2019-09-19 02:01:09,912 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://connect.openathens.net/oidc/auth?response_type=id_token&client_id=brill.com.oidc-app-v1.a4330ca8-9c08-442a-a5f2-d8e9f5080326&response_mode=form_post&redirect_uri=https%3A%2F%2Ftest.brill.com%2Foidc%2Fcallback%2Fopenathens%3Fclient_name%3DOpenAthensOidcClient&scope=openid%20profile%20email&state=0ktyaHTHbuTf3PCQR8GszpCBjxyoNyGXdYXtqvgltkA&nonce=NDPHGeWCfH9V2x-gHD5d5FQhgOYdDWGSJRvVmJ6IRIs
2019-09-19 02:01:09,912 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:01:09,912 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:01:09,912 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="c8a57d74220c4f51ad2ecf04d794a7ea"
    IssueInstant="2019-09-19T02:01:09.497Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.brill.com/oa/entity</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:01:09,919 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test.brill.com/oa/entity' from origin source
2019-09-19 02:01:09,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:01:09,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:01:09,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:01:09,919 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:01:09,919 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:01:09,919 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:01:09,919 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:01:09,919 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test.brill.com/oa/entity
2019-09-19 02:01:09,920 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'c8a57d74220c4f51ad2ecf04d794a7ea', issue instant '2019-09-19T02:01:09.497Z', entityID 'https://test.brill.com/oa/entity'
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test.brill.com/oa/entity' does not require AuthnRequests to be signed
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:01:09,920 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:01:09,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:01:09,921 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:01:09,921 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:01:09,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:01:09,921 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:01:09,922 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:01:09,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:01:09,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:01:09,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:01:09,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:01:09,922 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test.brill.com/oa/entity
2019-09-19 02:01:09,922 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:01:09,922 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-09-19 02:01:09,922 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-09-19 02:01:09,922 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:01:09,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:01:09,927 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:01:09.927Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:01:09,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:01:09,927 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:01:09,927 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 41dc153bfb74ea0e561246bc1304b07b90f540140a2728e29e11ff1b83b0b2af
2019-09-19 02:01:09,927 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 41dc153bfb74ea0e561246bc1304b07b90f540140a2728e29e11ff1b83b0b2af
2019-09-19 02:01:09,927 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:01:09,928 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:01:09,928 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:01:09,928 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:01:09,928 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:01:09,928 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:01:09,928 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:01:09,928 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:01:10,016 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'Brill OA Cloud'
2019-09-19 02:01:10,016 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:01:13,038 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-09-19 02:01:13,039 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-09-19 02:01:13,039 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1290854330::identifier=rick, context=org.apache.velocity.VelocityContext@494ab88e]
2019-09-19 02:01:13,040 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1290854330::identifier=rick, context=org.apache.velocity.VelocityContext@494ab88e]
2019-09-19 02:01:13,041 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 13cdf9113f6c25da17b926821fb4c6d50a8cef94b8291da0c386b98e60630c7d for principal rick
2019-09-19 02:01:13,041 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 13cdf9113f6c25da17b926821fb4c6d50a8cef94b8291da0c386b98e60630c7d
2019-09-19 02:01:13,042 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:01:13,043 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@297b938d'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://test.brill.com/oa/entity'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@44131988' with context 'intercept/attribute-release' and key 'rick:https://test.brill.com/oa/entity'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://test.brill.com/oa/entity' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1598454543543' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@297b938d'
2019-09-19 02:01:13,044 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:01:13,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:01:13,045 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:01:13,046 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:01:13,046 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d3619003d3cc69385fc696634992e446
2019-09-19 02:01:13,046 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d3619003d3cc69385fc696634992e446 to Response _c330b6da9cf610942e8b0cafa8fa5874
2019-09-19 02:01:13,046 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d3619003d3cc69385fc696634992e446
