcgBQDx0cONvIebh+Fsm56lwiELHecKLp0Ruw/+M6SRrAcU4szJuGtU+SHARiMRwdpqmN9ras3M66XYaeEvrTVHdn9mXr0anNYOpFuKig8+PIeRaeIEIhzDBiSireETgRYQwzZDh6dNgSgZ7larsVzZN5/8QW/HFzdIDRTbZgUZuYqTmMd3LS5EQUaGA10PACSKAgz5nezxd/mqI2OqukRWFCgIm8XSnjP9MgLqjJARthkphZrGg035in8EzyahwpMSyGnnnagWU7eI/ukG89DtN+JvRHJ+/eE4sZatg7TPsbYQj1TrARfRYheAAwFw4h3Q5J39ho0choyAAO8eZsjOt+mC7vlBNQPHBbv+9s6aVe1mpI7NnhBPLQmBmhPfoWSkVOHt4XlnouY1RYPTXd+4b+/SJErb5ZNvi48U05/QI3Ne79MGnouSNfuZGk9Ab35P6cx3vaAM+RUdiqEPkheN/wfYPJFex6rW/4C4r60qExFhmyIrSDXnXYi8+Z05SCY3qWouh2udwW7k0F37b1FiEtUbLhh8dR8hHXMu4qdRBZtgU7bLpe+u94aXv77kH32E2v9pPFjgV9pdVBtB85az0SONdem2C/YkWyEDSFwG38opJV1b8LjDGeXNzl1xZknMsJhnKUW6+yAYFlWKBs/Oge9uiapAu7J7CbN9fpDcQqcXPUK4Zvjxoxrs42HhWVR/zSw4L4XhsTz33Nrenb7nUpC88+TaSyjtbpKqb2bYMZRPb/BkW2HEOY1zLFd/LJyrwjnjDuChLzgVxFuIHjvGS+l04H0+kfNJ7Z6Du/Mj+A9zBAH+GJR8YR8MlQreVtYHYqd/gHxylxZ3es5XiPl+UXnNgLkfAi6aqJKL2zf2Hs3WZQl3rfRu+t466jXnbGxm/OIQ7jZII6zOdoOrVEjawGsCO5EM64YV19sK3+F7UOtVAbntVNMKh9kJsWbHGdczwIojL5lANTBFnXA6fW9bEUFBJvF8lwuTlcBx1BdI9EES/OYBOMkyjmHBdAuVWVF5F2zHcXdYUaE9hDwy6bySsOas+WlYBGG5Sxs5g8OuugZlMa9l8QYpDEja0E0kjQJKGoDeJjDkLYDMwQKZ/M/yiaDNs1Ey6rebtOudlJ22mAne5B+aT1ap7noaMWBwvPtiryz3aKlYV4iP1PDwuaguauArqrSiGxsGKoDpMTkiwRwMDVkX2ZkKF7BN083OepA+EkrSVZlrzSztIbh7st53jqg3abZ9Ts1JF0BhRiIvxHTBy3F793+JgZDWlinaynuD6UiZYuTu2EFpXy5o559SjcWdCTcv4ev56iByUhHMQpTgRfxP1Kxop7YGJQC5WUll+TTeifECtm4wXw1ZE8QCBZCdvGVBZKqHhI0TvQVW/OefTDSBuf2PgiGSwc9aagKNgz/RTFWTBPmGpVtMK3jEx/WkSq+N+N4fIkMSPM6NOk6mb22bADt4miRTAxNWW9wUo+FT95yeWaRzj8zyStzc68FquYCEO96KFR/H2m6ZB1vFhUcYdJwHDEC7EcLp+lvnHmrRf78MuUF1ZaXfAT2+cuee1q6DUTf4L25QUXTvBfcf3++dkqy2DpUt+p9S4iBvGYHHnXHttbAdqOR57ZPGJmd2Q5yrqugnlqHVWB0KfjzYjiIaHx2CAZMCySbbMlV8A4o5VrDo4EaF22cLyj7G65U2y+EawphiazWjnuvzO1mncSTA6iqONqyMLiKtMt9eGKhGslVTlZvBO+13uaamjFFWrlLql2o+pmTyD/j5Wth6oLy0oZWBVhn7HTvDM79iCBIapebPAEZU21GVUcbvk6m5q7hvVIUOvv+luR9RUqx8D3+hAv0PjH1Oh8wvv40u4ucyFLBE1M60zJ+g+lmiPfd6tuyeXkGmBXr7fhsQ7sjAlohIQM60o8QGtQzjsolexDO0+adlAfmHCNmIDf7vA/gHRggEUkcXGs1GS+7DfEFKxnkai8drGeKLnDE+1880H/PKj0JO0Rz+8KwEmMZ6AtrhH59+lVDPATPL664YXN8DiMSGTL/tv52vXhN1d/GD1M+zWHIz7mLLCnSXcWbULYc+goEmHOtF6f/7uRjCOiEjE5QPGAeBAP4Ecxo+cQf+DnSWpYgKHW51w8tMSn7GsIChxS4A4Z2tzThu02Sonogsz533oAyQ2Phc6U3StPRe+YFwfqJOjH1OO5Eh/Qc3yPY42krHOQsc4z0pqcJrCePBoW6X3F8UB9KD2E3QkQZFJPemG/1BezUO3OQZ0GTC7jIET0qDfkSbV78t4aOuuiLZN5Mj6QVRblFI7vT+9FMNtgGeQ2pkPAy+TWaCzpmbeuNrhAaTyVWlUXbPTDU+1pO86F4xhFOxFoFvo5cxlF7kUYbojBxIuhtLKeGLLNQUbN0pPCAYYUxd6iCr8dCqsNlwniUNTQ1SjrXMrNALoKq2OSS3NexVLLNbfmU6USOz5jYDeNOrGXQOSRf1AnzvYXiT+TfNO+s4SQCcSPSH35S3PCr8Pox/c4rW8uap71/udsktYo/2cfjfLL6+6rZH3/kwkKGhGYIf8vHEneO3XPQi/aYGVhfSlUTAszL20qVR4bnn1smLLWW3E+7wzVIvTyAYb0IqOcSGE8xoduEC4cRd/3THI3LVYDqQ72Kd4pfzk2wgFvk423yBkjb5cBlyDhqEJmlZ2ryXueLJNSs6xb3/A6AlhOyHMTJ5PC2jvk9jahMHUa0gQRzB21tGRY1D9a3AKRJ8clkTWdyGeBQtzzsms22yAw8Twyxa851Icxw7Igil5yadCm1ggd5lkTFBub4H8UK5pwdoaSwyJaW4VyHBNAPV4mHcee6Iw4hm4wJV8333NiJc19xswNofsQIaCMlY0DWGV+nwN2XKuTRK3ineGfxshH6Lk5DKJilJq69RFA9MlbC6cjtyaxlh2uHQfTVU8woEP+aico9l7C9f9/QdxrBB9WiIIsJBgx/Oi2D6OP7GTKWUDn99CWZSMueoxhAEMCgNDWtG3pDcyBNqou2ncUXF/GDR4E09TyoBP1IzdQnGGRq0vIWQ49HoIum86Ar8iyBSdvNW/ST1GRT42cKUkFANcxCvAO9A/5/ZiXQMz1zalADdEQGjRH27rAtKNlB4yl3Fd3asqxnlDYzyMxCpSd0vu/8EiWtSOyQ424KjhcwCJyza55eB/ei48T/msoIRWg9qYbPNvV2OW1mm69juWIkGNMiR6urKO9/ORoe4HGAeWq6bmTuX+7pHyg4lB240I4CRh3QyjBLF6vl0/hUJgbwJgM2Nny5YYNUn2EmEkpllSzeHsMUTy0rioWf/nur2lFToSVxj9ymRcA7VuCiPgwRgnbLFZiZXnRPRPtkwXYF2DW/zuQAnj2AUSJDK8OOGSicHLl7rKOuI91iP8zZctmkoRJbb3uzeLSPELZnndNAwXFnitEKmHDhjhQpaZLlBKxa+/GSk6VXCumcrOBO24yWEoO0RI42fjEGnZEupFKTJ9Vn6wGBSWbC35faaULhMwN5O+DT81teJ1701JY1QPcTOtcU8sEDhLLbdK0aDM3Vyt2XF3SG2/XG9eNiaBZgLIQMJ9S9gV6P75F5HX1tqmyqF8VTq28I5+w3sdzgGKALjOO1YgbKnHLvCbUgx1RWh6jc/FkNyywHYYa3wjgvs4ACFt2iXJUp7/yej/nADjGe6S2jp6OkPlhyO0+eg2n8FZxurjn9JOPRq0HiS8fSaooJxPIiTBXPB8u6x+LshwCEI481N38p8mT7CryAskPeHTA3DtAODQ2106sHwVCzgaswxsq7gpu6QUcfuVuv1y77AJf7V1HUcdmyU8GUvi7mU8k6HvfjqCzi0j8NJ1oucdeI6AkMaQd6UjKTFXNoPtu5te6J+DizLexmpwiKkNZAcWHgcEaM8WeKbec7pBxFM3rAAYIDESPg3rXepAtdjXBLITeZYle9FqXlJvhYDEcVU7lcCpu5hz2KXSdkxG95KYkxrop5auTpgkXm9xo+PjLsYQMKCZa81LMyD3KnI2s7O8UqaBL1hcVWBQA8chaQ3pNgmYyZ1nVgIo69TOPNdisiU8/PYHCeezgf0T/HavuqImysk1IATS/GABQrR9Bjea52mwAYXcWmQ/ET0JFutvy5xc41iiYNbpq4u/oJyEcxXyN3NIsyBiY+aW5Px89KXlN6Spyqd/QVl5MlXJ4J/aA536gpjmiWRsZ0fzDWC5FeQrq02G+Ag3PqlbAfJRxo2C2cN/2+T2jkiwDQS35TKp4n8E5ByazNJyES3t7FYfPPkRvFpXDnQiNakHM2K5SlFwed10TSNwNgqcD/GXYbjd0g+IrD4n1cLdEzk48wpBK+YFZPA7WuhzjNiCSTYv5rAf+gNDfQJVPXC/h6yG28XyQhAsCTdNQEp16hess98R+o8Xj55DKXjNjmDJ9vzyJbTVMTykehfZa0PkYPvYUG8QWBxOX5xEA0lZobKMIpd/8nLcyt8QRQC46QPNpaNMt2JMEhPFvYScMv+x9ssNoefL7biTzpUnK3MqKFFOYb2PnmDGQTd2oiNyLXymIJKTIXdJmm0R3ccuTdAvRDi3e0czajv6lOaxGbdANbUmHk9Z+/dyBCrFMwhOHFsbr8vWo2hLPNmBY92IVm9ynWd3mXYkJpAgojsQzjKSha0AFx1EujaQ2X9GYIPk1pHJTB5yzn/4ByoyOzSBMsgyfOA29ktHc2+moWoA/ZXt2udZamLoDvfBruz0QTdi3BzKgovKgAyL8ZmRQsziYNZsO10uWenaGxlzV1Uqptz/p6A6NMjhVUoc8YKLNiVJe976QL0k9HmnolBSepqfLMV8F4aPabf04HlSmDzTfhXu/jakNMnJl7GbS4+hYaAXtntgHxjtVk0YoqpQyx0SmB1DWKy1oiDc0a7fIf0/5pICzCtO7aRjRExguWGh+DyNis1+QDegriUPgLh7xz2DvFkx0Rij04LVIfuLp2n77UHX7GiOliGmttnZZ27i02leOyf87hKkGdI53Q3lCLgqWoNoQXpsQAK39JzgcbZk2p7iXaoZ3gzNaUlWQ6qFv3umJdNkUpIPtVRQSXU56RXJKvRrTHAV94bnO1H7NNbSwnXv14fOzH1xNG5s75CuZ1tiyWxbTxSe0COoiBMHs5H7fpdx9UuLDUiUheI064Fjw1W4GWNEWIFWklIRL1wKKm+zF6Eqfx8uL+sXuHu9zQxjSPRYd9FnyorEOH5fU/RtIU2WTxNo5dpR9hFhkQwRXDOQN/YNMm9GIJzmV3fYAjAc6fbQ6ZObt5A+lwql/dT43LdUDVs/lqVwjbawOiDpYoNlRIGUiN+WLnAf/PTFvqgkxhkl3NT+enrLumCcPlkR34sZ/AJmUn1D9oaga/yxU9OstdvR0QlhQIar0FeoxyfHI24akiZK/foClcbqK99ji5oIN6CVwcUYEeC6s7r4lBeKkzwQXqputflNVoi0qJhdhWnll6QJjZS2/e3Yco1zza/3wm8fym437ypRFAd9an+rSrLwyDMsfS9FOoJ+A4beHafmWtdDE71KpZLlGi5v+clrj9m5xa47r4puJN6V1FBTteBi/4iLFpKhDeE8+RoZnV8Ur7YPi+gRLRCVrdJwveTAL5pjrsD2NFSx5AEawG2UCflwS6z2T0ckEr/65A11YA7D8OM/n/Wc0p4jBGWJ5GRdky/TVd3FbNLj4CgOOxb4SQeODEb+R1RhocDuZvbHFBR3Q0Hgsdw9Tg46tlyHSq45zJug+nZ3ujsm4sEkERt51LjKqQdR6rA22GVfnuw1UmMtcy37csJ/nVIFe3UVeo+WR9/94ap2pGqSaorE90xSwTnJGogGWmim84n5TtcG8akzmbAnRmtYh9tw8EJk9DgMCiEkhqY1IMIxfLRFBD9rUJTzHltoAM7njY3KcWyq1Cjy6kHnUdrAR/iNkaCwC/gsvq5Kw/AbaC2AJ3sHV9rN5hZiAKtuabrf3C9twGEauxM6QyNoK95ujmA6XV4Kun5XY+FZ6nuSt2FzUjK8XPx3jCnog0EPxZURrJ93HsWGLwfdKITBquMojjNAgrfwUhEYix48bZ1Ip4D5vPGrna+txzjzEAAmtSesPYoxkBX4uBaQP2RbQ76qA6Ppf+plOfmlh1aO/barLnJjRgFd+ehTuRi8osg4GoAhHwGgc/hOZBfFcicbZsxZ5ZX/gT0Kmg4KZs0FR/3RMrRogJuSuQ5pgq7ZoQofoI0gpQQk5E2wwHOpRRTjj8NUSS7CgHk6jROO3lBUUx0r9TfyXwwAmMdgWpbwaITMYPBDfn8ct4NZTubX2537ZyRxwtyjLR0RTmXxjEhAJN/uY1mbpbCvuu2v7pCQ77tbnmKc6P+zoTmD0K/ygrw7U3VDPQ0+iGtJvHnsNh77AyvqA+/SASIRht+KgTk4kR5A3ZTiTCGe0FZV36LRYt7Hhi8f311qbneAUYsoBKcJn4jtOdoUABmGbyL+us9CTg/VjsI8mBogpnpzx28GcX6BTSeL/AqmFUlqO05BldTC0bQppt/xXlKr885RSBUjm/omWoAJa1q7qfPTZYTZzPWpWPYgtuDNlhVg9Fnoqfn3zG3vO5GIBHDo7ijiuEB1/SNXX/xXaV5L16SvSfNuxgtPgfH+7/o/AECIUDbtIT3Pwr5KTxNdUVdR9PssTol/WEBmsF0PGIlAsTeNkRuj+gEnzwylFElgsbUfECy7fFtKPKKtwuhaTDHQsiDTP+wBD5kkQ0w6ZTmjH+Q03q77YRKqbd1vrw6UVkouDSOwOhmvwDQeiqnVJATyuQiONPNtUaLBs09Ri1uHx21w3ObNtPnqBys9EVbuwmd980RE+TYKtx+tzjtSst7Yb1U/Uby0LVjF2nwf5SGkDHuhdkPOZXVyGgCZFeKOmXBXJ24iKcrQJm8FKz7bLPihCc5O0QpFAFcJR45WdZq4lKn4PI5+GzqJqylGu7GD0bYZHIkClO/awnO+nQi+qtZ2C1ZVjz+cYj+YOCyIdPGBlOPliDAcil4T+gZ1q3Wb4+j3S6Wr+Wm6tAgEAT0BBJZrilu23z4D6K4QHxPiQlh/1xizfbBq9FfUDRaWKcLpIeZN0Z6GKYqgyS7SUvC8XPtHWJOSAqppx+lsdSvRtKlCswp4SOgZKhX2W24tTdw6s+BRGO7w5/aiet1onbinFFCYcQ5tXr3WUAvHw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2022-05-21 09:17:48,555 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:17:48,555 - INFO [Shibboleth-Audit.SSO:?] - 20220521T091748Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_b38affd9-8f83-400e-a1b0-f952f2571825|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5836f245e3c2984a4e1dfab9d830219c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxamfFc01hFVwEIL2JcsP2HwsdWAB0sKej3pFa7JVULqFEhg4LlTx/R8IhGCiR1z/FwTlL061fxUhBuyHqw4h8dT5gkca8vSL4isVEjIkPlQ0npkd5ZwrtD45VyzGnwhca1u9+pOr+|_35cd2ec7373fbfee632fe45a02d88150|
2022-05-21 09:18:47,487 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-138751-tjmgNXZh0Wimsvbj7uzSdgKsIt7Qkbpc
2022-05-21 09:18:47,487 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:18:47,487 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:18:47,488 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_1bd47221e3b647779fafa79cf3785bdf4ba431e"
    IsPassive="false" IssueInstant="2022-05-21T09:18:46.877Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_1bd47221e3b647779fafa79cf3785bdf4ba431e">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>2b8PEEX9ybda59ZdK6Oat+YhDKJ8/kNA5H/YBzB9SOY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
lecECJ03/VbkOyCgc8gCysL1lE66QwR6chmscGuOEV/EzFXjemb9wPDZSu6V+P3+9QsDN/5aYS7J
S8f/uNV7c3YEsmRM7LehumbLVsL0QBWMXTVDkNM+Rb09GOOSSR74NAAUtgFxcHVtbo6xgYrJqAWM
AHwrocXdpB2g+IdQKhxPVfXy0DGjhGDNAflRL83T1IO5ZGXX4Rjp+NGJFkCNUpsNNma53YZxGR5T
/FGZ645zroIqu1hpi6SiX4v3wxRWppI9MWyG5RLbFJYR5+kbpYd7VXZ3+744For+Iq+td1NSj2he
FFrf+hnY5vb+DiZgkM54g5n+6++0nrSej3PYqA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG0DCCBLigAwIBAgIQJT05eT9C8MMLxPWjiR+NjzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjIwMzEwMjMwMDAwWhcNMjMwMzEwMjI1OTU5WjCBoTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEcMBoGA1UECwwTMDAwMiA0
Mjk4OTQ5NjcwMDA0MjEwMC4GA1UEAwwnVFJBVkVMRE9PIC0gU0FNTCBTSUdOSU5HIEFORCBFTkNS
WVBUSU9OMRMwEQYDVQQFEwpDMjI5ODgyNDQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTQ4f7v+iIqvjQLCZQyJCiWK72jzbm1lNNsOGLMdNO736yJo0iUXEygaqJ4awu+Nf2Ase62f
o1hROHtOnixvceJN2rd9BMKm/j3BgeU+vlW3quq8AFkm9ikL7R4hBZopqT5deXA17EZ0tpQv6I2z
WbuoBYunvJomVoFZYRwDWFlHoQRBJma0LL8WTrPP7t4gvZMqYSpEqyeeyX2cv6FS4uCOXITFzWAA
Rp5rdIkL1YzU+Tr2thgVf/BvRYsVqaCj+94YmoJAR1/pMOLIKhfoWNxOKuTu0Rpu1LpKr72FYsZv
osn4NHBDoVJncq/crrxpaYF1FqorTjHw+054l0YxJwIDAQABo4ICJTCCAiEwgeQGCCsGAQUFBwEB
BIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNl
c2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2Vz
Y2EuZGVyMDAGCCsGAQUFBzABhiRodHRwOi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20w
LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgw
FoAUrOyGj0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBM
BgsqgXoBgTECBQECATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0
b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL3NlcnZpY2VzY2EuY3JsMC2gK6AphidodHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2Vydmlj
ZXNjYS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQq
6jjjeMXwQMpNNecEbqrEsJ9eTjANBgkqhkiG9w0BAQsFAAOCAgEArkOzqH9sUsz/QCwLRUKXqsYS
YjB9o9GmKorBERtR7WJQIxk1jZxDM9dR8LTOA6tKOQ2LKzaRl0RugagliM75Dkt4AdWFQFzZ14c4
o+JXsvCNmRtncFxY5KAJqpeIgOHigpnOb2qdS5c0U2tMa48SYl5DgTqs5nlyLTqPIsF7Am80lsTn
iNdbvyPjmyrqsaUtIJ7WpBhyt+k5TEr4b4XWOo0jYwJEutvrYXTNihmWMfobEiC11+qziyWmBrrv
dJyg1H/XGJKFZ0atOOFUCfvoqFZrc3cD9uiCkLX3ljeehKkWyvNbBoj8ETmRPjg2vXIbPS+jR82g
fhLtUJbE/zVWQCoVtKowZqlY6mMcAXkqhdHTG9jfIixHxMMqMr2s+Fc8ywXlZzmAI1ejP9/LX9bV
2b17e4QxQMKMH9f2sVRvo16n0KtKGH5Zy3j+Dwkt3iIsN1F8Lo7vymqtqSUZ3EyYKNY/GvvmrIc/
snB/mGw4vqxYIXlIwwpm80/NRBeR88OFR3PYlUYKxrf9HKVRP8HqHG9buYSQdDdVe7k56Af77pCl
88LDCL49/8hb/XzndJjqvSLbKsU6UWV6q2e/kkQ+UcF8bBUMfHWLLK8xALkzrg1EATC7dviFBnS1
JXLmWJjKwHfWUkBPJnZbMCiKfgyNK5vTXpzzOszUdOFBLRTbtco=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2022-05-21 09:18:47,499 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2022-05-21 09:18:47,499 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:18:47,499 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:18:47,499 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:18:47,499 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:18:47,499 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:18:47,499 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:18:47,499 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:18:47,499 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:18:47,500 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:18:47,500 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:18:47,500 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:18:47,500 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:18:47,500 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:18:47,500 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1bd47221e3b647779fafa79cf3785bdf4ba431e', issue instant '2022-05-21T09:18:46.877Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:18:47,501 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:18:47,501 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:18:47,501 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:18:47,501 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:18:47,501 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1bd47221e3b647779fafa79cf3785bdf4ba431e"
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1bd47221e3b647779fafa79cf3785bdf4ba431e and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1bd47221e3b647779fafa79cf3785bdf4ba431e"
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1bd47221e3b647779fafa79cf3785bdf4ba431e and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1bd47221e3b647779fafa79cf3785bdf4ba431e"
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:18:47,502 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 28006387942418969225649916333139519355638096712380574766811124292301661924791783373435519521645343314222150486630544111279201208456534326021789549853743685148618935308478902334906724628767813199207089277413212107100136253421395783986273751615833433303294145160454079582517841805266304683646247889208889889285649761903626503112587855797858159314696858314376793384619325800929104640111043457518521477309769823877476635541777671075359495929393833402001839094854271118678662367631745138729125305417820632241324967181751700731063078265668737087296240734489903773792043477803426999131829187384000744293796058798748147374959
  public exponent: 65537
2022-05-21 09:18:47,502 - WARN [org.apache.xml.security.signature.XMLSignature:777] - Signature verification failed.
2022-05-21 09:18:47,502 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:18:47,502 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:18:47,503 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:18:47,503 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1bd47221e3b647779fafa79cf3785bdf4ba431e"
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1bd47221e3b647779fafa79cf3785bdf4ba431e and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1bd47221e3b647779fafa79cf3785bdf4ba431e"
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1bd47221e3b647779fafa79cf3785bdf4ba431e and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1bd47221e3b647779fafa79cf3785bdf4ba431e"
2022-05-21 09:18:47,503 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:18:47,503 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:301] - Credential failed name check: [subjectName='2.5.4.5=#130a43323239383832343432,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700042,O=TRAVELDOO,L=LEVALLOIS PERRET,C=FR']
2022-05-21 09:18:47,503 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:18:47,504 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2022-05-21 09:18:47,505 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:19:16,866 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-138916-zLWtgB5SB3KDoDPPR9XIATuQhfXeChvO
2022-05-21 09:19:16,866 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:19:16,866 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:19:16,866 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_f446a97d9273456bb27a622e2ca49a4e543cf94"
    IsPassive="false" IssueInstant="2022-05-21T09:19:16.142Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_f446a97d9273456bb27a622e2ca49a4e543cf94">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>nBNa8pCby5W62Voy8RJ7jATZf2lowxO6JMjxRz0WXo0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
dPEjztlMoP83erXECoberadofxZkR3d+8+8AZnlhykZ1+0TMZmIKTb5BkfVmlOVsoryUqQxI+c9m
hZ8ZjV8iYWtz6CZloXpFXg8tC4DZPphD/d4HZXPCRzpRzJ0sQ3li5Hq5te3cQRRw7cYiDVY6n1ES
CJt4xVOT8acGtW++XyNnyv/BkPlI2eUPYJUblFBa0/onOLHeduGT6Z98OSmGoQH5hjb6bd79CPL9
aNwMnKtldy5Q70X+qjJGxUsWR9vN4vbxiatY4jWYIrevXASBogr+BnhUzxceSW/Ppp7REInY1v1k
5mSH4clatZVNej9PrDh9EQAM0bnI/4FKyJikdg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG0DCCBLigAwIBAgIQJT05eT9C8MMLxPWjiR+NjzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjIwMzEwMjMwMDAwWhcNMjMwMzEwMjI1OTU5WjCBoTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEcMBoGA1UECwwTMDAwMiA0
Mjk4OTQ5NjcwMDA0MjEwMC4GA1UEAwwnVFJBVkVMRE9PIC0gU0FNTCBTSUdOSU5HIEFORCBFTkNS
WVBUSU9OMRMwEQYDVQQFEwpDMjI5ODgyNDQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTQ4f7v+iIqvjQLCZQyJCiWK72jzbm1lNNsOGLMdNO736yJo0iUXEygaqJ4awu+Nf2Ase62f
o1hROHtOnixvceJN2rd9BMKm/j3BgeU+vlW3quq8AFkm9ikL7R4hBZopqT5deXA17EZ0tpQv6I2z
WbuoBYunvJomVoFZYRwDWFlHoQRBJma0LL8WTrPP7t4gvZMqYSpEqyeeyX2cv6FS4uCOXITFzWAA
Rp5rdIkL1YzU+Tr2thgVf/BvRYsVqaCj+94YmoJAR1/pMOLIKhfoWNxOKuTu0Rpu1LpKr72FYsZv
osn4NHBDoVJncq/crrxpaYF1FqorTjHw+054l0YxJwIDAQABo4ICJTCCAiEwgeQGCCsGAQUFBwEB
BIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNl
c2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2Vz
Y2EuZGVyMDAGCCsGAQUFBzABhiRodHRwOi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20w
LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgw
FoAUrOyGj0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBM
BgsqgXoBgTECBQECATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0
b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL3NlcnZpY2VzY2EuY3JsMC2gK6AphidodHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2Vydmlj
ZXNjYS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQq
6jjjeMXwQMpNNecEbqrEsJ9eTjANBgkqhkiG9w0BAQsFAAOCAgEArkOzqH9sUsz/QCwLRUKXqsYS
YjB9o9GmKorBERtR7WJQIxk1jZxDM9dR8LTOA6tKOQ2LKzaRl0RugagliM75Dkt4AdWFQFzZ14c4
o+JXsvCNmRtncFxY5KAJqpeIgOHigpnOb2qdS5c0U2tMa48SYl5DgTqs5nlyLTqPIsF7Am80lsTn
iNdbvyPjmyrqsaUtIJ7WpBhyt+k5TEr4b4XWOo0jYwJEutvrYXTNihmWMfobEiC11+qziyWmBrrv
dJyg1H/XGJKFZ0atOOFUCfvoqFZrc3cD9uiCkLX3ljeehKkWyvNbBoj8ETmRPjg2vXIbPS+jR82g
fhLtUJbE/zVWQCoVtKowZqlY6mMcAXkqhdHTG9jfIixHxMMqMr2s+Fc8ywXlZzmAI1ejP9/LX9bV
2b17e4QxQMKMH9f2sVRvo16n0KtKGH5Zy3j+Dwkt3iIsN1F8Lo7vymqtqSUZ3EyYKNY/GvvmrIc/
snB/mGw4vqxYIXlIwwpm80/NRBeR88OFR3PYlUYKxrf9HKVRP8HqHG9buYSQdDdVe7k56Af77pCl
88LDCL49/8hb/XzndJjqvSLbKsU6UWV6q2e/kkQ+UcF8bBUMfHWLLK8xALkzrg1EATC7dviFBnS1
JXLmWJjKwHfWUkBPJnZbMCiKfgyNK5vTXpzzOszUdOFBLRTbtco=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2022-05-21 09:19:16,879 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2022-05-21 09:19:16,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:19:16,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:19:16,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:19:16,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:19:16,881 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:19:16,882 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:19:16,882 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:19:16,882 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:19:16,882 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:19:16,884 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:19:16,884 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:19:16,884 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:19:16,884 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:19:16,884 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_f446a97d9273456bb27a622e2ca49a4e543cf94', issue instant '2022-05-21T09:19:16.142Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2022-05-21 09:19:16,884 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:19:16,885 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:19:16,885 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:19:16,885 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:19:16,885 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:19:16,885 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f446a97d9273456bb27a622e2ca49a4e543cf94"
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f446a97d9273456bb27a622e2ca49a4e543cf94 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f446a97d9273456bb27a622e2ca49a4e543cf94"
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f446a97d9273456bb27a622e2ca49a4e543cf94 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_f446a97d9273456bb27a622e2ca49a4e543cf94"
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:19:16,886 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 28006387942418969225649916333139519355638096712380574766811124292301661924791783373435519521645343314222150486630544111279201208456534326021789549853743685148618935308478902334906724628767813199207089277413212107100136253421395783986273751615833433303294145160454079582517841805266304683646247889208889889285649761903626503112587855797858159314696858314376793384619325800929104640111043457518521477309769823877476635541777671075359495929393833402001839094854271118678662367631745138729125305417820632241324967181751700731063078265668737087296240734489903773792043477803426999131829187384000744293796058798748147374959
  public exponent: 65537
2022-05-21 09:19:16,886 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2022-05-21 09:19:16,887 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:19:16,888 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:19:16,888 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:19:16,888 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:19:16,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f446a97d9273456bb27a622e2ca49a4e543cf94"
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f446a97d9273456bb27a622e2ca49a4e543cf94 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f446a97d9273456bb27a622e2ca49a4e543cf94"
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f446a97d9273456bb27a622e2ca49a4e543cf94 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_f446a97d9273456bb27a622e2ca49a4e543cf94"
2022-05-21 09:19:16,888 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:19:16,889 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323239383832343432,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700042,O=TRAVELDOO,L=LEVALLOIS PERRET,C=FR']
2022-05-21 09:19:16,889 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:19:16,890 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2022-05-21 09:19:16,891 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:29:12,284 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-138792-vQCt6licGyrNl5XADRazOe-2CxaZJ2yz
2022-05-21 09:29:12,284 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:29:12,285 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:29:12,285 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_7e88108a84074752ba476c79d8ddaa6dee0bdb7"
    IsPassive="false" IssueInstant="2022-05-21T09:29:11.376Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_7e88108a84074752ba476c79d8ddaa6dee0bdb7">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>btB3H4J0jTLCEy26hLnv4T92oHNxJTLnwI0qDMeyeZY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
JhChWGZYXNU8WrHC0thyc0rPZkx+8sh6AgQdtxC5uUGczFZ+J3rccXRs7Y7lMn8NbqZoTHfs6OcF
Il7Xz5P20VCfG8XlCvZbbRjnXRu+4lZ4COOXVqdCcDYDg5EYatfNiMuwSu5yRA7kUfMWR5MV7C4c
Ul4VQdsYzcwFVKmuCC6vXJX4MDeEYCbsyAn33NB6NGdKdCBRuQZOHIqT6vhkvY7sCMPw6NAX62+j
pIpKgohwiPgsQ0AKFxYOxeIcW5UPutDH6Jk+alvOgkcU8t12bqNtN+en/HqTYZABmQkK7cEzT0/t
zdngokVzK1kByue0AgjBfO0ESZ1Aiwr1fbZ4jA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG0DCCBLigAwIBAgIQJT05eT9C8MMLxPWjiR+NjzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjIwMzEwMjMwMDAwWhcNMjMwMzEwMjI1OTU5WjCBoTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEcMBoGA1UECwwTMDAwMiA0
Mjk4OTQ5NjcwMDA0MjEwMC4GA1UEAwwnVFJBVkVMRE9PIC0gU0FNTCBTSUdOSU5HIEFORCBFTkNS
WVBUSU9OMRMwEQYDVQQFEwpDMjI5ODgyNDQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTQ4f7v+iIqvjQLCZQyJCiWK72jzbm1lNNsOGLMdNO736yJo0iUXEygaqJ4awu+Nf2Ase62f
o1hROHtOnixvceJN2rd9BMKm/j3BgeU+vlW3quq8AFkm9ikL7R4hBZopqT5deXA17EZ0tpQv6I2z
WbuoBYunvJomVoFZYRwDWFlHoQRBJma0LL8WTrPP7t4gvZMqYSpEqyeeyX2cv6FS4uCOXITFzWAA
Rp5rdIkL1YzU+Tr2thgVf/BvRYsVqaCj+94YmoJAR1/pMOLIKhfoWNxOKuTu0Rpu1LpKr72FYsZv
osn4NHBDoVJncq/crrxpaYF1FqorTjHw+054l0YxJwIDAQABo4ICJTCCAiEwgeQGCCsGAQUFBwEB
BIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNl
c2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2Vz
Y2EuZGVyMDAGCCsGAQUFBzABhiRodHRwOi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20w
LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgw
FoAUrOyGj0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBM
BgsqgXoBgTECBQECATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0
b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL3NlcnZpY2VzY2EuY3JsMC2gK6AphidodHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2Vydmlj
ZXNjYS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQq
6jjjeMXwQMpNNecEbqrEsJ9eTjANBgkqhkiG9w0BAQsFAAOCAgEArkOzqH9sUsz/QCwLRUKXqsYS
YjB9o9GmKorBERtR7WJQIxk1jZxDM9dR8LTOA6tKOQ2LKzaRl0RugagliM75Dkt4AdWFQFzZ14c4
o+JXsvCNmRtncFxY5KAJqpeIgOHigpnOb2qdS5c0U2tMa48SYl5DgTqs5nlyLTqPIsF7Am80lsTn
iNdbvyPjmyrqsaUtIJ7WpBhyt+k5TEr4b4XWOo0jYwJEutvrYXTNihmWMfobEiC11+qziyWmBrrv
dJyg1H/XGJKFZ0atOOFUCfvoqFZrc3cD9uiCkLX3ljeehKkWyvNbBoj8ETmRPjg2vXIbPS+jR82g
fhLtUJbE/zVWQCoVtKowZqlY6mMcAXkqhdHTG9jfIixHxMMqMr2s+Fc8ywXlZzmAI1ejP9/LX9bV
2b17e4QxQMKMH9f2sVRvo16n0KtKGH5Zy3j+Dwkt3iIsN1F8Lo7vymqtqSUZ3EyYKNY/GvvmrIc/
snB/mGw4vqxYIXlIwwpm80/NRBeR88OFR3PYlUYKxrf9HKVRP8HqHG9buYSQdDdVe7k56Af77pCl
88LDCL49/8hb/XzndJjqvSLbKsU6UWV6q2e/kkQ+UcF8bBUMfHWLLK8xALkzrg1EATC7dviFBnS1
JXLmWJjKwHfWUkBPJnZbMCiKfgyNK5vTXpzzOszUdOFBLRTbtco=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2022-05-21 09:29:12,292 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2022-05-21 09:29:12,292 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:29:12,292 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:29:12,292 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:29:12,292 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:29:12,292 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:29:12,293 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:29:12,293 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:29:12,293 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:29:12,293 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7e88108a84074752ba476c79d8ddaa6dee0bdb7', issue instant '2022-05-21T09:29:11.376Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:29:12,294 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7e88108a84074752ba476c79d8ddaa6dee0bdb7"
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7e88108a84074752ba476c79d8ddaa6dee0bdb7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7e88108a84074752ba476c79d8ddaa6dee0bdb7"
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7e88108a84074752ba476c79d8ddaa6dee0bdb7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_7e88108a84074752ba476c79d8ddaa6dee0bdb7"
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:29:12,295 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 28006387942418969225649916333139519355638096712380574766811124292301661924791783373435519521645343314222150486630544111279201208456534326021789549853743685148618935308478902334906724628767813199207089277413212107100136253421395783986273751615833433303294145160454079582517841805266304683646247889208889889285649761903626503112587855797858159314696858314376793384619325800929104640111043457518521477309769823877476635541777671075359495929393833402001839094854271118678662367631745138729125305417820632241324967181751700731063078265668737087296240734489903773792043477803426999131829187384000744293796058798748147374959