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:01:13,047 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:01:13,048 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:01:13,048 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx8awLEeOiuKlQxg69Lt3vq0KxMgDs8Pr0wYUCZSd7gDiDpG7tmfW5Wh4icBIDI8nu3jnQA5ZqttI7EvkOhECW+2Wl6qGvErdfIyMdKNShmJnCdudARY7KVyIpJ/QdJ+ecQBKw with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to c8a57d74220c4f51ad2ecf04d794a7ea
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:01:13,048 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d3619003d3cc69385fc696634992e446
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d3619003d3cc69385fc696634992e446 did not already contain Conditions, one was added
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:06:13.044Z, to Assertion _d3619003d3cc69385fc696634992e446
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d3619003d3cc69385fc696634992e446 already contained Conditions, nothing was done
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d3619003d3cc69385fc696634992e446 already contained Conditions, nothing was done
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://test.brill.com/oa/entity as an Audience of the AudienceRestriction
2019-09-19 02:01:13,049 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d3619003d3cc69385fc696634992e446
2019-09-19 02:01:13,050 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://test.brill.com/oa/entity to existing session 13cdf9113f6c25da17b926821fb4c6d50a8cef94b8291da0c386b98e60630c7d
2019-09-19 02:01:13,050 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://test.brill.com/oa/entity in session 13cdf9113f6c25da17b926821fb4c6d50a8cef94b8291da0c386b98e60630c7d
2019-09-19 02:01:13,050 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:01:13,050 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://test.brill.com/oa/entity and key AAdzZWNyZXQx8awLEeOiuKlQxg69Lt3vq0KxMgDs8Pr0wYUCZSd7gDiDpG7tmfW5Wh4icBIDI8nu3jnQA5ZqttI7EvkOhECW+2Wl6qGvErdfIyMdKNShmJnCdudARY7KVyIpJ/QdJ+ecQBKw
2019-09-19 02:01:13,051 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:01:13,051 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:01:13,051 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:01:13,052 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c330b6da9cf610942e8b0cafa8fa5874"
    InResponseTo="c8a57d74220c4f51ad2ecf04d794a7ea"
    IssueInstant="2019-09-19T02:01:13.044Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d3619003d3cc69385fc696634992e446"
        IssueInstant="2019-09-19T02:01:13.044Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://test.brill.com/oa/entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx8awLEeOiuKlQxg69Lt3vq0KxMgDs8Pr0wYUCZSd7gDiDpG7tmfW5Wh4icBIDI8nu3jnQA5ZqttI7EvkOhECW+2Wl6qGvErdfIyMdKNShmJnCdudARY7KVyIpJ/QdJ+ecQBKw</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="c8a57d74220c4f51ad2ecf04d794a7ea"
                    NotOnOrAfter="2019-09-19T02:06:13.048Z" Recipient="https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:01:13.044Z" NotOnOrAfter="2019-09-19T02:06:13.044Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://test.brill.com/oa/entity</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:01:13.041Z" SessionIndex="_7b8bca2693623f3a0e5f007a1eb6b32b">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:01:13,053 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post
2019-09-19 02:01:13,053 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post
2019-09-19 02:01:13,053 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c330b6da9cf610942e8b0cafa8fa5874"
2019-09-19 02:01:13,053 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c330b6da9cf610942e8b0cafa8fa5874 and Element was [saml2p:Response: null]
2019-09-19 02:01:13,053 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c330b6da9cf610942e8b0cafa8fa5874"
2019-09-19 02:01:13,053 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c330b6da9cf610942e8b0cafa8fa5874 and Element was [saml2p:Response: null]
2019-09-19 02:01:13,055 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:01:13,055 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post' with encoded value 'https&#x3a;&#x2f;&#x2f;connect.openathens.net&#x2f;brill.com&#x2f;7083544b-ce0e-4109-8e74-1b642b79edd0&#x2f;auth&#x2f;rcv&#x2f;saml2&#x2f;post'
2019-09-19 02:01:13,055 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:01:13,055 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: https://connect.openathens.net/oidc/auth?response_type=id_token&client_id=brill.com.oidc-app-v1.a4330ca8-9c08-442a-a5f2-d8e9f5080326&response_mode=form_post&redirect_uri=https%3A%2F%2Ftest.brill.com%2Foidc%2Fcallback%2Fopenathens%3Fclient_name%3DOpenAthensOidcClient&scope=openid%20profile%20email&state=0ktyaHTHbuTf3PCQR8GszpCBjxyoNyGXdYXtqvgltkA&nonce=NDPHGeWCfH9V2x-gHD5d5FQhgOYdDWGSJRvVmJ6IRIs
2019-09-19 02:01:13,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://connect.openathens.net/oidc/auth?response_type=id_token&client_id=brill.com.oidc-app-v1.a4330ca8-9c08-442a-a5f2-d8e9f5080326&response_mode=form_post&redirect_uri=https%3A%2F%2Ftest.brill.com%2Foidc%2Fcallback%2Fopenathens%3Fclient_name%3DOpenAthensOidcClient&scope=openid%20profile%20email&state=0ktyaHTHbuTf3PCQR8GszpCBjxyoNyGXdYXtqvgltkA&nonce=NDPHGeWCfH9V2x-gHD5d5FQhgOYdDWGSJRvVmJ6IRIs', encoded as 'https&#x3a;&#x2f;&#x2f;connect.openathens.net&#x2f;oidc&#x2f;auth&#x3f;response_type&#x3d;id_token&amp;client_id&#x3d;brill.com.oidc-app-v1.a4330ca8-9c08-442a-a5f2-d8e9f5080326&amp;response_mode&#x3d;form_post&amp;redirect_uri&#x3d;https&#x25;3A&#x25;2F&#x25;2Ftest.brill.com&#x25;2Foidc&#x25;2Fcallback&#x25;2Fopenathens&#x25;3Fclient_name&#x25;3DOpenAthensOidcClient&amp;scope&#x3d;openid&#x25;20profile&#x25;20email&amp;state&#x3d;0ktyaHTHbuTf3PCQR8GszpCBjxyoNyGXdYXtqvgltkA&amp;nonce&#x3d;NDPHGeWCfH9V2x-gHD5d5FQhgOYdDWGSJRvVmJ6IRIs'
2019-09-19 02:01:13,057 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://connect.openathens.net/brill.com/7083544b-ce0e-4109-8e74-1b642b79edd0/auth/rcv/saml2/post"
    ID="_c330b6da9cf610942e8b0cafa8fa5874"
    InResponseTo="c8a57d74220c4f51ad2ecf04d794a7ea"