  public exponent: 65537
2022-05-21 09:29:12,295 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2022-05-21 09:29:12,296 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:29:12,296 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:29:12,296 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:29:12,296 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:29:12,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7e88108a84074752ba476c79d8ddaa6dee0bdb7"
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7e88108a84074752ba476c79d8ddaa6dee0bdb7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7e88108a84074752ba476c79d8ddaa6dee0bdb7"
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7e88108a84074752ba476c79d8ddaa6dee0bdb7 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_7e88108a84074752ba476c79d8ddaa6dee0bdb7"
2022-05-21 09:29:12,296 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:29:12,297 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323239383832343432,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700042,O=TRAVELDOO,L=LEVALLOIS PERRET,C=FR']
2022-05-21 09:29:12,297 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:29:12,297 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2022-05-21 09:29:12,298 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:33:09,930 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pT1F5MlV3X01wZnFVWEh6cTNiOUM4ODUzUGdBRG1zTWQ5UTZGMXl0T2s4JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1uM283c0dJSkhiJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2022-05-21 09:33:09,930 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:33:09,931 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:33:09,931 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<ns3:AuthnRequest
    AssertionConsumerServiceURL="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="id091e56ff3f934f14b0b3a5360ebc2243"
    IssueInstant="2022-05-21T09:33:09.484Z" Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#">
    <Issuer>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</Issuer>
    <ns3:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</ns3:AuthnRequest>

2022-05-21 09:33:09,937 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' from origin source
2022-05-21 09:33:09,937 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:33:09,937 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:33:09,937 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:33:09,937 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:33:09,937 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:33:09,938 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:33:09,938 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:33:09,938 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2022-05-21 09:33:09,938 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:33:09,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:33:09,938 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2022-05-21 09:33:09,939 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id091e56ff3f934f14b0b3a5360ebc2243', issue instant '2022-05-21T09:33:09.484Z', entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:33:09,939 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' does not require AuthnRequests to be signed
2022-05-21 09:33:09,939 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2022-05-21 09:33:09,939 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:33:09,939 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:33:09,939 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:33:09,939 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:33:09,940 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://global-login.sandbox.streem.cloud/samlv2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:33:09,940 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:33:09,940 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:33:09,940 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:33:09,941 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2022-05-21 09:33:09,941 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2022-05-21 09:33:09,941 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2022-05-21 09:33:09,941 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2022-05-21 09:33:09,941 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2022-05-21 09:33:09,950 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:33:09,950 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:33:09.950Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:33:09,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:33:09,950 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:33:09,951 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2022-05-21 09:33:10,043 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2022-05-21 09:33:10,043 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:33:10,043 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:33:15,052 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2022-05-21 09:33:15,052 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2022-05-21 09:33:15,052 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1973272566::identifier=morty, context=org.apache.velocity.VelocityContext@1243d07b]
2022-05-21 09:33:15,053 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1973272566::identifier=morty, context=org.apache.velocity.VelocityContext@1243d07b]
2022-05-21 09:33:15,054 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2022-05-21 09:33:15,054 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:33:15,055 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:33:15,055 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2022-05-21 09:33:15,055 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2022-05-21 09:33:15,055 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:33:15,056 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2022-05-21 09:33:15,056 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7823ebb5daede5ed8fb31f5b0694a77f5477db79c3630f2d756d7264f8bdb1cf for principal morty
2022-05-21 09:33:15,056 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7823ebb5daede5ed8fb31f5b0694a77f5477db79c3630f2d756d7264f8bdb1cf
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:33:15,057 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:33:15,058 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:33:15,058 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2022-05-21 09:33:15,058 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2770d04d'
2022-05-21 09:33:15,058 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:33:15,058 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:33:15,058 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:33:15,058 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:33:15,059 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:33:15,059 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2022-05-21 09:33:15,059 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2022-05-21 09:33:15,059 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2022-05-21 09:33:15,059 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2022-05-21 09:33:15,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2022-05-21 09:33:15,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:33:15,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2022-05-21 09:33:15,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2022-05-21 09:33:15,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:33:15,149 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2022-05-21 09:33:15,809 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T093315Z|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1684661595809}'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942]' as '["morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942"]'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2770d04d'
2022-05-21 09:33:15,809 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:33:15,810 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:33:15,810 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:33:15,811 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:33:15,811 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2f7b35f5eddefa1c3053e3af7451b9af
2022-05-21 09:33:15,811 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2f7b35f5eddefa1c3053e3af7451b9af to Response _6d978e48ed9c156d2500f4bdd28b1619
2022-05-21 09:33:15,811 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2f7b35f5eddefa1c3053e3af7451b9af
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2022-05-21 09:33:15,812 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:33:15,813 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2022-05-21 09:33:15,813 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 20.62.248.141
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id091e56ff3f934f14b0b3a5360ebc2243
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://global-login.sandbox.streem.cloud/samlv2/acs
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2f7b35f5eddefa1c3053e3af7451b9af
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2f7b35f5eddefa1c3053e3af7451b9af did not already contain Conditions, one was added
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T09:38:15.810Z, to Assertion _2f7b35f5eddefa1c3053e3af7451b9af
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2f7b35f5eddefa1c3053e3af7451b9af already contained Conditions, nothing was done
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2f7b35f5eddefa1c3053e3af7451b9af already contained Conditions, nothing was done
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 as an Audience of the AudienceRestriction
2022-05-21 09:33:15,813 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2f7b35f5eddefa1c3053e3af7451b9af
2022-05-21 09:33:15,814 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 to existing session 7823ebb5daede5ed8fb31f5b0694a77f5477db79c3630f2d756d7264f8bdb1cf
2022-05-21 09:33:15,814 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 in session 7823ebb5daede5ed8fb31f5b0694a77f5477db79c3630f2d756d7264f8bdb1cf
2022-05-21 09:33:15,814 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:33:15,815 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 and key C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U
2022-05-21 09:33:15,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:33:15,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:33:15,815 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2022-05-21 09:33:15,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2022-05-21 09:33:15,817 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://global-login.sandbox.streem.cloud/samlv2/acs
2022-05-21 09:33:15,817 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://global-login.sandbox.streem.cloud/samlv2/acs
2022-05-21 09:33:15,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6d978e48ed9c156d2500f4bdd28b1619"
2022-05-21 09:33:15,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6d978e48ed9c156d2500f4bdd28b1619 and Element was [saml2p:Response: null]
2022-05-21 09:33:15,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6d978e48ed9c156d2500f4bdd28b1619"
2022-05-21 09:33:15,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6d978e48ed9c156d2500f4bdd28b1619 and Element was [saml2p:Response: null]
2022-05-21 09:33:15,819 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2022-05-21 09:33:15,819 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://global-login.sandbox.streem.cloud/samlv2/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;global-login.sandbox.streem.cloud&#x2f;samlv2&#x2f;acs'
2022-05-21 09:33:15,819 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2022-05-21 09:33:15,819 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pT1F5MlV3X01wZnFVWEh6cTNiOUM4ODUzUGdBRG1zTWQ5UTZGMXl0T2s4JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1uM283c0dJSkhiJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2022-05-21 09:33:15,820 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pT1F5MlV3X01wZnFVWEh6cTNiOUM4ODUzUGdBRG1zTWQ5UTZGMXl0T2s4JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1uM283c0dJSkhiJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy', encoded as 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1pT1F5MlV3X01wZnFVWEh6cTNiOUM4ODUzUGdBRG1zTWQ5UTZGMXl0T2s4JmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCZzdGF0ZT1uM283c0dJSkhiJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy'
2022-05-21 09:33:15,821 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="_6d978e48ed9c156d2500f4bdd28b1619"
    InResponseTo="id091e56ff3f934f14b0b3a5360ebc2243"
    IssueInstant="2022-05-21T09:33:15.810Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_6d978e48ed9c156d2500f4bdd28b1619">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>ZhsUscqLyG0twc55p8rOEKA7zMYGTD0R35GUOZkzSDY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>JUR0usK7SGlS79008sm435mMmNqYgez5EMQbzh24F8OiYoUR9Z80OV0qcFogPNUOpbj9qU5aFQWeQXSS0nBS1YhxXOh7ERAjD5iSW8MOM/DQdvPEAMxPm4DdxW6mVC/sxTvFTWYLshgRl4uDrlErKgliTiafXglZSmCquHlGQMkOloLH7pyRZ+V7IJU5eATcru+tS62BU4iS0Y7y/0wFJCJA67Dm7QgD1wrVgBpFbjlIv1T3Qp0pksMWMmI7ggVJM5W4PFQ6yWITs9WHWBsa+Rq5X1WQWalgkKVarqWilTAZAPqaLNY9/P3ixuDW4oZMJq0aRfoHVtF6ceC9LcXOOw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2f7b35f5eddefa1c3053e3af7451b9af"
        IssueInstant="2022-05-21T09:33:15.810Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="20.62.248.141"