    IssueInstant="2019-09-19T02:01:13.044Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c330b6da9cf610942e8b0cafa8fa5874">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>kFYVGDHVjmCEPPyrPQYZlgib6B8h+zKHG8B8GLvepW4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>iETj/ImZdmC5HIJvdoJZqecNI7TkshoiwtoCuso/vyRjntf2Hkd3D2JVXmeAaJq6u6OWN9HSFrMc2d/gpAg7tMw7MW7eqHmj6NocBHl8XJbTiVJC71+9BS6+Co2Ru+BcvJKpAczZUy9xq2u2ZqgU7jL7CGTdjR/EiHBQRvhk/1EaATMUiQ0BH4UQNUisd+QFB/8eZ9gpAtQw3B+gFBcGZ8YukpaZOasebR1C4ziGc1jmKiFoswU31qB6BYmhA8YKuxHZA3BrvXM2cMBc5DNptgMi+8MZnxvQgAtSV0n6ReRuJA9UvTTKop/YsBGbLAntX3WtzQSs0Ytql11eJY7R0A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_f5211fe98fe4c993293d5ef8aa2473f9"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ad37bd59ac45bc8cc9a6fadbdfc09b95"
                    Recipient="https://test.brill.com/oa/entity" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDVjCCAj6gAwIBAgIQcINUS84OQQmOdBtkK3nt0DANBgkqhkiG9w0BAQsFADBnMRIwEAYDVQQD
DAlicmlsbC5jb20xIjAgBgNVBAoMGUJyaWxsIEFjYWRlbWljIFB1Ymxpc2hlcnMxLTArBgNVBAsM
JDcwODM1NDRiLWNlMGUtNDEwOS04ZTc0LTFiNjQyYjc5ZWRkMDAeFw0xOTA4MTMxMzQ4NTNaFw0y
OTA4MTMxMzQ4NTNaMGcxEjAQBgNVBAMMCWJyaWxsLmNvbTEiMCAGA1UECgwZQnJpbGwgQWNhZGVt
aWMgUHVibGlzaGVyczEtMCsGA1UECwwkNzA4MzU0NGItY2UwZS00MTA5LThlNzQtMWI2NDJiNzll
ZGQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEBIONXleZX4WDxa0PPBMhf9KQG9
toWiJtYBYxqdIdjdenrDRqtWBpDePsXLjo6wIJb6xDI+my2P1OVyucFOsNs4ogc1MHVpbOSlyfn4
dvLSwEmvg5PK9kVXciiJ3qWvcGAvtEk4Q5ssZKnXDdHqQoPOFFG0fj0LuSkOi/Ilsl81qcooQzuL
hbBP3vsIJijj7mD3IqgP6PLqOBp25tM1OVMImHZ+RrsG5mtff3N0dhQ6ESpafpJpmKZc9yMmmLYb
MnedpQEJJJysrdj2PwwQeul3zO0XzBPOZB2kD7NGUDFGxp8zfrXxNv2D+p4N8Lla9TeWBuyp3vNz
KyXO3nFdOwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQC/cMh6c2SCAAFNpOEMT3yFLKBC+6nyS3fm
fsZuXjiGqGXV+9x/cHbaJd1XgVZc7mm9Bie8+81nWDeY8oLJx3JkEZ3pbtwub4o2kwneGi2V5nYa
2rUk4HCk9uermDqjYL7MUxNQYkZchff8MvghJ5QG2i7OBxgP2cbndv47kFA+Z6kWfN4DNby2M/GR
Mb0WL10avCxhqe/ns40YBznBI77YD1jGzerRujuCIAXO55HetcFgIaA3KF1aDbqnvM6yVWP9fU2Q
to3PjYjKwLkpPntxEcNFazlNwxpt7T8I7Pw2hmvc2y84H+5I/iO2hWiY6PQ/XIFthA6dJSPt1EQU
d5/Z</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>PeO1YcATQ80emxXEtyNN5/lWtznZyvE/khDangA8S9MBk8ld8QvIZvTkLo3cEXDmieE/MeBpcUj6djGvDFEdL3J6kEDgQQ5PejSXFcqceRsm1grZgYuRED2u/0keomgtLMfRxWZK4L5qox0ToMnSZ5xLDH92nuBpdi+s7+sQ10a+w0I3XRbWxioHKMSpKpjUIABfy09VuyP+Uc8VoDwp7+uPN9yuPp6q0hWooUCLOuR3L/ax1ULg9IgeaXnkBbrFf/2w3HApDqqcsrNxzHC9KWZnohmYLZmaDDpxlxw9ddjf/P29vWSTDahzZND9Sr7Awrspn6sbHsfklqZEvpZy4Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>F3lQ1cKvjUB1m07+K0VE8XEodClXcnGRfjiISyTjznLWHSiDxBqcz1WVY9L2XydKcO5+3PYwQTFy6osikKipX93hmrSiKOFbO0sp/ASA2iKdEV1Uy2k2PU52Z/UHiYZtxaWnhi0UeGXKgqSOsgY17M0X25MuhiBwpGg70nNS4WTEngp/B3reTvP2IfcCkUpaW1LrIuxzCJU3NqKZW0UjtD3fQNaT+wghDTuqvy1r3S+++l2tmestIva7ljk/0kWpPw+EZ55CBCPJnO0uASyMLM+rgknL9NLERAkElYHDX/fTM6A+ZWGrx4BORrdRrlntXRlhiheggzCFpjtUd0gU5SRuesTSsZnwQVjS4jFlr++ijVC8u0MyOMQ8FwXh7VmEaLr0ct8BN6eSJKxqEnoapdgyTj28bUF5AuQ8gYC4K1NZ6SKD+SnbFCpfEC8y5PBrXidSfIzeLKFdkTI1AZxUbox+hWW9sQ/G5qsstD6GO/Of5YH0VlZNreM33woBwvVOa1xtSRMiK0+wddDDJ2wZma+zPHWyNkr1M686JKJ+EQRv7P3k0gO9y6Nc2/9uHeAeJaPIgV4NlVayFLdN0F909vMf1KhENoaskxfJT1y0xCIfFY3nBIpLrblUWQD+D3dOeHcD7uBpZako0G8dIx2+IVYqm4oKN6d+Dlgj4FVNAXTOtIyP212MtBofyI6kdN/sDLKunSCmBxEm7YfPiVYG+8w+YtODrWsxH8pvgNToPkxYGdr+SYWFocYOtZVYrBZd8g4dHvEDHLA1GEotNjNkO5Kwfz0xngx2Wv4LEsrJGJ1gPFq7FM0d0jFPWQeaB5tr1dnlOqN2MdeSuHdyrf2He3i09cnAP99DxlsYvOKsHr7EpKwV6FT68fl4O9IarZj7fhbrdudjZk3t7L17HfvSx3PdLDIJozcTBZcw/7//4LeSB/nvbUSE0a8RMvi1DWegdGYxVm4L3NGkuJK+CQf4N39WXyjKM0QWKdfhxu8Vw+aQFRLE2KCpUbR+BUydCfIYJhj7NlVQyG3MPQx1Hrj7QR5nCyEe+5BgtXwCVt8yP5BvZUlal3f02jRZSoTqxAyrYCahFOfc8TsqUGhQShMyiFLkT4Jc+DWz4d9zAmYEp5YcsjdO+fEY0fjT955QKCqo6y4NlM7UPp/utZOAp7me6QiSEtHbUGWixa0gQaOhgtsael2GKRVCvwjYgmlW/68KT0JR4j2ExssWB7ay2t8MkA5fCwTCS5wjjcXuAK/NQ9YLxMLYQ/yiF6+zYTjHslzNsz6RWEi3ksW+DHnLaLL2HwIjFwwrpTNpFiZ+2fkIT4qRxS3ziA6SYfss8oQRjr/s94dKIiger0MiwwNyYqE4KyC9ZMl1GJdCbW8wwReaSKVv+bHxBn3BkZAnXLwAEfncNPK9py11/shULdukhTT9eI371fN6WnjFSYtzrH7s5ZWpmpZeZnwqs15j6YK2r9K8cFeUGBJfYF2/rruHtCJpsjmdJQt00ccwsaeyYbExhl+ZRgYrxoWg1fNlp3Ui/P9hEkBgZgwx6LldMS/pou4Ged1CmSDMni5w6AK47U/8ro994v/iM9qAiIS1/2+6yG8oq0R7L1ZOHDXiKyiKIv68EexQGda5wwrZBmIzR0YzYw6vNuUQH3wE61lng12XdTr8CBqohg6KEmK1ntx4p5JJOJyIkxxDpr/Th4zBgJQLLlH9FHyrlKUndFMijLuB8SnNRT/TP8sbW5c6WZhPejhHquGmg+0zyGkqB950SQ9vehGpH9zQQhuFvzv/Q7aIvpqwd2YM2nyfu1shZTrnHIQb3mLW5bpQN9IS/Tk4Ep/8jllykzyXqzFH9JspE5RurO3zhvwKT5iq8NzGpRi/h5VT2sRr8a0yqE98RXwer7IQt6PjaTJpX5tMKqlw8uN9+tLBkxoJw4ezHOeSVoLNV26fRqYNzi/tayhbXM9n6WbIglt505IBxtf9r6wArjRp6ScibWVX4gn3jBjQDZ3iisJrlnI50nS9lXoEEmyJjetOO+w2kreYTj6xFxahdjzU8ze5O7HndlrU2jptJikxj0YyLRUfbqjwkCVVoWi2J4T4aMrTLUHZqlDSywAyQCXFmwof7HpH2YgDHyVBlahNyKWkOncAb+F04mzF+T3mEnfQtqIenNRDAesVKuAX3BPd/Iqi6bCBkN2ou8b3Qtv++D5fmY0H9iXBpw6TlsFpJOWQDaX2Lnq9RvIhPewJhzQVdLKM0CaM0Fhf0sNaF2mR6ull6xG5dVRoey5npOyeyHAyE12fW2lvuDzZdzR/durg3eklWpgWYd6+qU4GXBGoCTUBpUG/QF5RfWRoElLhbXzYXK+NyrOZrceI/f06jGQNYX4CciChYaDCXzatzGutFlV/1CTuRN/v3g/pIgOEhUt8zVyfbXihEPBFZ2p77/EoczlXrgWN6et2sbWUQ44hgUwsSPdng+bGzWbyuC/uDNKFXrUXSu53yK4FWIY9jSd1QDUEjC+CAG49olN2ifgq90Pzdo3h2+Lfchci3KzSMXfqRubvz8xlK3gF+EViGt9DKb3RHXF+taBDbfK+Va+f9sGQHo8XLgBipcwSqyovKVFquQlSPFiwxi9YLv7oHjfwYaC1dqestlyVz0uyOEu9ii9LfRgiQVRw0XKiDa4CBek+8ouue1OMin+Fc38eaXousrCAXI4BfFZjfNkOnme2nuCsYBUX2abhjoFCWBHzDW6ZJqj70SO80QW4WvLbRQqczscO1rmnZLrlvdc7TjZJnh00E4upUINGaW8lVazguYWOgrB9t7K3PTwBBoIpuiuT1EZLT0T/aKR8IDNWYoSO2xI0v2ij3XINqfUlLzUYsFKP2DJFK6CBkPxOIaDAbb21RbBLx+lfLUqcq8LtuFdhSrUkTpqr93MLi734J6p91hKWDUpP4wVOPyFDMfYEQXyxYeacwOwtlVDrFax/h1SJ4W7yi56KJ8hEFoRjblPPb/iYp1G0P+MW6ThBWMrF4QOS04w/T57h888GKhoMQsJhsdopcNlC4nYuEcwSDLDWdPQRkWRYro+UgxvQmFjwfC3Bf6okBfpHX6djCB8urLtwbC6K7YXwjg3QO22BKcbfe5m0teQZsfC1pnxDQhzNmEcYtwGfOhg0PD/qXdWiYoE3qHZdEd230L3lEgJ5Nmr6ARVjeXEQy1SbTDGQXpEWVrLHqtzvPwMvusIAGlLRgMq9pzsMAGPdL0ZZkWJ2m/cmSeOHYdSod8JvzB2j1KtV+DNaNzwI9Gmhrd7Sa6yRCSdoG3hahxxMfg9uUx+JrZoW1MfzzHDcHaK4vbBIPauwcTFDmgxUvfRpttLew48OUlM9uxQQf1/rCxGLNi0ARO3QlJbdSPuHn9lOyzG9LZJbLS4M04zlco0zzL1yQXvWFDk+IQFh/4htmIBhkJOshdlrOHnz6PVZ9Ojh+XaW6J26v8viE6Kma5DTR8uRNXywQ5mruCKtS6W5NP3dbjZFxrdVvLGClkPFVGf21gsJZAQNMWolmAVZiSXaHHad5Q8Lks8m9TIrs03J5UV2dwI296gof6SVH2jB0o/lytM4wmV9OEf5cAKzLANeBRs9VkPCHWRXZoced/JjWc1Ds2ALT45d/2ivY+ipVRxATsHL1PQigGO3/g9JcOEuLfHg9BL4Eu8nwmcWIKGH3uB+JxzV9fiRGQTbG0NNdsBchdqvule47SEfCZ1NhRe61D/ZcHxFWB41m4klNiB74b9MAtQoGNGY+a7yFCZp2rU8afj9hZ5KCJVK12dWB1DJz/FrDGOyQs/+a4GQafVZut+ifqUgpPLOvCfGWSdr/I4Kr4ojdALrhGy/8iQmlB5uEsxLxMcsIM1ajNoLppi5xaFgOlH6ZkkA40kZxWj3wnWNcQqDt//sznec+fIqfLL/UT/NpKqbXQl3Z59FD63v5IwwO58iTWaijyvywPD/LA6vkMsyKPuOFqfsvf0fiWxRpHfu3IhnDIYDMiejjlwjjEbDG00HyZPrQ+/8Qn4k5jo8eLDqEp6vghwphupY/rl7v658KNvjUD5VQy9NWbc/fUEgfiiaNH4sfFTpvpUEPE230Gp+qxppXhB5GNjP57A1rD/wdsThdZcaiL0qm0CE7b+EDUx4WpMaNhYWVJqCWE6IahwyYLtDvQRur73KmHDcjZOWqXOfMpC26h3x1C7sqfj6vEg5qaPgYpF+dfBZWsJsou41Z1sAA7ljHacWt7iqY/6X9kfshOzJsmMLx9BOTWgA123WvCrgiRE6dBYn0Cchimxxqz+iNCA5nxkkDTU1JEZJNWhNp85hTjsBfIQV04RRIuw6RuLn2okStf4L88bLKPH1V+HRqyNcfy2I8MH+liXm7PogXk9yYKR/ARcHEh5bZC9G0h8LmK26kU41ug6sguCBoG7i1Pl52hR2BbxgT03SUZBoTj99r24G6lI9PgBVhXEXsIckDmczh1lTDBBVUVWeOcOJgZ7K16oAJuCJe7Uk7QNX+k6rMQCROJyZFwe0lPz5qzY67re+wWZzjniqRcCCXlj+Cc6x3d/fT9RYF7HDpEfl0xTAD/FGS0Dwqp6Z70KX2sD3gs1qNo78Bz8x4rU7ytqqhIRZt9e4x6DnYRSg3S08KHcTrHxZflDUcZRPoaPC6W7e5hFT4ZfldqLQcYq1pL1VYPQ7zB3Le/2PqyF+0CxonfHWaVlISsxuH8LYfURpkp4qcrfUSWCZg8H9E2LHNvL25wkkESyA4IuQHrArbyv70dL4RZ1MgWQffwWPakr7H4nTAoIXx/NrL13CcfkUApgK/9yNBxfmOLYXvRN25rgWxzmxja5YlzfUMyDFNJVXuH+u5SvofOQ=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:01:13,057 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:01:13,057 - INFO [Shibboleth-Audit.SSO:?] - 20190919T020113Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|c8a57d74220c4f51ad2ecf04d794a7ea|https://test.brill.com/oa/entity|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c330b6da9cf610942e8b0cafa8fa5874|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx8awLEeOiuKlQxg69Lt3vq0KxMgDs8Pr0wYUCZSd7gDiDpG7tmfW5Wh4icBIDI8nu3jnQA5ZqttI7EvkOhECW+2Wl6qGvErdfIyMdKNShmJnCdudARY7KVyIpJ/QdJ+ecQBKw|_d3619003d3cc69385fc696634992e446|
2019-09-19 02:05:31,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2019-09-19 02:05:31,951 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://sandbox.marchingorder.com/api/Graduates/ShibbolethLogin
2019-09-19 02:05:31,951 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://sandbox.marchingorder.com/shibboleth, acsURL=null, relayState=https://sandbox.marchingorder.com/api/Graduates/ShibbolethLogin, time=2019-09-19T02:05:31.951Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_83c7a805-7a47-4afb-b2d6-4a89d5477a77"
    IssueInstant="2019-09-19T02:05:31.951Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2019-09-19 02:05:31,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2019-09-19 02:05:31,957 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sandbox.marchingorder.com/shibboleth' from origin source
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:05:31,958 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:05:31,958 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:05:31,958 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:05:31,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_83c7a805-7a47-4afb-b2d6-4a89d5477a77', issue instant '2019-09-19T02:05:31.951Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:05:31,959 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:05:31,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:05:31,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:05:31,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:05:31,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:05:31,959 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:05:31,960 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:05:31,960 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:05:31,960 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:05:31,960 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:05:31,960 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:05:31,961 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:05:31,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:05:31,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:05:31,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:05:31,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:05:31,961 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:05:31,961 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:05:31,961 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:05:31,961 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:05:31,961 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:05:31,964 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:05:31.965Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:05:31,965 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:05:32,054 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'sandbox.marchingorder.com'
2019-09-19 02:05:32,054 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:05:32,054 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:05:37,864 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-09-19 02:05:37,864 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-09-19 02:05:37,864 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@350806243::identifier=rick, context=org.apache.velocity.VelocityContext@34a8df41]
2019-09-19 02:05:37,870 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@350806243::identifier=rick, context=org.apache.velocity.VelocityContext@34a8df41]
2019-09-19 02:05:37,872 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-09-19 02:05:37,872 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:05:37,872 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:05:37,873 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-09-19 02:05:37,873 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-09-19 02:05:37,873 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:05:37,873 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-09-19 02:05:37,873 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70 for principal rick
2019-09-19 02:05:37,873 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:05:37,874 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@22e8a035'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@57db50fb' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:05:37,875 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:05:37,876 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:05:37,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:05:37,876 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@22e8a035'
2019-09-19 02:05:37,876 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:05:37,876 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:05:37,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:05:37,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2019-09-19 02:05:37,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:05:37,878 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c