                    InResponseTo="id091e56ff3f934f14b0b3a5360ebc2243"
                    NotOnOrAfter="2022-05-21T09:38:15.813Z" Recipient="https://global-login.sandbox.streem.cloud/samlv2/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:33:15.810Z" NotOnOrAfter="2022-05-21T09:38:15.810Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:33:15.054Z" SessionIndex="_064a606074c3e02225fa45f47d4b569d">
            <saml2:SubjectLocality Address="20.62.248.141"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:33:15,821 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:33:15,821 - INFO [Shibboleth-Audit.SSO:?] - 20220521T093315Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id091e56ff3f934f14b0b3a5360ebc2243|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_6d978e48ed9c156d2500f4bdd28b1619|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U|_2f7b35f5eddefa1c3053e3af7451b9af|
2022-05-21 09:38:58,537 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-138830-Tyh-SrFMOkLeJ6Gf1jDNpppYWMue9BMD
2022-05-21 09:38:58,537 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:38:58,537 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:38:58,537 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_5685dc8529cc42839f4bd435d00ba532b49bff8"
    IsPassive="false" IssueInstant="2022-05-21T09:38:56.937Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_5685dc8529cc42839f4bd435d00ba532b49bff8">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>F1YbCxszW8KDyrUhskqK6AUscvUIWtMwxYuZXJ2ctdg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
NGDLlI+lioiupZX0UJb1kOqTrq51RO68cXIBkJQUBBDO0SeELrN/Q9XXj/jPYO1iottBXgo98Ezb
CgfW548frxfZk8JwEJIM7gjmd1hlQVo0BNKaevlQGLUv+5oL0ZieFNHlpIgdw0uz+FGm6WYK4L+h
QqV3vedgX9cgmWT08If1RAIQmzWIAsMNjQhb3W+9FOH5LDBRAv+LOP4VP8CmwnJrjRW/XVR0r+3s
p9nrkEhB9EhsCmcnWLXQ73NdRRQ95aVeDSVbgYx6Tu6ecdmfEyVbrGCrt0QrsJMDLgSBTTnYRdCW
AxFDM0pR8IHtwP9vNNJ+Yj1sbMw/vqpdfx24Jg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG0DCCBLigAwIBAgIQJT05eT9C8MMLxPWjiR+NjzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjIwMzEwMjMwMDAwWhcNMjMwMzEwMjI1OTU5WjCBoTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEcMBoGA1UECwwTMDAwMiA0
Mjk4OTQ5NjcwMDA0MjEwMC4GA1UEAwwnVFJBVkVMRE9PIC0gU0FNTCBTSUdOSU5HIEFORCBFTkNS
WVBUSU9OMRMwEQYDVQQFEwpDMjI5ODgyNDQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTQ4f7v+iIqvjQLCZQyJCiWK72jzbm1lNNsOGLMdNO736yJo0iUXEygaqJ4awu+Nf2Ase62f
o1hROHtOnixvceJN2rd9BMKm/j3BgeU+vlW3quq8AFkm9ikL7R4hBZopqT5deXA17EZ0tpQv6I2z
WbuoBYunvJomVoFZYRwDWFlHoQRBJma0LL8WTrPP7t4gvZMqYSpEqyeeyX2cv6FS4uCOXITFzWAA
Rp5rdIkL1YzU+Tr2thgVf/BvRYsVqaCj+94YmoJAR1/pMOLIKhfoWNxOKuTu0Rpu1LpKr72FYsZv
osn4NHBDoVJncq/crrxpaYF1FqorTjHw+054l0YxJwIDAQABo4ICJTCCAiEwgeQGCCsGAQUFBwEB
BIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNl
c2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2Vz
Y2EuZGVyMDAGCCsGAQUFBzABhiRodHRwOi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20w
LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgw
FoAUrOyGj0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBM
BgsqgXoBgTECBQECATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0
b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL3NlcnZpY2VzY2EuY3JsMC2gK6AphidodHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2Vydmlj
ZXNjYS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQq
6jjjeMXwQMpNNecEbqrEsJ9eTjANBgkqhkiG9w0BAQsFAAOCAgEArkOzqH9sUsz/QCwLRUKXqsYS
YjB9o9GmKorBERtR7WJQIxk1jZxDM9dR8LTOA6tKOQ2LKzaRl0RugagliM75Dkt4AdWFQFzZ14c4
o+JXsvCNmRtncFxY5KAJqpeIgOHigpnOb2qdS5c0U2tMa48SYl5DgTqs5nlyLTqPIsF7Am80lsTn
iNdbvyPjmyrqsaUtIJ7WpBhyt+k5TEr4b4XWOo0jYwJEutvrYXTNihmWMfobEiC11+qziyWmBrrv
dJyg1H/XGJKFZ0atOOFUCfvoqFZrc3cD9uiCkLX3ljeehKkWyvNbBoj8ETmRPjg2vXIbPS+jR82g
fhLtUJbE/zVWQCoVtKowZqlY6mMcAXkqhdHTG9jfIixHxMMqMr2s+Fc8ywXlZzmAI1ejP9/LX9bV
2b17e4QxQMKMH9f2sVRvo16n0KtKGH5Zy3j+Dwkt3iIsN1F8Lo7vymqtqSUZ3EyYKNY/GvvmrIc/
snB/mGw4vqxYIXlIwwpm80/NRBeR88OFR3PYlUYKxrf9HKVRP8HqHG9buYSQdDdVe7k56Af77pCl
88LDCL49/8hb/XzndJjqvSLbKsU6UWV6q2e/kkQ+UcF8bBUMfHWLLK8xALkzrg1EATC7dviFBnS1
JXLmWJjKwHfWUkBPJnZbMCiKfgyNK5vTXpzzOszUdOFBLRTbtco=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2022-05-21 09:38:58,544 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2022-05-21 09:38:58,544 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:38:58,544 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:38:58,545 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:38:58,545 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:38:58,545 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:38:58,545 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:38:58,545 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:38:58,545 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:38:58,545 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5685dc8529cc42839f4bd435d00ba532b49bff8', issue instant '2022-05-21T09:38:56.937Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:38:58,546 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5685dc8529cc42839f4bd435d00ba532b49bff8"
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5685dc8529cc42839f4bd435d00ba532b49bff8 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5685dc8529cc42839f4bd435d00ba532b49bff8"
2022-05-21 09:38:58,546 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5685dc8529cc42839f4bd435d00ba532b49bff8 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_5685dc8529cc42839f4bd435d00ba532b49bff8"
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 28006387942418969225649916333139519355638096712380574766811124292301661924791783373435519521645343314222150486630544111279201208456534326021789549853743685148618935308478902334906724628767813199207089277413212107100136253421395783986273751615833433303294145160454079582517841805266304683646247889208889889285649761903626503112587855797858159314696858314376793384619325800929104640111043457518521477309769823877476635541777671075359495929393833402001839094854271118678662367631745138729125305417820632241324967181751700731063078265668737087296240734489903773792043477803426999131829187384000744293796058798748147374959
  public exponent: 65537
2022-05-21 09:38:58,547 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2022-05-21 09:38:58,547 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:38:58,547 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:38:58,547 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:38:58,547 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:38:58,547 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5685dc8529cc42839f4bd435d00ba532b49bff8"
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5685dc8529cc42839f4bd435d00ba532b49bff8 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5685dc8529cc42839f4bd435d00ba532b49bff8"
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5685dc8529cc42839f4bd435d00ba532b49bff8 and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_5685dc8529cc42839f4bd435d00ba532b49bff8"
2022-05-21 09:38:58,547 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:38:58,548 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323239383832343432,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700042,O=TRAVELDOO,L=LEVALLOIS PERRET,C=FR']
2022-05-21 09:38:58,548 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:38:58,548 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2022-05-21 09:38:58,548 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:44:48,180 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2022-05-21 09:44:48,180 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message
	at org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder.doDecode(HTTPRedirectDeflateDecoder.java:108)
2022-05-21 09:44:48,181 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2022-05-21 09:44:48,181 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:48:59,245 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-139037-JFUalEqKhyR0c-1YyRLa6Uwq3WDRo9r4
2022-05-21 09:48:59,245 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:48:59,246 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:48:59,246 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_4eeef1668efa471993fe66695797808d2f382de"
    IsPassive="false" IssueInstant="2022-05-21T09:48:57.735Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_4eeef1668efa471993fe66695797808d2f382de">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>ltf6RQRrtsHXiacyiqikNwJF1d6KH8CBN1nVHVC34/w=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
oLZ2HisrSGAtHp8eevbry2LpsJHq1w+JNaGeiL1GnreLa07X1zRRXb/KMqVc+PB3PsuFE+stER1/
mxdBSdm9has0yyqTwXo/dQqdEiakD9+1vbpz37MsX2namlXEy/KBj0iiqxpxmvZrgmL7slD4s2v0
dyPdwEBTiRB2zCOHSenVMFPtSuL9AkSvCgIQ2epw3zjxg7G+pif+/1wyL9Qus62XvW4vWaZ/4EFE
JqKQd4UXgf/y9/lkt/T3jh35WMib1y8ozazyqcOq/NnRBLyuqtI0UbfCXpsl/2NlqaUiG0PdKM3D
cK3lp7f2YhoD5H4KT/85BsvBWLWUI2ZCAXyPWQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG0DCCBLigAwIBAgIQJT05eT9C8MMLxPWjiR+NjzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjIwMzEwMjMwMDAwWhcNMjMwMzEwMjI1OTU5WjCBoTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEcMBoGA1UECwwTMDAwMiA0
Mjk4OTQ5NjcwMDA0MjEwMC4GA1UEAwwnVFJBVkVMRE9PIC0gU0FNTCBTSUdOSU5HIEFORCBFTkNS
WVBUSU9OMRMwEQYDVQQFEwpDMjI5ODgyNDQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTQ4f7v+iIqvjQLCZQyJCiWK72jzbm1lNNsOGLMdNO736yJo0iUXEygaqJ4awu+Nf2Ase62f
o1hROHtOnixvceJN2rd9BMKm/j3BgeU+vlW3quq8AFkm9ikL7R4hBZopqT5deXA17EZ0tpQv6I2z
WbuoBYunvJomVoFZYRwDWFlHoQRBJma0LL8WTrPP7t4gvZMqYSpEqyeeyX2cv6FS4uCOXITFzWAA
Rp5rdIkL1YzU+Tr2thgVf/BvRYsVqaCj+94YmoJAR1/pMOLIKhfoWNxOKuTu0Rpu1LpKr72FYsZv
osn4NHBDoVJncq/crrxpaYF1FqorTjHw+054l0YxJwIDAQABo4ICJTCCAiEwgeQGCCsGAQUFBwEB
BIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNl
c2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2Vz
Y2EuZGVyMDAGCCsGAQUFBzABhiRodHRwOi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20w
LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgw
FoAUrOyGj0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBM
BgsqgXoBgTECBQECATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0
b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL3NlcnZpY2VzY2EuY3JsMC2gK6AphidodHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2Vydmlj
ZXNjYS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQq
6jjjeMXwQMpNNecEbqrEsJ9eTjANBgkqhkiG9w0BAQsFAAOCAgEArkOzqH9sUsz/QCwLRUKXqsYS
YjB9o9GmKorBERtR7WJQIxk1jZxDM9dR8LTOA6tKOQ2LKzaRl0RugagliM75Dkt4AdWFQFzZ14c4
o+JXsvCNmRtncFxY5KAJqpeIgOHigpnOb2qdS5c0U2tMa48SYl5DgTqs5nlyLTqPIsF7Am80lsTn
iNdbvyPjmyrqsaUtIJ7WpBhyt+k5TEr4b4XWOo0jYwJEutvrYXTNihmWMfobEiC11+qziyWmBrrv
dJyg1H/XGJKFZ0atOOFUCfvoqFZrc3cD9uiCkLX3ljeehKkWyvNbBoj8ETmRPjg2vXIbPS+jR82g
fhLtUJbE/zVWQCoVtKowZqlY6mMcAXkqhdHTG9jfIixHxMMqMr2s+Fc8ywXlZzmAI1ejP9/LX9bV
2b17e4QxQMKMH9f2sVRvo16n0KtKGH5Zy3j+Dwkt3iIsN1F8Lo7vymqtqSUZ3EyYKNY/GvvmrIc/
snB/mGw4vqxYIXlIwwpm80/NRBeR88OFR3PYlUYKxrf9HKVRP8HqHG9buYSQdDdVe7k56Af77pCl
88LDCL49/8hb/XzndJjqvSLbKsU6UWV6q2e/kkQ+UcF8bBUMfHWLLK8xALkzrg1EATC7dviFBnS1
JXLmWJjKwHfWUkBPJnZbMCiKfgyNK5vTXpzzOszUdOFBLRTbtco=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2022-05-21 09:48:59,255 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2022-05-21 09:48:59,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:48:59,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:48:59,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:48:59,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:48:59,255 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:48:59,255 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:48:59,255 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:48:59,261 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:48:59,261 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4eeef1668efa471993fe66695797808d2f382de', issue instant '2022-05-21T09:48:57.735Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:48:59,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4eeef1668efa471993fe66695797808d2f382de"
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4eeef1668efa471993fe66695797808d2f382de and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4eeef1668efa471993fe66695797808d2f382de"
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4eeef1668efa471993fe66695797808d2f382de and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_4eeef1668efa471993fe66695797808d2f382de"
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:48:59,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 28006387942418969225649916333139519355638096712380574766811124292301661924791783373435519521645343314222150486630544111279201208456534326021789549853743685148618935308478902334906724628767813199207089277413212107100136253421395783986273751615833433303294145160454079582517841805266304683646247889208889889285649761903626503112587855797858159314696858314376793384619325800929104640111043457518521477309769823877476635541777671075359495929393833402001839094854271118678662367631745138729125305417820632241324967181751700731063078265668737087296240734489903773792043477803426999131829187384000744293796058798748147374959
  public exponent: 65537
2022-05-21 09:48:59,263 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2022-05-21 09:48:59,264 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:48:59,264 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:48:59,264 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:48:59,264 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4eeef1668efa471993fe66695797808d2f382de"
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4eeef1668efa471993fe66695797808d2f382de and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4eeef1668efa471993fe66695797808d2f382de"