2019-09-19 02:05:37,878 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c to Response _c15efc9528e71abb2575d51342831d95
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:05:37,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:05:37,879 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:05:37,879 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx5BkGTzjj4yNFGMnBUsATqypnb7Jdq+nZOuTW2VzNp/RmUR7DQTUX/v7rG9c/x2RvOYCHB9AAtIMkWsj+0XuGvhHboLHfZ5fLaCQj/ZIJcPuXn7LeNSpKx98GI27euxduB2mJreFE+GG0TJk/QItg with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:05:37,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c did not already contain Conditions, one was added
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:10:37.876Z, to Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c already contained Conditions, nothing was done
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c already contained Conditions, nothing was done
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:05:37,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _67415c3ddbde2b6a9fd7b092ddb60c5c
2019-09-19 02:05:37,881 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:05:37,881 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:05:37,881 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:05:37,881 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQx5BkGTzjj4yNFGMnBUsATqypnb7Jdq+nZOuTW2VzNp/RmUR7DQTUX/v7rG9c/x2RvOYCHB9AAtIMkWsj+0XuGvhHboLHfZ5fLaCQj/ZIJcPuXn7LeNSpKx98GI27euxduB2mJreFE+GG0TJk/QItg
2019-09-19 02:05:37,881 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:05:37,881 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:05:37,882 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:05:37,883 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c15efc9528e71abb2575d51342831d95"
    IssueInstant="2019-09-19T02:05:37.876Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_67415c3ddbde2b6a9fd7b092ddb60c5c"
        IssueInstant="2019-09-19T02:05:37.876Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx5BkGTzjj4yNFGMnBUsATqypnb7Jdq+nZOuTW2VzNp/RmUR7DQTUX/v7rG9c/x2RvOYCHB9AAtIMkWsj+0XuGvhHboLHfZ5fLaCQj/ZIJcPuXn7LeNSpKx98GI27euxduB2mJreFE+GG0TJk/QItg</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    NotOnOrAfter="2019-09-19T02:10:37.879Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:05:37.876Z" NotOnOrAfter="2019-09-19T02:10:37.876Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:05:37.872Z" SessionIndex="_28f02a659f529fb7a8b90b867a0a0110">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:05:37,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:05:37,884 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:05:37,885 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c15efc9528e71abb2575d51342831d95"
2019-09-19 02:05:37,885 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c15efc9528e71abb2575d51342831d95 and Element was [saml2p:Response: null]
2019-09-19 02:05:37,885 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c15efc9528e71abb2575d51342831d95"
2019-09-19 02:05:37,885 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c15efc9528e71abb2575d51342831d95 and Element was [saml2p:Response: null]
2019-09-19 02:05:37,886 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:05:37,886 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:05:37,886 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:05:37,887 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://sandbox.marchingorder.com/api/Graduates/ShibbolethLogin', encoded as 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;api&#x2f;Graduates&#x2f;ShibbolethLogin'
2019-09-19 02:05:37,888 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_c15efc9528e71abb2575d51342831d95"
    IssueInstant="2019-09-19T02:05:37.876Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_c15efc9528e71abb2575d51342831d95">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>FNPVdWnUwxJRO2t3RggFuu3/pw7E7fqpdr1LhSXWenQ539P35oZAyPmV3vRcQlBy0UP6YzRIX/TDLYPPgoILBg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MlYTS7aNQsPrPfkA0iLKm3+apV9FuhWZ2hYC6UMmQEQdUQn1Vq0JEHEAogBg8klk3HTAHkVzzqE/s8Mk4va+tXPScmOMYkHoQg9a30/lsjarhs0v0pupMxYTjpramE1l6xCi8boqbnDFep79OVDhCim06TZYzOUYv/wAtoPviKJvuCmMxbp0/KDddII6EhSuv8L5RgYWAMfspjzjpISWiFgBXVl3e9cC9FLSVbf5i2kgu2uYpuK5xhBtKIw+0K/Q3f/x6WCMfRdyKVL5pzO9Ff+HItupA9cRliQjBxygXEtUe1Cz5oeEUFkOp2V3Cm/um/HQT+Gco5VQiBf1fza/KQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_798c60027a10708b634056d8d7d06126"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_71bb61d7ecb34a770353a7435839a53c"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Prw3qqruNuTn+Eia+BrxVr2s59QiRvf2sxFzkpFQwi0puPF4eXWmujY+9cuV2m+rJ5reYTfyDLC0q5Tom03S4Q55ro0IskK9+oqHvfcudneH13sBSZwLO6gKMKBAWh+pSYJS1XLeqI5AGi8O6uwVarq6oz0jvqKH8rj0srvQCUmsSTEb+y4HkcOnbO0TApGj2mpFfhTzlMskWlqSial7dW03KeP0aSmV6L2sl6l/Nne6A6M1xnfjKZCLz4ciCs+DZMtyhr/rJ2ekFdqcNw79pc0WJYSlsBOp7jFtm5QfE0f0n/TCgGlfy+Z1dFKDIkDt+qZEniCVFLRVEkr51EBtI8X5CdbCuz9pxC8ikjiIbr+7Y4GKU4amf3e44SQM14zB10RXwFTQhEiRRg8zOJ3pNjfnc6B5bEO9InyT2gdPZWmJgXT6LcmPVEekTv1p8uBocFSw/9XMgmGRBNcDJlh38sFiUMkJERPKxjxhE5YdfIif1sdeRM8UVf+GPKXzqhSn</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>7rE+SgeHg5jgwRi7KrVw6yl5PBpyKyLKGTw9PW3ue6g3+BEFr26aDIwrsMipXZsrBTjgyCXG7gz9tM/mknMtcjt02WCDTVjwVSmTpoZs1ENLrsHj6zz5Fd65OggbRrbbUQTqqDrxswcjU7YptgxJq4szIZTC/XkiVcI7RkxzppbN24sKdrQHssYitizg6gAHxeyedSX9BdsHQCHxZt9ocPm9wlSkybh9O37sYQjaQK0G74GQICKtfPHcVUF8MKLJvAEBg+E6X63XeHfGuW5oIrU3bvk64jS4OvCY3WlsN2SfXksNEmDnEwsnrmQXn6sarj7FSR9ln4zkFDt8nKjmcoPxsBxMv8d+Tv9CfZcN7J0dDH5JQ+wnGAXsNNfWuT8xngDR0RxtuO93mxHTFgYE60grNlPyw2ucz+uD2LYlfZBjaLiMuCRd8lMOinupYoGrLAl7jG/S14ej5xnKPhZgHPDXcrX3+K5+0L03JMAbqprAzXqvaxaVep0YlqgkyEqfzgGn5RDRnejGrzpql/G5tjmYzuDL98H0OGTG4LCBqHd479v4upvE3C+p3lWZXZQDmW84ThO0ugrFgcVuSITHHVXPPtO7tz0j4fUs+rBb6TjazQmuRiqXVjaPxf89E+/9zpd6Gn3PCSAPSC1Ah0PYcEjwyHgAfwzEPfWZWk+jPaL1Yn3VueTXXGCcD4zF1eeVj6QrTC5foRo/zhH5ovMpgFNzN/+dV5ympKQI2+O+QVJqhyqA6nG0uyAyYK3UvXDwX5YVOfSRJD2AN2BQYnZOiXKQ8/gGRHdNC/mPUhHeqOOVS03M+nqRkmKPItIH7gZ7TdEszoU8KKwopdU3bmqqDf7gFBxuxY3bJ1sP2cTWvL3uJmevSORc0Nki+/7L8LzYqwRs53FamN+lyhjhkI9XX8JJfs/+rq1UjHipt8IhTNJb6wz4W8kkKG3l9DJaULKIB+t5VegyegML2avFtU4PwG+saVBKprHiGRTZ4wUSceoycYl5iQcsDwXpJY6TrWueuycc3Fjtij4KLVO3doMRnf0jFe/ME7bZ0FFfIJBwpfuVJm9NQl4qFeMMN8z18Ro/D4OZtgBfY8q9gPjDyrjzEAENqq6w5EptPUAmUo7EIFmlZX7g3p2umsUBDn5M/c5iTqjFj3gvq7klnRw8uI8IbpPvkywAhJhXvB26zKqBrGOG8WFQabuF9A51zy6bOAZvspWW9+TPSTgxsXTWe+bczIz+vytQSCMxXk6Uuzb2OQchvh90tREUNlt5aWbuEx4tloPsvYthvY2zM4YaHIHiiBCQYiXPWE9aV5xPj6b0D7gukw20m4zhQYSOjhrgMMrdcxXJ+1SJR9jw1RcA9I7VpJd6MwggMy5Z/Y+eoLYQ4gDKbQ9HJCbPPLsv/aXnHKmZC4ttUrV53/yn8lxLssCx3cCnFH2dIJquNwxvZcX4H+KqLG5USLGv+bmC4+xo1O/o1VavljaDLBZ6MJqMTdE8EHuE8UN6lgUkTkkuap6g0OHpTPUgt90v8vcFKFOqm5mKGgsfYCYKJMOtoszfohtWogkQFSyNNngQC5+Zke11lCMbo+WkgLl++P2G8kc3bgYNKUf1Yb3U0qVLjAKIpUxfNpzrNZIGuJLZt1wRjY3im/M8FSoahlh2ZTXP9s6oAV2KsMJxXAJXlmWIPU8GlFnHjPctVTtUlk2D7xaVCj3fwJlcNOGdHY0cVYbp8RQKw2CBxsT6nuCU5o5P9HlKMIwj7KCMX0wYuxnpB+kRB/SriOdhM60qKOf2TGc0ihIg6DOrfcV2wBsWfaH5sjB83o0pfNL7wmp2d6FgNvoyvenpJLeNlryhU8GzxnRUIW3IbeqYUvz5iyPhVLP3I/Iw6fBldZRHOcdQogfg53I6FqpUy/+OYdYFREBqFoJ36o/byUMHoXWlhII1uMrNRNYJ5N52686faEAxRGafe+XFZvHoninEclbr28yOMNm6bxQbb8Jlah5qNSIaHlbflAn06yvW8jaVCPfViZb7tW0nxHbHGLP1EQcPIvKafNjiEUnxXAzBjGrJGNRlJQH2Zi2j8rqIkEGmIC5iHCuPi4QDlQ31U+Ja8TmaIgprfdUJ57fPs0HKT8LY8GcOkEIt33bwpTYyrLw6aoe5Lo+xBRxHPjy7vQJDfg10Z1WWcTALVilOolxMRgp2PaU9Hl2SxXWVTWb6aqx99ih9fdpgfuVPEbcQIlbRR0W5/48daSEU1TAzn/37xSvQCaE7nTJk1gazTPbwdwdIk0iuPmzn9sX4TsmHcN5e9d09pGTKDcX60V/ZGAPgkJ1whUxZNwg9wQg5Wvuc4ViVDiL7+ZLRhH5cigHm8FJI7dHsW/wysVUpmVu7/x1STMwgBSPJPYJQzOslu4rVxXXIgwnlHlxDpBeS2wY+kMMKUwg/WBoYFJbA1/5Ye08EFjnsJCltNrMqxq7qPsXsG88nDdHwLCjQLOi41cDilaTSfWsNMpgbbWtBY+ucAmoQqPs0dIKMlTIXnBY6zhGisCXcsBGJKk7J8WwVl0v3D84a/dH/12qNPEuXy9NjgeU7nQWc+dArX7fpcj7dy63jiDty2IWrpPJ1VCZNvrvvfDtHo7us7DmN/GszEopZ0Hp5i7J4tDCzy3Nf3m+eEmDVISBr597DLt5SHA8WdsJhwmjWNqLDuvnCpZFPMfldpLVKajvXONKuaWMIAV5vFenkMH8jpT+CLyGEL0p9phZ8g7psK+XdR4bLoj5zE3SNEQ579Me+hnx2RHVBysSioEW1Rmi6XZsWLbEVQ6CAVPAZ9XjRJYwiQ8yvFK4eC6Se7SDbTsx9BtleVyzSTww/GiBHgxVFesugz1nXsgIAU3+BC3SxX33MNTIOWp7H4OkdDNfwYKF0mOtJ62xRcoQnR3Zoawrp271qL6AiijSjydVFhArtdJ97BCd/ea/LQhaBfe9HDEYkrad+2l0gaGawQpjtstDiRxjBPdqhTA6tDIOF3HPEihEugC19ad6TB061Lhh/aJHslJ158ZLUUkHQfTKsyDlSJ0sLyrTWopNuK3zrT97tcI/2MLD3KuGlR/i2bUZT2J7YSPQe81R3pivIwoPiHwpgSuT6yMWTvBYYTpEzDZNRL8b12cP6ij0cAYwKwmiaL5V5O+csqYC2cGu5VABNCAwocH2VHULBKsmpJzoZCZ5EMhmxUEBOUFCcaVyShTDzerHUfbF6a9J6q1jhtlqYorfLgwGHPNhRWrDEaRkYAMbg76gHfwzELM918Ey5FoUyxUGTEG+E203Oe3lJV5iE21S/S9IPo71P6FTHkCAjF1+xAPyN6w3Pzpn1pC9z4z6JIeIxwXNEmWzY7bYKLLp4enB1KZt/CvWZdNbemF4HlZIqF9rXokp+ya+migG8kpNji9P7nTOhC3GXqi4lt/UZJdLXyWsFqeYC7nrEmH6yGkd7WTOvF7HkrxeHH6/ddbodH5vzLFgkuv+9IsY7kEDMKrp8UvIe73t/yWXn6h3tMvZ0xWoxnMhtZj79eeF5R6+iXuih0pdX9VFUjiNAQeAygaiCLpa8bgx+xemDDn5QKBUKFjDBxEBwgI7X3mduj1IMzWoEjmWBctWtytWh17b26S+IR2UnHoJQoto6RcXs/ns7EO+86/CUpe/sPr7B4sZO+2aefr2KomHLR55JkYlMVZ5+XFkCFdeVzKDBIhBW9MS9HaaypL+obSZtqBHOgIvHa+LNlVX2csaRc2BXTDHCGAao0SUTViMx8DVM27JXg0K7fecT3fdnHmQju3ywDX9mm0CzEFDtRQAdGFfwtGx2630+Gw/4NcqKAmWm/wTm54pZUBEtZ8KhDt0Aur0PHzKJZa6VS6Aeyq7a+GoXll5mFt4te+4B5Ju3aidfXhXm02JlYe/YyBHnl/XKcdXVQ3SbpQcXaNEDL349+n7SFQCyCHINCfzdBCvoT2wE0aLM6H6y8hn7Q6r6EHa4keAysllUAK+TaA5WHo0Oj2oYt47sZvobB64Kc0kbw1/OEEoQJvj6/jofbB3venEi7y98MQIpaWBstilDDdUFWfq7WaXn/aJJ34zruvm1QIAwSPdDMXKVfdRnpkFiMsm1TNVgVotXffuuZXa4rLVPLvqihLMyCf15VtwteZVTp2qZD7nUnKCgOBxjpeHwK8jwoe6FumOjlBLi1d5GEiNQtdXrsxBPzE8APMXl+uNk7EPIQHFycfWUMZpqnaApd8vO8mr4rVlMD3VZ5mOArULbN7YUJdUOrWfH6Ve87QrdkioYq2SkrozUNS6HloDnBUClUrZOvobs0ZFrhCOD90aqy8MkLtIA3CIZG+hm5zW+7rQb5eGCbUXlnk81z+H2h6/iRaVi2za+p3iE7CW7ZB7R6Hgi0kNh8YLuPF/xcLPVJP5OtowDuVomBkXL1zLNPS4MCZu12JuUCBsSoefhkVbr5oRKArxonqwTMXDQUCLD8uHuvbAKKyo0J4GJyZF7URVVwGEtQQYQeb1Zk58DQgACU822vtq6jMnhcxMoqDCdh0cpC0eDEZp05TsKXGkPNWXqt4Fp0LrSgk095j/4kBv0VSDI8Okqt/kRI1vUjDRX73oxwVVBueR6DnXvbVchf+IcEgxnQ8zqFXTKu84vvOW6iNwztEaQRUSgrCKHQEKfjgWgPFFxmNC/x4cmdjl9f/pl/JGZtWIUJM3Es4VGlD8k2Epp/YRL5XExFsy4oZC554f79cNgEPnjjMQabZoPPmp/+CwR1vjbfYjgGHxWrXg9RExmUzxnYbSiI5jzj9dwaT/EN0/bbq/0jJOICrbRB7Zi</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:05:37,888 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:05:37,888 - INFO [Shibboleth-Audit.SSO:?] - 20190919T020537Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_83c7a805-7a47-4afb-b2d6-4a89d5477a77|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c15efc9528e71abb2575d51342831d95|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx5BkGTzjj4yNFGMnBUsATqypnb7Jdq+nZOuTW2VzNp/RmUR7DQTUX/v7rG9c/x2RvOYCHB9AAtIMkWsj+0XuGvhHboLHfZ5fLaCQj/ZIJcPuXn7LeNSpKx98GI27euxduB2mJreFE+GG0TJk/QItg|_67415c3ddbde2b6a9fd7b092ddb60c5c|
2019-09-19 02:10:07,466 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2019-09-19 02:10:07,466 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://sandbox.marchingorder.com/api/graduates/shibbolethlogin
2019-09-19 02:10:07,466 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://sandbox.marchingorder.local/shibboleth, acsURL=null, relayState=https://sandbox.marchingorder.com/api/graduates/shibbolethlogin, time=2019-09-19T02:10:07.466Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_3e61e38c-6012-4911-9e97-d109c574fdff"
    IssueInstant="2019-09-19T02:10:07.466Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.local/shibboleth</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2019-09-19 02:10:07,466 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2019-09-19 02:10:07,474 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://sandbox.marchingorder.local/shibboleth]
2019-09-19 02:10:07,474 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2019-09-19 02:10:07,474 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://sandbox.marchingorder.local/shibboleth in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-09-19 02:10:07,474 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-09-19 02:10:07,474 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.local/shibboleth
2019-09-19 02:10:07,474 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://sandbox.marchingorder.local/shibboleth)
2019-09-19 02:10:07,475 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-09-19 02:10:07,475 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-09-19 02:12:30,955 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2019-09-19 02:12:30,955 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://testschool.sandbox.marchingorder.com/api/Graduates/Shibboleth