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4eeef1668efa471993fe66695797808d2f382de and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_4eeef1668efa471993fe66695797808d2f382de"
2022-05-21 09:48:59,264 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:48:59,264 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323239383832343432,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700042,O=TRAVELDOO,L=LEVALLOIS PERRET,C=FR']
2022-05-21 09:48:59,264 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:48:59,265 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2022-05-21 09:48:59,265 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:55:08,063 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 1
2022-05-21 09:55:08,063 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2022-05-21 09:55:08,063 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2022-05-21 09:55:08,063 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://qa.nanitor.net/ui_api/account/saml/signin"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-296f891c3ee2d21aea6fb5c2c5cdad6bdd88222a"
    IssueInstant="2022-05-21T09:55:07.23Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">urn:nanitor:1c502406-f1a2-45b2-bdd4-c1ec7ce4aea3</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2022-05-21 09:55:08,072 - WARN [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Metadata with ID 'urn:nanitor:1c502406-f1a2-45b2-bdd4-c1ec7ce4aea3' currently live is expired or otherwise invalid
2022-05-21 09:55:08,072 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'urn:nanitor:1c502406-f1a2-45b2-bdd4-c1ec7ce4aea3' from origin source
2022-05-21 09:55:08,072 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=urn:nanitor:1c502406-f1a2-45b2-bdd4-c1ec7ce4aea3]
2022-05-21 09:55:08,072 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2022-05-21 09:55:08,072 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for urn:nanitor:1c502406-f1a2-45b2-bdd4-c1ec7ce4aea3 in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2022-05-21 09:55:08,073 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2022-05-21 09:55:08,073 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer urn:nanitor:1c502406-f1a2-45b2-bdd4-c1ec7ce4aea3
2022-05-21 09:55:08,073 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID urn:nanitor:1c502406-f1a2-45b2-bdd4-c1ec7ce4aea3)
2022-05-21 09:55:08,073 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2022-05-21 09:55:08,073 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2022-05-21 09:55:19,508 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:55:19,508 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs" IsPassive="false"
            IssueInstant="2022-05-21T09:55:18.808Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>X5q9wmsxNlhNiV9bOCWh/vi49bA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Q//pOmAc1aubHRrITBVi0n5CSE8ogjVdlYPxqpBXBia9QDR+CAnxXbL4A4+Vr+jr8vICu9nkOjLsa9S+9U7truZUULVVgFCyALLSbqQO1scgfLwn9mM4WrFhKyUlRk3REBfyuKu5RlvH7/kf5A5LKIKFRT7gBBqiLn7tYP93njAOe+7w54kaRAV51JllR6RxEkKk/xVXQnUcy8/sSPUcQCixZYaYg+FlgGUEC54lbi1it+WJY/jhOVOSe7/vLr6ZacCTtbrUf39c2lsylTOYbcz6Di4GuRLlzWyGCyviuAgRKmUHZPGgCYER1NHOoiNlohuSMOC53SY+n1+CWq9ySA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:55:19,514 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' from origin source
2022-05-21 09:55:19,514 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:55:19,514 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:55:19,514 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:55:19,514 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:55:19,514 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:55:19,514 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:55:19,514 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:55:19,514 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2022-05-21 09:55:19,515 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:55:19,515 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:55:19,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:55:19,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:55:19,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2022-05-21 09:55:19,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:55:19,515 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs', issue instant '2022-05-21T09:55:18.808Z', entityID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' does not require AuthnRequests to be signed
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam-pub.eu-ch2.sc.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 17690559969113010500025881010619213400345626812472181653894564860907995902724801041698697782548434756201775064962906924374900523683034565605704539780943252986983868654032436251158190135838925650681620346295846302652398954587422904063025334169212700266878558193177023254402558995079738283318960893577128640871941123136173476097876571763371091281894227854514760146092473561430437169709030588294185552900745270169513172312022952308176858824145945189838278341616426241991661428602440894114265209620282548614183886637909035647666902560652932959452165312579787914608988575485893546899011261488314858885622676781116937477643
  public exponent: 65537
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs"
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs"
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs"
2022-05-21 09:55:19,516 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:55:19,516 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam-pub.eu-ch2.sc.otc.t-systems.com
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:55:19,517 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:55:19,517 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:55:19,518 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:55:19,518 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:55:19,518 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:55:19,518 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:55:19,518 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:55:19,518 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:55:19,518 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam-pub.eu-ch2.sc.otc.t-systems.com
2022-05-21 09:55:19,518 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:55:19,518 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:55:19,518 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:55:19,518 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2022-05-21 09:55:19,522 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:55:19,522 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2022-05-21 09:55:19,522 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2022-05-21 09:55:19,522 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:55:19.522Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:55:19,522 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2022-05-21 09:55:19,523 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@103761809::identifier=rick, context=org.apache.velocity.VelocityContext@3c91258c]
2022-05-21 09:55:19,524 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@103761809::identifier=rick, context=org.apache.velocity.VelocityContext@3c91258c]
2022-05-21 09:55:19,526 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2022-05-21 09:55:19,526 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:55:19,526 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:55:19,527 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2022-05-21 09:55:19,527 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2022-05-21 09:55:19,527 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:55:19,527 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2022-05-21 09:55:19,527 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session cf11d89cabad6cc4bc9c2788b357125603c824d76c60efc0611591e27f26bcdd for principal rick
2022-05-21 09:55:19,527 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session cf11d89cabad6cc4bc9c2788b357125603c824d76c60efc0611591e27f26bcdd
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:55:19,528 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:55:19,529 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:55:19,535 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:55:19,535 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:55:19,536 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _90514264a3f7222359637599e0549bfb
2022-05-21 09:55:19,536 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _90514264a3f7222359637599e0549bfb to Response _b4ef0bfd51e7c26d54e12fc108bf62cc
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _90514264a3f7222359637599e0549bfb
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2022-05-21 09:55:19,536 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxDoIevRuPk0kIrF6UqiCOnMIjtuafHgmZH7Q+7MqoPklmDAcjKCJkiqY8YzJetFLNF4G21Go1+yl+mPwA7TYCAvQ4B9uo8ksVY5hUO6bTnRVAbE/eYRhnq75vNZ8tfCUEGTtNd20aXhF1pkbiNME= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:55:19,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _90514264a3f7222359637599e0549bfb
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _90514264a3f7222359637599e0549bfb did not already contain Conditions, one was added
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T10:00:19.529Z, to Assertion _90514264a3f7222359637599e0549bfb
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _90514264a3f7222359637599e0549bfb already contained Conditions, nothing was done
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _90514264a3f7222359637599e0549bfb already contained Conditions, nothing was done
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam-pub.eu-ch2.sc.otc.t-systems.com as an Audience of the AudienceRestriction
2022-05-21 09:55:19,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _90514264a3f7222359637599e0549bfb
2022-05-21 09:55:19,539 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _90514264a3f7222359637599e0549bfb did not already contain Advice, one was added
2022-05-21 09:55:19,539 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam-pub.eu-ch2.sc.otc.t-systems.com to existing session cf11d89cabad6cc4bc9c2788b357125603c824d76c60efc0611591e27f26bcdd
2022-05-21 09:55:19,539 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam-pub.eu-ch2.sc.otc.t-systems.com in session cf11d89cabad6cc4bc9c2788b357125603c824d76c60efc0611591e27f26bcdd
2022-05-21 09:55:19,539 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:55:19,539 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam-pub.eu-ch2.sc.otc.t-systems.com and key AAdzZWNyZXQxDoIevRuPk0kIrF6UqiCOnMIjtuafHgmZH7Q+7MqoPklmDAcjKCJkiqY8YzJetFLNF4G21Go1+yl+mPwA7TYCAvQ4B9uo8ksVY5hUO6bTnRVAbE/eYRhnq75vNZ8tfCUEGTtNd20aXhF1pkbiNME=
2022-05-21 09:55:19,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:55:19,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:55:19,540 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_90514264a3f7222359637599e0549bfb"
2022-05-21 09:55:19,540 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _90514264a3f7222359637599e0549bfb and Element was [saml2:Assertion: null]
2022-05-21 09:55:19,540 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_90514264a3f7222359637599e0549bfb"
2022-05-21 09:55:19,540 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _90514264a3f7222359637599e0549bfb and Element was [saml2:Assertion: null]
2022-05-21 09:55:19,542 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b4ef0bfd51e7c26d54e12fc108bf62cc"
    InResponseTo="_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs"
    IssueInstant="2022-05-21T09:55:19.529Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_90514264a3f7222359637599e0549bfb"
        IssueInstant="2022-05-21T09:55:19.529Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_90514264a3f7222359637599e0549bfb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>mqNFouRR3IL8yiwTKcsi3uZREo7d4vfs4oEpa08ZjDE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>rx93rznnM/tqT/u9rs1u4qXYPaxIqjBV0VXH2KL2bMRv0Tt6HKk1iqyfaom7PmbhbMCSX07WpAcnxUup8ImoU0RKl9GkW5T4ivIFGwzC1LZnFfTf+zOZyk/Py/KQLUy5QkmUJck5+mi11jtKBkFmmwZYeWQ7ryrzaxxErt8VgJmtTNFhWmw/ZKubv29rF8deD+D4hdEiQs3rVbCP477d1YNP0c1BSffUBUOly2FDVM6yIzwOyEWzsZgj2cQqTiQSXTNK8Wf6PjIafjs3g7WyoebXfvlN8CGIN18lOJG1TYAhELV9Xcbi1UAD/3pzkbOTZKLUBVx3hsHYYFXcq1alwA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxDoIevRuPk0kIrF6UqiCOnMIjtuafHgmZH7Q+7MqoPklmDAcjKCJkiqY8YzJetFLNF4G21Go1+yl+mPwA7TYCAvQ4B9uo8ksVY5hUO6bTnRVAbE/eYRhnq75vNZ8tfCUEGTtNd20aXhF1pkbiNME=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs"
                    NotOnOrAfter="2022-05-21T10:00:19.537Z" Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:55:19.529Z" NotOnOrAfter="2022-05-21T10:00:19.529Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">i3NxET69+HoUMbavBEis/Iq/F+UyoC0/3rt0Kj+r1/0=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:55:19.526Z" SessionIndex="_c1e20e16d6085f19e143c79241a7cc9a">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:55:19,544 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:55:19,544 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2022-05-21 09:55:19,544 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b4ef0bfd51e7c26d54e12fc108bf62cc"
2022-05-21 09:55:19,544 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b4ef0bfd51e7c26d54e12fc108bf62cc and Element was [saml2p:Response: null]
2022-05-21 09:55:19,544 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b4ef0bfd51e7c26d54e12fc108bf62cc"
2022-05-21 09:55:19,544 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b4ef0bfd51e7c26d54e12fc108bf62cc and Element was [saml2p:Response: null]
2022-05-21 09:55:19,546 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2022-05-21 09:55:19,547 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">i3NxET69+HoUMbavBEis/Iq/F+UyoC0/3rt0Kj+r1/0=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_b4ef0bfd51e7c26d54e12fc108bf62cc"
            InResponseTo="_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs"
            IssueInstant="2022-05-21T09:55:19.529Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_b4ef0bfd51e7c26d54e12fc108bf62cc">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>h648tSCzLKb3cneSXQw+RH+gvuUD/Mt2uURQekvW18o=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>TE8Rv8iScY/TNeMrhcfkStQPgFJ3sP2A9huh8TfnvwGod7Ac0OPj6u5QdB28WzUVRug7HSdGC1Qw8zam9BBx4iaV7Uy9TT6N3dSWPysi0SuYTYvyaHYYjaqkXxvt0fym56tqvfibKbGf3ydPd8FELL8PRxTiRYWjO7tOINzsl91Ub830aqAXI5k8YFEZkuqAAlSlok47xQkLq9D1mZUA3dwn7HiwMhq0Rd1Szj8py9NE4JmM4GFRbWjhH4P4KfMp8to/RWRrKQbFuoOuUcteYKNONUghs13cjLKGV/3r0+qAW7su9nsyw9WMqVl0QnpdMR3uXzTZ0JEklJIH2y9vrw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_ad2269db4adf6db02c730afc8c20b050"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_8a09ce88bc0d7e20e687d3257e9a716e"
                            Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>d4llas/el/kZmJirKWb7v9HhPzoo1Ut0qvkvBPXo4pIpwUfZ0Mj0xetPKLxEU20sEhxmzLBUL5mpV7nxRq/ro6GTMri7R32aVDPzAK1hEq3qo6StgpnRFIHGRP1PbiDyJRS4OqIP8DH4YXyQ4/YO5sQJI94yAWQHODPPChabARjpLoU6b+xFSMjEnSMoaNDHBH0XntIi8f+WXJtfUd8goUMeR3mUVGJeW9PkhhccE1tTMAqpI5z0YfgSVoI1IK6Je5Y/pDvKcwTDQVJbpVesCkPbr37V1LnR3HFNvBTjn5uojYUlVGH1L2tAp8ZkhoUBCnCjpcbBFsgqb+W8p+gZuQ==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>HUsWSyZ951mxkoi4xVT81Uc1ztLhbzP9ggs/vm4jxLo05kvFsgPQAF2Ah2LDkcyV9QujcS9NG7QnRNJz8HUhm+0vnpPsNt8d/wBEvd5iUt8Y2M5Uc3xNBg3+a3RRkhEDsc+HA1oHG/J2LcVl2GmjIxXgPu7cos0HFcJP2j0FvvQyEzR+yWoMHFwiPKKjVmUirE0s9QQoTtwBq1zovQ2zXtt1vS4qeBqKxm8ze+n17y5WJS7oS53W8IPiggCgKC1odgt2106reBXhJO17bxfdvvDFNFcpSCy0LfZpXkaf3K67xWpeMhziULFTpJCrzqWPTsa8+aVPMBO4aknfoYECtKToMrgPjxUoMJ705GkRb53YDwZYslzPyNCcpi5t6BcwFe0VMiCP18LSHvEuxEKibkf6IRK0oG4Xn0JjbYtGZ9kHMxhZmEBrh9keyNoI/65zIV38g5oPSkwHqp3EjsU8eW7VGHAJ97KfmVhmuSx/KSxif96HxhcBKNlT4a/DUQHaN4Lz62DiJASKt9TO9gB9xoZ14cp5YN+tfZ5wgHViaQnNNLByEoLCS+1REtRRDQKHTrhzpsNTTS06XalE9kn+njp1CjL9/NafjorIB8qxke0wSGcCqk40Avg4QopLnPAlJJ0PxqOEVx5VLRMcXK/3Kpezhtv0/EmgQaTMzjUFPSe+kBAaeyso4+VO9mQ3A+EVr9kJ0DfXsRS4GpH6C9GeEtWDxfMUyZK59WacPzs6VZjHaWBdv+eX84NyLklEv7WCkaUy2bFQHJbCZkrBakTlWRoRUhwUSBKqcDTymTg3PpKevqaITKROYo/pXpc+8BcdhpuRMEFVAAhfHab9kMWh8smJtgIpnM1e+djOASMwKTEBiWseDljuQXyfwfi/WeliEeZBppZ3hfZ+KDPCnTzbgh2KeC3x47/ZScP6+T8YAFS3nbp54gptSY6vo6xCboMyoDw4ScDl6Mqn7zSt2VNy3VzJL7pq5HXKcTIw1cZbq5F937R48mgEhMJZlnxz1Cm3vLNhV+N1Cs+VWsZSL6pNshZE0pMre7DY5/GB9tPwWv/49y+9/Bh1RUnJZjbbIxhO9lbD95lOmXKyugR12sd3sy4wuZuPPHJ9fQVJ5fzUOFZ1SFEG/w4YK9Eu6yubXNW+16k6qZ8z3KiLTJfie4J7gayK3V36EeQI9JHZyn2B8lHG29jCdYeElLGP71KPCuB1G7IH/KGwX1a4Tz6rX8232hBRUGfwRTdJatyzp/zcHXBUArCP6A0q7SFWcU7rLA6YtFGvr28DalqKj9GcIEJ/oZa4Uu9v+CuD3PlkfoUgb5DjFIKDwsOTlsYlgSW0QWcaoEqyTuZy56CaKAEdHCmGTWHmSOUWEheFPQoKTQAR++CgxaHI/KjAUYP5/JQB5kTY/H7SeZlf+PKuzf3qbHOzcvzQ2qyXTnPIJqxLMX+StpdY5WTd7I984LQs600cnzXaLpvH7+zJ32oh0MGTVdAV9Zee61ZFvwBdbJjDRMJfnA4vm5SInC3n2XNQJf3ZhoSO8Oj6zV5C5wdeHvKbmZ5QzZN+tMFdVRL4RbRPADUeC6spk+fmqe1G/ZFgVLee3RPKeTKItvnNvaiGGtgti76wU39hPpJZT2Lmp/Qmp6LXGA24og/rhOmTiAXStlonRR4Ua5D8LPm70bpLd20KePSW8092hHfJS8YgCYpDp38p+j1etpe7CEppLnNaLbWxLo56oLPn9LVsaGLBnMgGpRB+ECFqY+e0OtAc8YCbpiwfpe96h0wFc2pzRoxIFsAJ5fU9vW3W2yqdWquEuTvyAMEsStmZDViOf/LF640w1HUbeXC430fI9G3EyxRmrvEoHG8vlB7usUhlW9+PHM3lDHsUBHPyLfr8cAejh3rDRD524ovBeDB9UITFh/fx54hzbNMBVQQd1EFVe2CWTGwkiaSTE9vji7XCAFhV9sASHWpzs3s/Hfw2Df7s2ibZEzmB9xFmka1fKiAFdoOakHFt5fEFGGPmF8sUwa05VgEQLqgDuo5cgxG3sYMuTixPFNMOn72Xd02f89vqPsOlFwZFWDm+c44oma6MwZ0QgxVWQ7VdYH4KWRAWr+HXgASAbqPvrzHwe7K3nx2x5hZU21yRlHlakTcxUXp0d5OUU2R8UP5rB8Yn90CCGV4m8UFeY0HhMCS/al8jNx99zP+Hs+gkTHxrozZJ2gYNegmfLI/Z2PfpPxdhuSN9tXK/Pm+vmYxdTyQ7k9Vw0egMeA0mKHL0yfWzJeUEo/fMToclzdZTQlJjSc8WyN26jiERav1kKvMW+nIj6qfkzWJXPSPyHdSJ6abtJRRtGasCvDpXT+W/DR4viP9iF3o3mOrml1Bswyt4mj5GWFfmcSlj5FOlWfL2dXGqEJto4t9rAMpUFFvGoocaR7nahkD8o8AKYq5AAj2BEPk1/6s6y0BCX+HibeJQggoSu7z0LawzKapf8Jpuf1yEql/hxq2HrrJ/MMuWK59HAPlj9s6MR0+h6ZBEFt5994Wt95NyPxzPXjayEiO/feaOy2LQaMKgUVANGnHRHURbYvxRpLpF96CkGXKyFq7xHttAVjptMxdjn5yhULsEV+mtb16r+u5cKt/EJnjmQGxzf0M1DHvKHpPA9+qXQzFTFn493G7RulvY6KxClZkfO9j0beyJIEpxdb85R4aZ1KsHRFbC3tTlshzR890Fug7xLCd+SOSe72VHDpRwnliebZmD8lc51hGoRwUB8HN6AKqDLJR04luZ5q4xZKiZF05CqzJOopgDy2fNCM4Vh5w3/pF9VPARb5CwYXmm/plDzJXkSMQZi/zsJJv0kL2n0aY4qGyhlP6zAxcFFEFo+INrU++MP8CWD+tSsQtt/tw3S5tx6LRMPdCHjGZGiFDc4whMZTkV1ryF0V4Fv1lYfb1T9f7pD30ZgN2ic2aRB1vZemO0XtKw5dZDxsdWKZvePcu0PjBJ20d0c2nyVI2tEAiLIQ/3Gqqpk3GZEQ6/conFZWd6r1IL0qiF7uz75YkYYwd02Jjrgo2D2of01QcLNvR4/SlJFyYaWzGHSod+4fjiW40p/T7zLylBhjd2H6dr9+IyDwVg3+02+8k+8loClpA/TXX2WF+IXoh80dhBG0Y4RZfUoWr+PNAtTdOuSXZ+J275mpnNnQvRX9n/IM643of/7TbcxNwt1U/HmXfHXC299y+wMfEj5RKmyRXy+h9cr+0CBK8Mq/uTOmlmpZdJ1KFUILEYR8CGqyHFzIlGVlQuOeVcWh8s0PIHzUMygml+fljt88DTrm8yO6ts5QhcLzB+Q+DBUzTaHXBfRktUc8xR8kjJV/FWrg3XrAIUSzb6yQSE/EG8IRdBHPmWt/J74sKJuJxKCW9wT72D+vEaYrsXm6EGSBRnTuXYg6SQ/2pL2UYbpsGTB7H8/KtyTcgQkgPL/ILMUr1ahsPSTtFUnCxZVs6Wn8OAKK2i5BNHZGtRL1KkfyKme1NFXWnhwnbnvc1LSS+axmJ7wQgk/0nfOQ3ClGEUbFqMNwH60vFe9RvZJpQXGopcguZ/+J3L7QKiuMsY2MKgNgvq+P0PmRPtYUyXRurquJ2kQ5P28hQo+sMMi6YOoyocVjiPODK2sGQpUfSq3er1ccqsXGsSmeM4SQMkz5zDXIja+ugCYI5doMXeVSAKuREv0Sffi3qdOKeaK2N26Xk0CIUyxZglEr1u+dBvSgeCVqQLAlxLxBWAod1NeyAse1Htfcn/NryaZBDn3Yt9BBeKkGO5yjm6/VnG3r0JTwEKYzas8tLXR3epw5qQGk090RbEbfokCsQE9ZkxoSjQHF0WXHpMhLuChI31Pld79ffL+W1xxEkhVnL3jZgGcYfgsUf5MiJWYORGQRKD7Dkwj+lvSdpJgGx4rZGjAtEDQs6ac2lLr/W0FxmXDMHKtxXKGlV0bypObW2yYKNV3PIHNBdHbEGy8aUlPmYKxSuo3tMWqBVkM5MH/9FGAqCHq1Tvs0qmoiEW/hJHEvjRgv3MjQGE2Y+MSLlEdSNsUfeWpxEXuo3yxQh2fgOA0/K8Un1XCuVhKeEmxqA1DrQFQ5VzyhVjlSwR6NdLO7TimTtc55nnSpcm/RRM5wVMHFbGCfmjWF6rWfyaUs80RK7HnahPCC5iXmRZxOs8+vOhsQqaf7K/eR/jXTXZGf8dJG8BOudg4lsKw2/7Gsl7DDDqjrO2jhXN6ras904Tu/LX9Tx0c/3Dlk1+HwbgIsg+/62GwZkoYm8r+aAO33kY6J3c7pNHhVOLXKiB2q8EEJ51R6PeT7WNFEbiD15qKxey5eYdHShKwwfu8IEUmdP/XbhOTQlrra2kQwem8q4+K4ZsSkDD0ZZU5ZMznVgw+TAg7+Pzi26GLM2d84u9WRdJSbIACqMTJOxpm288eVXsHc9f/r8vXZNerOHzwGMhY/WwXgHI1Hjj7lACvN6d6+P0VEB/p5JtkU3WYYtfp3fmePvWfqcsKkVZzeoxYuxQCtbmDhCVvvhTbzNubHN9Bd8Ddv+fdUYRchmzRj2GtGkCuis2PltIWy7RSqorTiZzj79dHGEGvELvQpaJKhPnT0z16DvCYv6ydq0An+d0R8yS4NXnaXrxZIkM1YXgQCnWImVt8xRz0V5l1N+kwshUP5lttDH3xv/BANzQeHN34URr2K1diA/RowulnrV3gmEEdakrGD9JVOChctHP6Ey5bsXNTqTln+kAUS2W30HJpHuPrFUz37jGowtnLbmYqmF8pwwsqpnYSCCJOCLoKm1cmklerR+PKAoAvn1LRcemVNdvYEoFv0D1ScA3iIEWIcjYkQIj1h68OWFVB5e1fjigjsFaAnVf6yKxH0/aYnzZI0Aqm1iNr3cHjY0g9fnA3gwLzeA/WU1IBL+rZzHc4yCLWk+8ruf3nJ0NWqsCrkppQfFMDTN7GNv4ZDqnCgBuNuJjZk16/IgNxO7TZujEVqXW0r8Ppa5m5tWRBW9SLFiKOaIs05SXsaoCp7BUJsY7pJB7yeeyjTiFM6GYxTaTc2dgnzmFicDJmvddq61bukb10OUx2RPW/cR3HQJ//NbErHE6dZUzF6SQiUptopss13nBeFLakJBPLtJQ+T2X1GSYz2oJGscfOrqXTTZDTRWUdBsx/aHuAQGUNE+hg/dphqMsW4DGQguv/71ZIdb6zuh1iASVOuhnpvBaCVqr7AKgRojJpCGkboh6jUNP8gFMK5xUf9BQT8c8o5p1Nu0q8hIYe9oDcFMQRw06bKY0SARtGoRPMdcRDjekrbcPsgY1H4iKxm1IZFKDxxbi1FNokq9XQR3Q5ZBJIS2bJRL6R1CP+9AkrSgyln572YCKJFUjGkwGDNRbr56GLfJZTa/N3iAB8TBWCapsU5u5CkBN3zZ4J1B3M8drgVPFxs+JhWoip2WsCuOBtSjE/4yB8cBTRyDxOUN+xkieYFZZ8458RbjAAwxh1fN4xA84J+qMQkORi+gjD+GU+SunZeSVDmY7Rg+w0lbL5W37BbNuu4qwNyiSHuN2eFNUuOgsnF62SdJnr8gtgJtEfWiLZjoPYqT0Lt586slAQm4HbQKvuW5mGP5c0s9I0H8u/d0NmRjv/w7JWnw0zK/dF73v+k+Sct/e1ZG9Clj4A+5xfat319yBkAu3TX6IKQvly2+/cYSuc/YjaC09bkZDu/dgzBgx/0/DskgaO0j1lfqWfYUKE07ldprt6W7aJhOp4kOJ1Gz90uEGLH4uOkBS7eG4FDRUOXNw8qs5vf1X2MssL19wF52rBY68BHglkXjH72eVL0IacFC3UDV1AdXzAFUd8EBPCN7Mtd08e9uNvmU8g8hj8pUwrdZqQxOy8W9Jf02frkrmDuIdxE5z3gEHrFrR8Ny7nnwsCzluumac75k+JR+TWC7J/JGys8KPzJzSNrx8rY/EKDc5Q3Olh8zPvKhYiCvtSb/29Ic8e6t9/Ec+ptJ1eHnpeDpnHczdS1WnF1k/8H4ZQnnmHAvyKD+MkpCqx6X+DnCrNGKUWFNHm2NoaGOW8PY1J9oij0Kcoq7f6I3dtGlpFcmg12pAX9W0zHCHwvHSkugsrdkfHBK5TVSH9SR1HZ2Jl62/9I1qrUjQpCZqdxNBbKX6EuJQoozDp2sjY33wClxKVVyW9d4FsU9q5ahYzv5QaO0eUDvWCz0ne67tx9AQMLYKjwyeWjbqtuxstNCu/Puj+QxF4Jzo7zDvcha0y6jvaiEpDX9kRmZlOGkTRJ9Ey6PL4jWeN56YpCZiH4yZYXlD9NqrjrnO79/UE2/qQw75dXCUf2XEpk84QxnQsSt+Y6WX9uiTlEf0s7NvSuRYQ5Vpnb1snH6gbqKFphT70UOplVKDSBGTNzgfgp6CQMGftU4sUEXmaFeRQtvCmp3xmNeZrd6V0Jkqq9sM5w8kflqJQj8ixfgnvAyS6hhRE16kagm8P6eJf0C/SAx30/t0ISom5d9/azBYzP/HyzSEo6ZugvR5DssTCxfZE3CND29Zn82fDIi/wWLO+xsON6KylOFan3Ulsj4+x5ByRRz5SIKplRsh2mZyE+KwPBmDcXTLIn3UxIxPMnZCPagRFysJ02irGyGB7ohA4RZ+RFMMhYUvDRpVElO4bmw10VzeVt6CFhaDalzZNnKvDt5zTRNitV+inlCjrfyaamAQACfA7hVqo8xnFa/bcgnf2Zz6e5OqnyNOaqly3DFIRErO0ovfhooUm2mFg5X5P98uRuOBIZa5c2ahgl1Cuv4MhQOZ7K/gnYzGXhfsb7cHXOmSF/bnQeGTGVLYugLgGXErqTg+XTJ+WiE9efbqdZKtxRl/vJzjy3mX42ZELUzEpEVThkYADd+tKyDsOKntw4vzVFB2Ry2n6uY5m7H7ePsNZvvUaHlbm6gyekrTcMlhqnmXehmlrYKiAzh+tljGZ4YikxEoc4CmtXQ5RXP7UMQtgyzUkXKVRv1BRvhrUOy4e07xW3nDZPnuOPHp5fNq/lpQkVyoaiw7XU5J7QWTCQKH4IITeU9hGNj5LZDkbi2eYidXOH7pDhr8H67Fh0gFxSMpYSP58K5Tl7BZ+8Cr51DHTE3IPv8n7foHJBAtngyfjeWz1aFqsTsxgRb6HArhCv7KqYyqDFduy7YmlUb1XLFjHKKTsCUP8eOHpvYS3YuJj6BhW7KePLAqX+dcTw620yFjItWaOJx6EL4phk46GK3dQxbMUjNg7uUnBX7b03ttg9Mdj2ErSp4uKraOXZ7nHmwha0Ye/GTzzPfaD3RgCBpEIgn8WFmAgcfkQE+GD45bW/rvHDnMgVoVe3HOzEmbGmVejL9pc+Ao6bwyPzzA2bhbg2MgRfx4UHDNDumGl0RnIYDhVA8y9FkqWV4+ZnZ6pnz1AFAUKfV+sqn1mPIGp6NR81F28N7eAti2PlGHEwKC96uFt8RWZOL1XdPY/k6v1Rp1+yL3pEoGmsBoFol42pVjncUw5NN59z1KWB4Lnv87XFwynbQJibbH5X181w7T7lj4oK8WCyBYpX5coZI7EeCId8+qILTbuA/Pl0FK2vUXdTaokKpyvzJb/LJ7Iq7AjDG9qNnAgBm8wM0tYy18CncKvl006+qBcEutVehNOGpfKwaE8CsAz52hr4BD+KBEkW9okzNvl9dDW/mJW3UTyfdjkOSiRoTPfWOLq1nRXHXnlp3IqVZzil3+Ps6KUNdPlcW9N1wEtcRnfslvCH3mmei70chE0Q9ti9/MWkwmI+10RqkRkY0PrzJry8BSnYgRh8CGsH/PvFFU5B8TMN10zr6zUFXsYTpQcp2O0m7lOypRfNrcXHV729tuci1nrfnwTKlu88yc8F1oYadkn1YAlzClQ1115vbfvWQKOqJriri74dz5DUhQThTMlrxfaSP5MtHcRwiOmjyq8UrAkWKrKnHEkoWo+yL20oszl3H/MscVX/enJozexsaNybIpzcV4CmP14JYFFcecipui93oMv9leVJnJdVZiQLMJ7LHOud0IKsmtPUlTHeyzmbQ4FfjmjvMrdZKmL+t4q55IXwjFDVFBzXnPX0QahFHZvq2DhU6mSFWVgLzoHaIPCvmPFktrzwTQF9iKI9lahkc+DF6dJdx2R6LtZQkkvRNUWdNnPG3dbI5s+WKQ1Ky/DF4BWoBp9ZpEJu4WpMH2+xFuOWM6/nJklocOZbNMwRMovLxiYPO+2lIReidEX+D/3smIOmyTojIkhIX81H0opKwP2olwz9vJOz2ARLYEG5nyU0Uj8NIlp2t3401aEwIdWFEz0AcfzxEj9JOE4bOwDl/hAhk3lE3DZvGfICmQtU18nKCnWHC/WYf+CiLyKz2v9K+q8rx//B7YNKqawiADCAC9sEwL/LGdXwljgB3zatpqQA9ngjmRCqwyDha7yO4brkqtYbvE8D9/phMLSetNS1B0cOk1hRSROYsbfha+m0Wyk5NekX0V9SJASRqVrre79DYzoGo/WhNKECJpqLdfxZzBeQXRHHW70p4eCKrXfeOZvwLUgF+BnnJ5W4yqwkXTBK/id+P/8QAmXh9P39qFeie6VXpJJFG/uiUj0rh7ZYt+4CVm7slHdy4311HRpEHanlhOiocjMRzi9PZEJjE+WSMeliTxQQnwB3R31JQtmMVgPQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2022-05-21 09:55:19,547 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:55:19,547 - INFO [Shibboleth-Audit.SSO:?] - 20220521T095519Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_bt1ifx7x6lqqmn9irvc6s6bxepvynvinqrbs|https://iam-pub.eu-ch2.sc.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_b4ef0bfd51e7c26d54e12fc108bf62cc|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxDoIevRuPk0kIrF6UqiCOnMIjtuafHgmZH7Q+7MqoPklmDAcjKCJkiqY8YzJetFLNF4G21Go1+yl+mPwA7TYCAvQ4B9uo8ksVY5hUO6bTnRVAbE/eYRhnq75vNZ8tfCUEGTtNd20aXhF1pkbiNME=|_90514264a3f7222359637599e0549bfb|
2022-05-21 09:55:21,272 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2022-05-21 09:55:21,273 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2022-05-21 09:55:21,273 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam-pub.eu-ch2.sc.otc.t-systems.com, acsURL=null, relayState=null, time=2022-05-21T09:55:21.273Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_7342c2b2-f013-4dc4-b866-11a79ec0cacf"
    IssueInstant="2022-05-21T09:55:21.273Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2022-05-21 09:55:21,273 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2022-05-21 09:55:21,273 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:55:21,274 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:55:21,274 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:55:21,274 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:55:21,274 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:55:21,274 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:55:21,274 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:55:21,274 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2022-05-21 09:55:21,275 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:55:21,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:55:21,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2022-05-21 09:55:21,275 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7342c2b2-f013-4dc4-b866-11a79ec0cacf', issue instant '2022-05-21T09:55:21.273Z', entityID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:21,276 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' does not require AuthnRequests to be signed
2022-05-21 09:55:21,276 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2022-05-21 09:55:21,276 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2022-05-21 09:55:21,276 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2022-05-21 09:55:21,276 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2022-05-21 09:55:21,276 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2022-05-21 09:55:21,277 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2022-05-21 09:55:21,277 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2022-05-21 09:55:21,277 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:55:21,278 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2022-05-21 09:55:21,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2022-05-21 09:55:21,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2022-05-21 09:55:21,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2022-05-21 09:55:21,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2022-05-21 09:55:21,278 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam-pub.eu-ch2.sc.otc.t-systems.com