2019-09-19 02:12:30,956 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://sandbox.marchingorder.com/shibboleth, acsURL=null, relayState=https://testschool.sandbox.marchingorder.com/api/Graduates/Shibboleth, time=2019-09-19T02:12:30.955Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_bd80822f-b394-47a1-92a3-b9f8da6b4ed7"
    IssueInstant="2019-09-19T02:12:30.955Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2019-09-19 02:12:30,956 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2019-09-19 02:12:30,960 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sandbox.marchingorder.com/shibboleth' from origin source
2019-09-19 02:12:30,960 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:12:30,960 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:12:30,960 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:12:30,960 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:12:30,960 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:12:30,961 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:12:30,961 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:12:30,961 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:30,961 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:30,961 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:12:30,961 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:12:30,961 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_bd80822f-b394-47a1-92a3-b9f8da6b4ed7', issue instant '2019-09-19T02:12:30.955Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:30,962 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:12:30,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:12:30,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:12:30,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:12:30,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:12:30,962 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:12:30,962 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 8 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:12:30,962 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:12:30,963 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:12:30,963 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:12:30,963 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:12:30,963 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:12:30,963 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:12:30,963 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:12:30,966 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:12:30,966 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:12:30.966Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:12:30,967 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:12:30,967 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:12:30,967 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:30,967 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70 to 2019-09-19T03:12:30.967Z
2019-09-19 02:12:30,967 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:30,967 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:30,968 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:30,969 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2546d4b7'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@57db50fb' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2546d4b7'
2019-09-19 02:12:30,970 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:30,971 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:12:30,971 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:12:30,971 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2019-09-19 02:12:30,971 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2019-09-19 02:12:30,973 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:12:30,973 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b665135b846554306d0c6dd96974f6b7
2019-09-19 02:12:30,973 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b665135b846554306d0c6dd96974f6b7 to Response _62e5fad03dbc976db4947dfa471ee18c
2019-09-19 02:12:30,973 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b665135b846554306d0c6dd96974f6b7
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:12:30,974 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:12:30,975 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:12:30,975 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxqmyQ7EKc9em954JPPI3kIP1bUeVOtl2FfSvGnFqwStf0m5R3/bQZyBiJgt3TaJyvvhxk4saLOmpnH94w5YubpE2+i4YULE9qVhpcF5zFLqiZrK9oLXN+oSUhN17PVOKroyThp+XzB+C6UJy6Yenl with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b665135b846554306d0c6dd96974f6b7
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b665135b846554306d0c6dd96974f6b7 did not already contain Conditions, one was added
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:17:30.971Z, to Assertion _b665135b846554306d0c6dd96974f6b7
2019-09-19 02:12:30,975 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b665135b846554306d0c6dd96974f6b7 already contained Conditions, nothing was done
2019-09-19 02:12:30,976 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:12:30,976 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b665135b846554306d0c6dd96974f6b7 already contained Conditions, nothing was done
2019-09-19 02:12:30,976 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:12:30,976 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:12:30,976 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b665135b846554306d0c6dd96974f6b7
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70: replaced old SPSession for service https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQx5BkGTzjj4yNFGMnBUsATqypnb7Jdq+nZOuTW2VzNp/RmUR7DQTUX/v7rG9c/x2RvOYCHB9AAtIMkWsj+0XuGvhHboLHfZ5fLaCQj/ZIJcPuXn7LeNSpKx98GI27euxduB2mJreFE+GG0TJk/QItg
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxqmyQ7EKc9em954JPPI3kIP1bUeVOtl2FfSvGnFqwStf0m5R3/bQZyBiJgt3TaJyvvhxk4saLOmpnH94w5YubpE2+i4YULE9qVhpcF5zFLqiZrK9oLXN+oSUhN17PVOKroyThp+XzB+C6UJy6Yenl
2019-09-19 02:12:30,977 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://sandbox.marchingorder.com/shibboleth was replaced
2019-09-19 02:12:30,977 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:12:30,977 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:12:30,978 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:12:30,978 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_62e5fad03dbc976db4947dfa471ee18c"
    IssueInstant="2019-09-19T02:12:30.971Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b665135b846554306d0c6dd96974f6b7"
        IssueInstant="2019-09-19T02:12:30.971Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxqmyQ7EKc9em954JPPI3kIP1bUeVOtl2FfSvGnFqwStf0m5R3/bQZyBiJgt3TaJyvvhxk4saLOmpnH94w5YubpE2+i4YULE9qVhpcF5zFLqiZrK9oLXN+oSUhN17PVOKroyThp+XzB+C6UJy6Yenl</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    NotOnOrAfter="2019-09-19T02:17:30.975Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:12:30.971Z" NotOnOrAfter="2019-09-19T02:17:30.971Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:05:37.872Z" SessionIndex="_d463c793bc04235178391d638cde5886">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:12:30,979 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:30,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:30,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_62e5fad03dbc976db4947dfa471ee18c"
2019-09-19 02:12:30,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _62e5fad03dbc976db4947dfa471ee18c and Element was [saml2p:Response: null]
2019-09-19 02:12:30,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_62e5fad03dbc976db4947dfa471ee18c"
2019-09-19 02:12:30,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _62e5fad03dbc976db4947dfa471ee18c and Element was [saml2p:Response: null]
2019-09-19 02:12:30,981 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:12:30,981 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:12:30,981 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:12:30,982 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://testschool.sandbox.marchingorder.com/api/Graduates/Shibboleth', encoded as 'https&#x3a;&#x2f;&#x2f;testschool.sandbox.marchingorder.com&#x2f;api&#x2f;Graduates&#x2f;Shibboleth'
2019-09-19 02:12:30,983 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_62e5fad03dbc976db4947dfa471ee18c"
    IssueInstant="2019-09-19T02:12:30.971Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_62e5fad03dbc976db4947dfa471ee18c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>Q6Aqry7OgV0HY6Xy+UPbGi5H7a8H6sHdkoEDIQt2ADrR9KjO1IY61Nx3Ql/G7plwlwbP1RsDW9Kd0bcmc5EyUw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>A3lDjiFd25wX0VtDqBbs0WtBh4oInussMZpZ88BnO6gmbcLK+vzWPb16qW37PsY/pVJQtkVhjMGrK6bW0AUp/M0eDMUK8QiOM4l9Wr0w2nxTzy4HWoQgIHnYtB6OCTF003YqYe8B8FRaE/bNQ8AF19YKJLEsS3ZGkv+lA5VoAGFCdataMCnncsiSqsT8Ce50Eo0NyA0QxFzl5ul6IzDhVdGWjDed9uRHU5AyAxxRjRpOuoo09jvUJEm+NjT5UZRUO7hDNhcAWZfhG2S3ngAaGG/wE2L4L57HQ0Z1knC93euJYS2CaqmDzbQZ0OZqxzkpM+ghScRTFdMP4TXkWQ+H/g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_af9665dc2f485c74da38c3ba8c619b7c"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_0ffb900282710a208b0950781c2bdca1"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Mn6H9e3ZZCMeDLIMPi4YSxpyANGDnbaVoLhFDFHjaJ/XO79LQtyitgDfqMzxB8RnC/RSFUwys8BHsHE8u/avfyWDqDmAfovA9VgP+z5gZ1sc/vaaAUx5vjrhUuZU6Lo++wQFX5D2audl3aJf1PHWyh5F33kRMO8xn9Snd4PNVpHgkySilAIbVP+r1HxLmB0pwm7jgQ5wKVhMgSC5KK1kiWolADo8RxaT+bFTA1miakD5f64cXeVirsIlRS4c7kgOTKj3gd01pXoTUgIpa8nGsUwGJxqpQDEbfZbn/cmgrQpYR6kTfBz3Xp7MxSkLT792mRbHkxmGeBm9bU9dpRzSFE9JUYkX4zXWlGEDxh4Mh8inYOw9/gA6QRc7plCi2Ynn7sNFjdtxh1QdKhoIVm+iVu3SKEe7eeBPENOQdpBgPv1xrA76HsNlkVZ2OMyKlohAnJVP/K5lKtD9hA60jTngphbbkrLoIk/96HwtLMlJ4QdOqREFwg87mO7404vtKhkC</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>CNgrxolRjZOCeedtecFHZsf0wMVha02FhhiY6IvttpUkSDf73U9IyTvKM2cm0FaO20YN94uGL0RGqdZsA1xsfti5TYbmF3FpVZ6MkbaOzh+GA0HYqTV/U8f/Oi8pOKD7Ol2qbi26kfIq3dz46NJjgmLBkVJqtf6a3w4OIicf2LCNIgS4dHnQdXigGfzDr+RqEGliFn90bAJPMxm9mphGKIx8KhdEmJuD4n2vbPvLUKqbJlwMdOQTaR85sRu6tjaZ1bMjtp68jS95EcaVILJujA4oedsIfpNqVXpsYrcpEFqx3W3ngs4ZorQSmjztsECZZ0os9xY27CLeouVdh7SlL3fEP4ZloYUmPdTz2fLozdVYOQfhtxGNW6xYUUr4WpXuKA43N2xq3L90k5ZX4MNtO39SYW2baB9tOj/sKKApuIyJNeXjsNuPN9iFCt/Ecy+9uhWPvjkuAU1gpjE36RYasbmCtBj5PzrbtVFdxK8oYV67h3JW3ZmzJb70ekOa4390vctrtxv5Bs35EbYZeX8bz5qbpojNqJ42gvc/zpUJfmBcV+FEEsOyCpGGoUuEITpx09sMXi0rYy3G3KeXksloboRawrsnNzNDLsktrAT1ZoioXmBOIcYSiqTktnFivREPbBWyrqV+xr9uNqH518sLpPMEGXVFvTvMyC3bh0NuGi5jmAoqcLwU7FIhzx6wo83jBA82kV3LTa9CtRCq+mqsVPcTq4Akbx6X+YII1bDU/tWN3P/1dnrLpNOA7V1HioOQVUEnt8fvbsvOhKljosKvCMGRSJBxCjGWn61J+2F6BKcHTvdyci2ilN8Wpv+IWXMjnXaKl/iayuDslt8g9v2UYu+9zx5r0LXygUDOMBHRiAkJbwJGIFdo3uFD0qriTSoqp+0XyJHrRbUjUfzjTuTD+qlVyGmItol2ipG6EwmHpNaSZcByfIFTZlC5cVjkoI8+ordoETU20ck3bq3EyJ9F/8ZpNLqYTlmXx3kQ4BeE0KSH0+QYyU1+63FY1Cj0eQcXXgVT4D2SSLgq6ZWHccN54LPpBPEp4dfdndjiOMQyskSeEW83TlrLsX7mmCYZV6Wq9s6MBmOlqt1mW9RGF0EgJLfOQnQVw/3vgzZghFmbYvmInCdSArth4h1UhNsm7T1WoQOV4QiqyAwStESp2zM2Yv+uweBx3rGk6PyNEpj6frCpkuG1Gbli8mRfJa8iVA3Y6uq1wKvy67hEuqT9iNf4r6UBiCkjwgJWeWYSctwEoClSKuH3s9T24F7ekMwLvYTc6eEAP13RP94xYBtdCwsDmGYB5uMM/NCT+bvqsbeipFDTLrr8rcdigTgDPmwoKDqHIQyumdy8TH6eon9CbVqzyqtiTbrBruEZs9/9gUymg/i6GFLl88T/K0p1KwY/wShRuSrMj7Ulj9kAvbFfsrqtLxFMcFXsBxC3rhFthPKcQRcdRfOs2l6bbiod63BwO9ezwDIzraNobUrSr9QfFbuXdX5S0hlUZPalLMrw4JgsbHD0UKMfk7gUYmB/d3rmk5AB/gzwh69RNRnENeErB4QXy3Uoc3UwhEUIHTC9ZoKsYs765JmAIx+Mptrdyv7IpT1C2nIGBdAj9iE3RnPEKz5LyXXMJWo8CVaqkE166CeWLBNxaAnVzQaqeJ28VLQGJNxRnf2cGIJoHalMKTNd+wK855BThVQGADVzercIZAi4yfU6UlR4Iwml7MvNUyg42vjel9ku8UgYoYnT3LQ6Vr4O84u3dqg6JVhw3mDApXjjlfN1OYhhtCh1Or7zn6avJWEK9hkFroXpNwVlTl9lFfWkiETP9SaAd5fqHxNqmHWfEy4vxxWZvlczq7ejTuJYXg6PFPiTLWHWEe2JYKklEzYAYK85Nypg05XhHFSQWtYUz7fNMgzWasEW3+L9I6KYstL+uFG6wAkqbq95Stf1dAuzjcBScLUn1WU+iRzONRl6CUH1lwNNk9FK+umAQR9zIMirO72TCS3aK9PPgpTcik81qEPKPxCfiG/vODsy/cKMwZw/lN/ov8lXzkVkdE/7RD26e6pBnjpR/RgeWs5CX25+KaBZDipLtZL0w2+AMfob6xMp9ERcAH2m8+PTK1UvxSDSm4hQ1ACXeFDNq9vAUnJwC5iPCRGSnsU7ptO2LO2sh7Ke56ZwRSXSGhVG21CP3eSjDpqBm3sAly1ixs5cJL5PZ6HJXzgjXeQmPs1xmPf8rKPetTRxAObh+tSYnzt+NI450mHUexCAS2QPbc8b/NpyWZ1ZAfHxulhITfpCeE8sDyAcRlM7l+G3ysj7TzIm20zdLUm02krBcJBUS7l6dVpjbK1Hes7EEfh97ZSk6iDCwLwPmPnzF4S9tz96PmLb3eg2MUCw192zllI9n5Q1OMizJwH8o2GdAUM7wOuOKg2feiAq3lJGE1QXOah2NSHae1ap2TdARGWAslyRr4EerDa9580p6rnSfdIuNJZYlE0o5E8LMexeAdcv4pl7sV5C86WNFBvu1X0w6tZ72K6QwVrkRiyAwrGMwn6Mypf/GpPj/YGYyERUMu57G7fM7y4Cbo7/S61pOqgrrvXELf5O7CQbPksFyoiShXGMgqlYQKmQQWMrA6cWr+lFXtGHw+3WTfhjw9RZ9WqONu8B71QETti4CcXd1FoTexobSOM36DnKlA/I1Gm4SDlSsB4FUG8Du7pZGbJDi8i0SdtYqoDaAxUwLyFE0O+TNAOsj8KeqAgWVT/wDO/5GFBQTYqNFBwRfK3gavVK2EKFQOgjiNNSUj6cVPIBagEtLj47LB0ghMb+m8rRPl9rZ4Q38hsBEWJWDU3qhglFsrZLB9csGWsCsoyqSbZXCMyiUKiZweJBUWTfvruWSge2Vz5d5szO3/qB6erHjcyaPWSYiCEDiyAul0osBKrZXj/w+HkNsIWlPtahgWPzklVeQSZclJJweMdn2kbwHng/aubi