2022-05-21 09:55:21,278 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2022-05-21 09:55:21,278 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:55:21,278 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2022-05-21 09:55:21,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2022-05-21 09:55:21,279 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2022-05-21 09:55:21,279 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2022-05-21T09:55:21.279Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2022-05-21 09:55:21,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2022-05-21 09:55:21,280 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2022-05-21 09:55:21,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:21,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:55:21,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:55:21,839 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2022-05-21 09:55:21,839 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2022-05-21 09:55:21,839 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2022-05-21 09:55:21,839 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@145649496::identifier=rick, context=org.apache.velocity.VelocityContext@1c549c18]
2022-05-21 09:55:21,840 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@145649496::identifier=rick, context=org.apache.velocity.VelocityContext@1c549c18]
2022-05-21 09:55:21,842 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2022-05-21 09:55:21,842 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2022-05-21 09:55:21,842 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2022-05-21 09:55:21,842 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2022-05-21 09:55:21,842 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2022-05-21 09:55:21,842 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2022-05-21 09:55:21,842 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2022-05-21 09:55:21,842 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f17a352a5efb430d5a5a89886b9934ace4773d67fc516e408509a35df7d745ad for principal rick
2022-05-21 09:55:21,843 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2022-05-21 09:55:21,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2022-05-21 09:55:21,845 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:55:21,845 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2022-05-21 09:55:21,845 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@29b1563a'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2022-05-21 09:55:21,846 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T095521Z|https://iam-pub.eu-ch2.sc.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2022-05-21 09:55:21,846 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2022-05-21 09:55:22,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:22,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2022-05-21 09:55:22,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2022-05-21 09:55:22,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2022-05-21 09:55:22,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2022-05-21 09:55:22,032 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2022-05-21 09:55:22,222 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20220521T095522Z|https://iam-pub.eu-ch2.sc.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1684662922222}'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com]' as '["rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com"]'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@29b1563a'
2022-05-21 09:55:22,222 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:55:22,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2022-05-21 09:55:22,229 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2022-05-21 09:55:22,229 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2022-05-21 09:55:22,229 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2022-05-21 09:55:22,231 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _42c9d942a92369a201b61555e2a69651
2022-05-21 09:55:22,231 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _42c9d942a92369a201b61555e2a69651 to Response _a80ad690ee2a8fc431bce917616f8373
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _42c9d942a92369a201b61555e2a69651
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2022-05-21 09:55:22,231 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2022-05-21 09:55:22,233 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2022-05-21 09:55:22,233 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxqAFwheH1OBdRfQsyvNoK9RCoQks3rYA4q6HGt0U75HSsGRx7gCCZnMzyMGzt+r9XrbnBDQR4yCBL0zdKAjH0FTC5pkDOVNyM/5h/2IKrvpnVGd7vUuaHMBM43Hk0TR6V/oEF8qQIQk7Gcj4JtwE= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _42c9d942a92369a201b61555e2a69651
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _42c9d942a92369a201b61555e2a69651 did not already contain Conditions, one was added
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2022-05-21T10:00:22.223Z, to Assertion _42c9d942a92369a201b61555e2a69651
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _42c9d942a92369a201b61555e2a69651 already contained Conditions, nothing was done
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _42c9d942a92369a201b61555e2a69651 already contained Conditions, nothing was done
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam-pub.eu-ch2.sc.otc.t-systems.com as an Audience of the AudienceRestriction
2022-05-21 09:55:22,233 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _42c9d942a92369a201b61555e2a69651
2022-05-21 09:55:22,234 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam-pub.eu-ch2.sc.otc.t-systems.com to existing session f17a352a5efb430d5a5a89886b9934ace4773d67fc516e408509a35df7d745ad
2022-05-21 09:55:22,234 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam-pub.eu-ch2.sc.otc.t-systems.com in session f17a352a5efb430d5a5a89886b9934ace4773d67fc516e408509a35df7d745ad
2022-05-21 09:55:22,234 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2022-05-21 09:55:22,234 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam-pub.eu-ch2.sc.otc.t-systems.com and key AAdzZWNyZXQxqAFwheH1OBdRfQsyvNoK9RCoQks3rYA4q6HGt0U75HSsGRx7gCCZnMzyMGzt+r9XrbnBDQR4yCBL0zdKAjH0FTC5pkDOVNyM/5h/2IKrvpnVGd7vUuaHMBM43Hk0TR6V/oEF8qQIQk7Gcj4JtwE=
2022-05-21 09:55:22,235 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2022-05-21 09:55:22,235 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2022-05-21 09:55:22,235 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_42c9d942a92369a201b61555e2a69651"
2022-05-21 09:55:22,235 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _42c9d942a92369a201b61555e2a69651 and Element was [saml2:Assertion: null]
2022-05-21 09:55:22,235 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_42c9d942a92369a201b61555e2a69651"
2022-05-21 09:55:22,235 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _42c9d942a92369a201b61555e2a69651 and Element was [saml2:Assertion: null]
2022-05-21 09:55:22,237 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a80ad690ee2a8fc431bce917616f8373"
    IssueInstant="2022-05-21T09:55:22.223Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_42c9d942a92369a201b61555e2a69651"
        IssueInstant="2022-05-21T09:55:22.223Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_42c9d942a92369a201b61555e2a69651">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ZWBqmPaZrzehS6c+iUKPMBJVyfcxZ8FLzYkNTLkxzgM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>eMZ/FwpCRoWd73P0SKA6It/hD2PCBcgLH1IzV8yXGtYDT93w2vhFNu5CgiHLYkHFP3RCcmJhKoXOuyOJOvvuQnatkCRH0GEoNKGWg82CnMxnT0Geo1K4jXkx0gcQz/arEvUX68ocBXUsil2ddshuEEMrNF7BNRzWGlX1Qj1MfPJp8Z0WMkc+c8mGB+rs8Th9vsnh5Eqcwno3JTbvi/lC+tttqKxrqYfRboHZS/Gguo/dBClZr9m+aJwQ76HhpH5fjWozpNM1CyYd7UZA4Ms5vItxbu+9l06RaWdQbdB93ENqzVfcY1UfQzQ8u5UQ1m2JVPmeJ5K6ZGNgsk/4UoHDBg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxqAFwheH1OBdRfQsyvNoK9RCoQks3rYA4q6HGt0U75HSsGRx7gCCZnMzyMGzt+r9XrbnBDQR4yCBL0zdKAjH0FTC5pkDOVNyM/5h/2IKrvpnVGd7vUuaHMBM43Hk0TR6V/oEF8qQIQk7Gcj4JtwE=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2022-05-21T10:00:22.233Z" Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2022-05-21T09:55:22.223Z" NotOnOrAfter="2022-05-21T10:00:22.223Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2022-05-21T09:55:21.842Z" SessionIndex="_31f5ca2c0aac1cfc3e49a5b87e3a0548">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2022-05-21 09:55:22,239 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:55:22,239 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2022-05-21 09:55:22,239 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a80ad690ee2a8fc431bce917616f8373"
2022-05-21 09:55:22,239 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a80ad690ee2a8fc431bce917616f8373 and Element was [saml2p:Response: null]
2022-05-21 09:55:22,239 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a80ad690ee2a8fc431bce917616f8373"
2022-05-21 09:55:22,239 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a80ad690ee2a8fc431bce917616f8373 and Element was [saml2p:Response: null]
2022-05-21 09:55:22,241 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2022-05-21 09:55:22,241 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam-pub.eu-ch2.sc.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2022-05-21 09:55:22,241 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2022-05-21 09:55:22,243 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_a80ad690ee2a8fc431bce917616f8373"
    IssueInstant="2022-05-21T09:55:22.223Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a80ad690ee2a8fc431bce917616f8373">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>Qx9Fh208poeQoxddzJU2oMtLQ+vQNtragO+rPFijS+A=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>G5O9VsmQEnXrSZ1o+uFjF+5EpgxVZvFRuUQADxcVZu4Pcc8GEx2rf/Ieygbmyxk0juvld9hObX1si2xiDrMx1BvRd7rDm5oVL2QEr0ezN3iRSPBIO/w5PXVLI8zHagVDURfa23xAxthMNJzaY3BKzXTJKc0Hm1Q/lSKVA0tFLy7pbuEQCHuQetGVIciBIlRFXLfN+u4cPVI5kkklLDzveQygeuA6eUrkrLLmeS9Dz8r8OlfYaC29XMqFtXhjvNUYSDr3nV1w+lJLf/iiw+P7XrvkzdaMjhTfBgqq3iU894p6rZZUzsVDse1wvz4jTeSBKjdrTNs9PuTaUqfhNPNAeg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_23a4df75cb9aac67af665adbaca6efc5"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_7ad4e614451a0fcacd0ccba8851eb99f"
                    Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>LuamdUdYZsbzmWi5SqQqXNjDSejTzJ/QqVsDy7fdZRIdjsJ969XihDucKUzoM2B0S6YLMLv6/V2EEkjjRF4fLgK4TFaopQV2PU0rJUvCy2pJ68pn9bhvnMV8LmIuiIDlq09x4BDLhT6AejjFZyIINQUq6f3o7EveGoDpj557+0oyPUIEWaqY04oCiBUFFyQw0w058RZRNQAULeGV4ggQIELyk+gjsZuvkpDFtFKdvMBAvy4s+U8je4lal/zkmGM0m+gdVT9MK64tJ+XxZYis6wXxz+zDmupfTBPHSmJebjHJEuXX8e5wG7DiMFKgc66mvbcJSQS0bZfM8CdwBrBaIA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>b7pMP6gmFmcMcPBB8V2oTOGr3DaHYTwUbUZB/MpRVOa/pSqyw+qaeKPa5bopmVUUxIaE7COYa2UZb/hfWZ1D5ZpHoPfSf82KFXCg49Gy8WL+3cHi7sO8inNSjpTTjAY9cQzsK0mQ/eMFTE5uCVo9+rwbUzTIfo0wHZWNBLyGLBU6e3C6gthXWVJOXS48zU33wlS5027Ha8yr8gfdvNlD3UhlfFUe2M8bdrNwKTuo28ecyddkHG3120jyPEBjNBMCiqRLuV7QT/oHTlOwHKMOFRAPP5oD0P65H19/Le159WMZFxGjIIsKM8u1hGJX1rr+4YrhsTvigBKnp6o0wtQzKkM3zNB+gsaWPGTNNkIaxVTX1dG+265dzatjwQTDbk8/E+A7veqoLtzMzlCXX0GAvOQQFV2Hck8uJuiF8unpQinndEClQDT3lSiwPJXmzP3c2F/VsFGbp4g5YfnWsFPQ5tiwID3njc8VZHqQi/0uGLhKlNv+6CSd4ki5DMbs00RoRXG1BPjCZMi437lpsvWJ+CvaSp06eyrKrwxH5EOtj6/bGyCjhkh3IernA8ShVT6ycE+B5n6X1V1oKG+FKSqNlOsWGADukMyk14EEtLWxHLq44IWRkx+qCiEPEHFSZpT3psgfoRH0mwkIcgNNrwegQxBOT1VW6nB8CGb+x7k9Fjbt9eiWoIsJI7p249sqwV50nddgO/8ylVrQODZ3kPKHOHwcWv8gM70sRXtqY+epxPY+8GhYnXbRq6ouSBiUTF/qJlCzB4DTzG0jtHqlENPLAfc8ErTikrNQu+vdQ/fdjnFG5Rclv5tBkqPLJ6OasFXtTEEnh1TVJqG0vD+90M4LXDd5CNHeLEb4KYJUzA6um3i4khDIRexeaLGzD8tSEIe/9ZamENcehyxeVxBncIZy6Kw3Pz5cx3jqLbkcWA7uLxtGinyGsILYrueue7P3DP2YyfbNWxf+fqVP7AeBM9x+WzMg1TqwjmNYh0kB+63+NVshuy7YqPTVnHZIG1GLJ4DUhREEuD6wMczJrgK8naADjCs+Dzd5fivRORfrpbtidbDefDzWKqs2DqRpU536DAhtu/CsURMZWj7wXz0JuD3ut1TsjYUPRbl0Fuu/m4FR7vBRJII0Yk87md644dsSDzm44B+K1OC2sUg5I0hWz/SuZ7MFuSr6snz2B6DnYeahFwxXYYDStQkus5zpCAje09AvHGQSXS2EDApxAzJ9SVGSCbwFq++gZRiZOAtMN8j0BPogHrFLGqkH6pUPzmkVwPLPzlYeOS6ggGiXFGKa5Xu2yRzkbfYw2LkJnULBw9N1N+5LdGW3pEMIjbOjwYNWxnu/cY1ue0EgUS+ZaBE82SfRKnI3mW7u/VQIP2BRym8G7jW5I058TbgJTMxDOu0uTRyzh5wTUsy5eibvgS2nup4okPcKPVmXmMS/Sw1bCzPaX9HmzPeouXbjpnGG1E1BeKcmO6SRXcF19vSW/rb4QKu+R/UHPbOG+xCarmNHuPuw7zc0KG+FF3c3j5zwzls3ObuxLeF6p6NwzG4vKAoAjBBrDV9yjwk9ZCG5XPP7QBAvJVUS/kG4Wh2/IkmFiZJW3OWYxbrfSQ9cZyzSasxmjTWE1JOxqtiistn5q1YhgOrd3F3CGuTTFRig9rHuGkxf0XYLekjX2TB44NIIkvjm2NklK3YTbL4DjhZ+f4NMafYYnychGF69IyCLfnK3a1PtJc89sL9jpwvxaBX90mMOMjoQ5ddXPIY+M4c+H3Cd43VsSBmvZ326iS9rDn7cDuOgAZz9SY4jfE2Hixf0Dvx3G6ewWkVMdvE8uSl4pEtMXR42YELzsD1hmypbGymFO4iit2FxLtj+DPTTe9EwBz4O0sxXuEA7TZNAGUq9Jj1WXeA6hZzv3hef05Dr5M+DmB9+dp7mk2YHqpfDxFy+xJs+YO0narvCR/qSrr4ikzBdLJyh9NEEUewKe+wDWu2HqHyNQh46MfZGMeSmmckinnE6sjcdGPZ6sS9GmyypsYNIVn87zeythGfYZiHHU6svrxvkmPe5R3RfZkKmRC/QZiBvkcNqFc5KM0ttE+tYLHkz/+5qyKUcs5U6KNsHrkue8NEAS+FrT1i4HE6TdBB6RsPqbn7LRTJLEOA09QglGd70Hd08kXDP7+Z+NSZV0tLBLQGj8U9eeClqOV/gcEqu0CaRQbAbcfHyopkK1r82db5s4p4fnhSSe658eY9K86/ZcqIK2P6ZlPFziq9aNmET+XGQhRLUmBotSuN4BUXk7ZUdOiG6jdaJxNN5nwBZ6Vwmzz+jjVF2k5zb/nM8UlRKg4np5EGXXxZmi0e0UhCFBZHFqsuwXG8oslrAhyLWAzs70SKZYcqw7lhy8QNslbJ/kenmW05I2hiBBNQbg31Y1nrVpLlWQvhjbdOz7RQo7qz15RkZZy/fcooy6QzMxsxWZA8Hw0stD2n/LLSB1CFrvTFWJSGnF+mfKOhAsQk/VMFzOtcCkxIu6FmHXikjebJN3WpglW4Hz9GJI3nUgz6qWQfBfL5H0mWmhOfZSuP8XpPqJDDG2BAaHyYCjHnZgCTiPRFHKck9rRKLLLwzAOaJGiOlJdgjr443hSs54X6wlFV8X8b7pWkOvOsHP6udvowF2oB4qpxlIfSm1ac4oYFXOBS7qgfvo2gxfGLX033lPNu7X3zK3MjQBoMDSfaGQY5mQEdsoWmgw+/lmxgdeEOWF2EFxWlKkWySs7Qg6pDwzzl1aSsRzBMLsCceJNCwdlz+/5/3OgDvXhuup8TExGPl+9YEfu7U8a8MuwynjMrinUueId6aS4NIQC6S9KN4No8w+cB1o7YjhekXVMTuYCFFMCd6JmBA39TiWIJssIIRgNip9J7pFTsH8JRxiJ4DTpvMLCctVE8VrietvWvGaY4J7oQBzPnZYaDDRcscbwJelkDJcD0L97FileAIobYw/VrS1FuqpiON00afysNWZFyxhOPIIuWXYf3Stxh2PiUYpORPi98FQnXO0VYNwRdkL/jQYlO4/iBQhyJgbgzBX5viZQk1bhFIk4u7riPd2UJTxhki178MjC9O5J/2kiNquZ2kdIKtUQU3IJIppyUg8wlLDpBtTQMahIH9chghhZlLqCxMOjyqQVUiz1GzavikOftSwhV4tTWckwHLyeWI7Ng8yjG8DHgNDZ2BdQEI1P+TnI9zTAprVBj/wJRPL6Hb0pZfyjZLkEjlLVJcbUBIT25y66aZw72MqA/ixcGrrMJhYfNi+41EcMo1vQ6tzJUU0Xwmc26H5A4dYMzXvi2NJjlYnTLGaIzI327/cxqHMeG3oO851FuRXRa5h7qwOY1h3RCU0J80PWee2JP1jona6z7Nh8j5A0dmTv193edEP3E7GW8vAXuFHJEfFqeOYAyGKmAUcpnklLsxv84unrXtFY4YOSkfZRxH3U8bNnZSpxOjUWGRkpNCF2IH19y1h9LgZ+8bNqi3AmPvStcx8WFfrMk+I3KQ0yEwiwvdU8I5vzbi3kaTXK03SleOYhJdB0Ar7yJx5TNzVDr+0V1sCvGTcgstF3XCfFwUUPD0iF/Y6q2JsnNeUPPzwo6LPlo+w3Wf8fT3bzwkxOCE1IYCZo722iDXBN3Z81JffXPMsSkwiZ/6Ff7Aqgp5ErC0mKCak82K59ReI3Q5JkBsAu3kEVgfQfaqhqDhCv3QSlqs7nHRv/Y7erAFUvhDok/6d12+WEgzTZdAHsZCJuGIfdhWARe2ihymLniAZDw3+CQxfT/ldAFtG1EDILOETCDbjUuOIvRjuduZ0QmWNMdHIChGtsZdm2CV2yEGI+yflpppPip5HgBkc26Gq+2MM/LKXfh37x1/u8qIlZylcPiQE32UyAEETkrCqY8vtZ5mKTqp0h23eM8buQVXw3tHjJkQJ2Z3FZaopbM/zOX/DLgwyB6SakwoxrQDH6/Ix2vtrI4FNZMx0GOqgHsXqj9B17A9Kq/2Oz/3b7BXedSLTrdwOUQo6YRzjD7FV/Y3b4lCcm73oEEzW6KDxVitIEZslj+yEGf2ariuBF7kucRHuZ/z+iGM/bL4gUGTQikoY6UWHK6VAYDuaaYzSWuEB+jzqRrFpLTlyYHcmAZptN5GMyv90MWbSCsOJx/T0wiFKS+xlDzRdAQUS3LI+7UDajRV3+txZdIXCXA5Uf8RMhdLnp8H+LMgJsz75JLuK+2KD5AP5w26gsLbnD36tbg3BfY7V8cg02xRAkJYr5TIIN41s7RnTwMxSDOqJ+w9oC0Bvt4pLzLJ8E+V7EW5qemREyd/J9JWsuSgyw7YEY7b9OlT6x6dcQW21Z3CESVAfOTPtBZW73FxijzGHxWsbuWeE4yyHBluj7DuNSxrDjI+DtYwNZ4Vm6g1wgpU66dhacMBresRp/Z/24pK3DKrwxLv1coJgzvGX+p0XmvzyJKd4+oR96XQnhXq7zEjvbKG3jCjwDqIi0bnrTyUtUM5cCmoKAAP3OxZm2XdTPnozd5DQjT4xjFfMwKl5OZSAxNUItVMleYHD/OXiXcxYNTDgSpP1iwKbv14NqkGHVMxIgvMCEpIFgiFplwFzkVvuIYK8ttsJBr4YLV/DluOod5HiaDX7qjjnOF/H5vxJzROuvdiVUz2Lu7KnOX2M7fXe80kWZpEeLCChEe6Bi+r7hgIm8W+s8lZlW3YVBgppD/zM5Pp/EveId+Ock1t/4t6pFA0Gjg90vM+68hEO7MwjrDUiBt+0lPRXjDf6Es0BFfnWkTz45UYmrS6m1Ny26AMVZEe29ivtnC/SgNeNAAKDDJ9ZFtHVt/LEHF9XgHl9qMlO1NGTkJ2um4+4trHA5e1LO2KKxv3QxlxJ7Vw9DB5ukGcO1ZjrUBwrpGkA9mQOC8RLMZH1yOb90kKZAIdKyhevyA6YTDXdSdDlayF57nU52W9gXsuYPUM2SNr4O/Bq0Ltj5B7YaDUXCsFrHc7Jl4AoLywrUxUQmxSWLS4yUKUR50unjCz39+n7uAqR0OReqyYFUGbolqMZBf3tM8LwbaqM7Dkb/mUekt/x4lY8QC6NAJ7q5OegxjjMUxQMOeDP9DGRUa3YqIL1bULreLNqWq3XZY0M2zPCgNL6bkXN3vW/hhYb6ZV6DFfj4FYy/9K8Vf42N/hTvLqlaUDrZRLp9L+M7/BNNfjAxHaJdupF+qxoGbDDTDA0t/7wAd3Q1Fnu/9XLEFXzeC03khqt5Xh2AdliyIYNNGnoqBPh2DC7h3P1D+PGbIT03CPzTENsWdBi6+slmz+2AtIaoYMcpDHCfJmcnFJMDZOyT8g3PnxKPEjuDExjO5scHACyHvEzBuraly7rPLtmCtkOJpExVL4y2UJguIQPrEPSGXrlO59Bu0sAGVFBpIgPd2Z/gJUla4bnTdDXE5vDqcKtkMYUG2+yQGGj2pnFReXd8Rw00mNaM3RS+MC8LeZ3KYhnaXQ+AfeJyULoawHm0NdtpeilNV+CTjqQ1C4zC9BKcKdIilQSeX3m3A+0Qs6ScEE+W34iY3fBjn/qvcxUqO69edrd96koDKQRNteCKTdtSFrW8+x6e66LARpn7PpKaI4LhIj+MijiX3ahSKPxFosQzA1+l/hou2l7C/ykm6XzCNT6oN2jZZ+ea9N0BZQmn7/tf5GcAjTTXGjjO1C4uVbIPzYHgi8pACZdwaDYR+vzDq6doy6aWQPanLrSxiC2EKSRx8XENR9BrAlQtWzlXQj9BdfEDjogIfgJK9qynSJjCgpUTlJbMs6KmhA1o+LdbV5Cd4nKo+Lcm7SO8zGouOwKJKJWdNG/YvxkJYVhTkhD/AqL4vuWZACUqnKjBz0lwvnwmPoFBgBcH9ndrnOHCr7LAwDkOcRd7Qn3MlHw/9L7lPqm3wVE7TJoD8psN3yjUIEJH2qJGWS6d0rit2N0nQv3b59e/T6DFZl+joaSjfRXHSor4F7hEWaE0TZyQMRBQzNNDB3sgq5xSFpYYp0dLBmYGDfwwEqoqlbHJLV9Y20EMIndENJhZ5PM7wz3Wm/CwLciMLpN+GAGs5FaklfaH0sI1vRCKA61f3geieWiWgEOHnQ2NHolOPnalCGaVbtp+rtd9KL9i1zyGQ6rz5pRvrx8ehvMxMQPWdbQovNEkEgOaSd+GLXzPOtdN48cYPDPmW9V3kyl1EOc2YLqzdlmY8nqQC7gQpdvRWdyWYGoQHNsdfrF21HLxcc9yreqculWoPGfKMbpGpuDjho9tFZqp8KbFGnZ042D/iaRIJaXJsGlA/OfhWI+T+iawCntn4OYs8pHiKMHYk7pxAZ6lO3AC3eQS+dVN/w/cbQAWGUcXhE6Esb1YciHUlkiV7atzhpCbfMenzbPkEAC2YM0r7fcAlzwaWrd8zWKaSY69Qm7x+UzX2LIZFs+XMxW8+icPtgyz/ciMi2+gLN8rwXRjDQaNb+6II1ZPUG33unKC0kJfxrdA0jggbnV1cJFYsE6q5lA2RTXQC8/HqwMMqCQi2y9mymeMvA83WG2YoRT7TNzkACb3orRlpVdzV4xwqPn5NKutCXQuEi/OGKO6wBZ+sfihi7X9AyBThj31NAUGJJKITJ7M+MMb6DobA7qXqpJxJz10m3DYCeESsgb7InCXKPOkNYJvf+ABm83dpQQhFzgttKX4SCZV9eb4iD4IzcErAdZLvPotjp49TT4yuZ8LmRMIYBvNXQiYTGJH4TC9ZN5aaai00NJDbqjV+7EY55T0QSprxRfm6cn/VrEShgNoV6UDvXg+MWpluyeqZcWfchtk/3FJRYIlrfcLfyIpaCGleEFUZAHAAzt2+MhKaUursRmX2B+eAz/7JHY0INuUsR8MGmggXCB+ozdfSneXby3eBq8M1tOBiZuxn9ZgjsseuiJtRPVCeyK4LT9U1llym5Yp8uFbnw8ZQ4Tl+VYasg0epLlSkcHZ+pMoDqlccRIhpxLpqIObtTerlUGhrEJ3pqBl4EivEtXSOJR8GpDIyDRNAZJo80OJdy/1Cyen7BVGCnIyfEYibhhlkZANhGJUGYo1OrrhVMiBgAxLBiIDhMeK6k8utO4sJNMvFGwRc0MPE44NoT24gRx8DE0Jc5NMTanM3PXHXbDSYTpXaTBusB/g7FRBLeJD92wJIgyXbIlHCu2HfMQTQ10aMkYQfMkFxTxGyVXPtPmLil5bU6ozpMlrjUuYfB6azCAajnjxMuoncOqkBo2nex5m9KqgpV9GaOD7D7WJzyjKvZhVORhdBz5yC0tYB9S57NcTWAJrkHyDqbqAQ112jjinR9Ms3mZwOloZ2dmtWIN8XS6IBo0P2z6wdZtNisHF3OjqnndgSaUiyyU/FflJAxxxv/nMfd2AiBVRfUBqLILqkFv54pkYUvHT5LT1zUEOl1Uj1wxsYRsV7PW2zkk+9XVwOa6b9K9a470ynkVFGqvxhv5oNg3+JaV2ki0jATwkhjd67loPdlYqfE/ZrFxMgF61HVySlN2dSlq271OqbPlcvqSTUs/vPgr5BweHsUbCFk2peLgw66i/8iYIW5777/zhHTMDrocA7JSRfUn0eRr4jtFUOVlcW9U5Z+tGGitNaGqYqNg9cwajMK6+B3q443L/GJO/CdTcV85nfJFzzR/PlWcku6Y17HHsqWsWGzkL0chnf3Qlgu58mkaf2XOV6H2TCgJ2Z0TGMtfNj+wK7a4/rIHl/fNYegaHFXW0sPzWbPhQN0MLRLV5tMJ8uBo/StGd5STtlI06bsQv+fVkZNQVPpkm16ligrK+qkTRcjTBkaAJ3loZW4jDApPil874vDW9/Z+aqzzqIcY0rPNp2HhpejFiFI/Ju8bONDDAyqKSKO4bZkhVrjHFGCzQwmmMBWkEhCBIJQcB4h3QLUKrT+Skba/1rkCqhw1luBpqwhhCvNZpfUjTcMb7i6FjPEkl0Zfp6M32vML27JccZoD4E1ZWKC31uIKJla9VLFftdr3qyqkIyj7mbRw55UOp8bnsuzQVBxW6fXUSM0VmAxHqoJXTE9CAkgryOGKwvS8Doze68rFZght9WMA5KdeYtIcR/n063oxzCfjCs0N+o5wamNR+h6O4pngCWAwL/ddkaq4FDTdq0fF4xMlDcgnHh4sMlQKzT7/MCpl5+4vCZ0hGkKwkP1qAnLWWPwucBL6uIBxfs5rndkWLVGgJDFoX9xBxQLmkMdiI8cJZ6asK9yRNu4q5F30HM3J4CpBCNo7soAPMsRu8SHFbvwOv26ldQCTsBQzptUt5ggLz17pqbsLVrn2Az9jDxTDnZgRrfUf47j0Sthi7gNRy50QcMS5BYE19HsqYaBvKncYssK/0LTcy4CjjAIr3XTG9+/jb2Q0V0c5GLG</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2022-05-21 09:55:22,243 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2022-05-21 09:55:22,243 - INFO [Shibboleth-Audit.SSO:?] - 20220521T095522Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_7342c2b2-f013-4dc4-b866-11a79ec0cacf|https://iam-pub.eu-ch2.sc.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a80ad690ee2a8fc431bce917616f8373|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxqAFwheH1OBdRfQsyvNoK9RCoQks3rYA4q6HGt0U75HSsGRx7gCCZnMzyMGzt+r9XrbnBDQR4yCBL0zdKAjH0FTC5pkDOVNyM/5h/2IKrvpnVGd7vUuaHMBM43Hk0TR6V/oEF8qQIQk7Gcj4JtwE=|_42c9d942a92369a201b61555e2a69651|
2022-05-21 09:58:56,794 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-139076-vFHuqbWfhPftKPzvQYlqa88JA38ycxPX
2022-05-21 09:58:56,794 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2022-05-21 09:58:56,795 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2022-05-21 09:58:56,795 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_1db7832d5c5e4e5893a0565b4b9953acbffaf6b"
    IsPassive="false" IssueInstant="2022-05-21T09:58:54.982Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_1db7832d5c5e4e5893a0565b4b9953acbffaf6b">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>fMznT0+xShjhTnAar10TtNXHvxAdcUZ79MZ7CoLu5Ds=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
rXpFUDbucDiPN8yDvdykRd5O7YWVnqt20yCV08lyTpH5reL/vFcYaZdPHjulCq1LW1eosSFOhNng
kG+d1a87+2CARQMsf6/uVl+ikvAbdYk2X52qyJH/MiYarYcqUk5Xb21v6jHol2N2yXsDApU6NHOH
O/G941/6K2vtn+upsVX2ZJ5WkGUu6pTa5e5nhEgzDdVw1PH7lpc4V6g/stJAAPIzAo+xz2U2SUkf
2oPsL7M1Lxuqeyt3oI49XNVgajH80ex5TVDGWfFZjcpTn32BhixnHRc6qneDS7/DiGCIDf1PhTEg
H9F8oPfWSWHL0DgHyVny9re/UMqnCChtXdwbhQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG0DCCBLigAwIBAgIQJT05eT9C8MMLxPWjiR+NjzANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjIwMzEwMjMwMDAwWhcNMjMwMzEwMjI1OTU5WjCBoTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEcMBoGA1UECwwTMDAwMiA0
Mjk4OTQ5NjcwMDA0MjEwMC4GA1UEAwwnVFJBVkVMRE9PIC0gU0FNTCBTSUdOSU5HIEFORCBFTkNS
WVBUSU9OMRMwEQYDVQQFEwpDMjI5ODgyNDQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsTQ4f7v+iIqvjQLCZQyJCiWK72jzbm1lNNsOGLMdNO736yJo0iUXEygaqJ4awu+Nf2Ase62f
o1hROHtOnixvceJN2rd9BMKm/j3BgeU+vlW3quq8AFkm9ikL7R4hBZopqT5deXA17EZ0tpQv6I2z
WbuoBYunvJomVoFZYRwDWFlHoQRBJma0LL8WTrPP7t4gvZMqYSpEqyeeyX2cv6FS4uCOXITFzWAA
Rp5rdIkL1YzU+Tr2thgVf/BvRYsVqaCj+94YmoJAR1/pMOLIKhfoWNxOKuTu0Rpu1LpKr72FYsZv
osn4NHBDoVJncq/crrxpaYF1FqorTjHw+054l0YxJwIDAQABo4ICJTCCAiEwgeQGCCsGAQUFBwEB
BIHXMIHUMDgGCCsGAQUFBzAChixodHRwOi8vYXV0b3JpdGUuZGhpbXlvdGlzLmNvbS9zZXJ2aWNl
c2NhLmRlcjA2BggrBgEFBQcwAoYqaHR0cDovL2F1dG9yaXRlLmNlcnRpZ25hLmZyL3NlcnZpY2Vz
Y2EuZGVyMDAGCCsGAQUFBzABhiRodHRwOi8vc2VydmljZXNjYS5vY3NwLmRoaW15b3Rpcy5jb20w
LgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGlnbmEuZnIwHwYDVR0jBBgw
FoAUrOyGj0s3HLh/FxsZ0K7oTuM0XBIwCQYDVR0TBAIwADBhBgNVHSAEWjBYMAgGBmeBDAECAjBM
BgsqgXoBgTECBQECATA9MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5jZXJ0aWduYS5jb20vYXV0
b3JpdGUtY2VydGlmaWNhdGlvbjBlBgNVHR8EXjBcMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25h
LmZyL3NlcnZpY2VzY2EuY3JsMC2gK6AphidodHRwOi8vY3JsLmRoaW15b3Rpcy5jb20vc2Vydmlj
ZXNjYS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdDgQWBBQq
6jjjeMXwQMpNNecEbqrEsJ9eTjANBgkqhkiG9w0BAQsFAAOCAgEArkOzqH9sUsz/QCwLRUKXqsYS
YjB9o9GmKorBERtR7WJQIxk1jZxDM9dR8LTOA6tKOQ2LKzaRl0RugagliM75Dkt4AdWFQFzZ14c4
o+JXsvCNmRtncFxY5KAJqpeIgOHigpnOb2qdS5c0U2tMa48SYl5DgTqs5nlyLTqPIsF7Am80lsTn
iNdbvyPjmyrqsaUtIJ7WpBhyt+k5TEr4b4XWOo0jYwJEutvrYXTNihmWMfobEiC11+qziyWmBrrv
dJyg1H/XGJKFZ0atOOFUCfvoqFZrc3cD9uiCkLX3ljeehKkWyvNbBoj8ETmRPjg2vXIbPS+jR82g
fhLtUJbE/zVWQCoVtKowZqlY6mMcAXkqhdHTG9jfIixHxMMqMr2s+Fc8ywXlZzmAI1ejP9/LX9bV
2b17e4QxQMKMH9f2sVRvo16n0KtKGH5Zy3j+Dwkt3iIsN1F8Lo7vymqtqSUZ3EyYKNY/GvvmrIc/
snB/mGw4vqxYIXlIwwpm80/NRBeR88OFR3PYlUYKxrf9HKVRP8HqHG9buYSQdDdVe7k56Af77pCl
88LDCL49/8hb/XzndJjqvSLbKsU6UWV6q2e/kkQ+UcF8bBUMfHWLLK8xALkzrg1EATC7dviFBnS1
JXLmWJjKwHfWUkBPJnZbMCiKfgyNK5vTXpzzOszUdOFBLRTbtco=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2022-05-21 09:58:56,802 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2022-05-21 09:58:56,802 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:58:56,802 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:58:56,802 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:58:56,802 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:58:56,802 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2022-05-21 09:58:56,802 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2022-05-21 09:58:56,802 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2022-05-21 09:58:56,802 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:58:56,803 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2022-05-21 09:58:56,803 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2022-05-21 09:58:56,803 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:58:56,803 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2022-05-21 09:58:56,803 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1db7832d5c5e4e5893a0565b4b9953acbffaf6b', issue instant '2022-05-21T09:58:54.982Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:58:56,804 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1db7832d5c5e4e5893a0565b4b9953acbffaf6b"
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1db7832d5c5e4e5893a0565b4b9953acbffaf6b and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1db7832d5c5e4e5893a0565b4b9953acbffaf6b"
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1db7832d5c5e4e5893a0565b4b9953acbffaf6b and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1db7832d5c5e4e5893a0565b4b9953acbffaf6b"
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:58:56,804 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:58:56,805 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 28006387942418969225649916333139519355638096712380574766811124292301661924791783373435519521645343314222150486630544111279201208456534326021789549853743685148618935308478902334906724628767813199207089277413212107100136253421395783986273751615833433303294145160454079582517841805266304683646247889208889889285649761903626503112587855797858159314696858314376793384619325800929104640111043457518521477309769823877476635541777671075359495929393833402001839094854271118678662367631745138729125305417820632241324967181751700731063078265668737087296240734489903773792043477803426999131829187384000744293796058798748147374959
  public exponent: 65537
2022-05-21 09:58:56,805 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2022-05-21 09:58:56,805 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:58:56,805 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:58:56,805 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2022-05-21 09:58:56,805 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2022-05-21 09:58:56,805 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2022-05-21 09:58:56,805 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2022-05-21 09:58:56,805 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2022-05-21 09:58:56,805 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2022-05-21 09:58:56,805 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1db7832d5c5e4e5893a0565b4b9953acbffaf6b"
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1db7832d5c5e4e5893a0565b4b9953acbffaf6b and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1db7832d5c5e4e5893a0565b4b9953acbffaf6b"
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1db7832d5c5e4e5893a0565b4b9953acbffaf6b and Element was [saml2p:AuthnRequest: null]
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1db7832d5c5e4e5893a0565b4b9953acbffaf6b"
2022-05-21 09:58:56,806 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2022-05-21 09:58:56,806 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323239383832343432,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700042,O=TRAVELDOO,L=LEVALLOIS PERRET,C=FR']
2022-05-21 09:58:56,806 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2022-05-21 09:58:56,807 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2022-05-21 09:58:56,807 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally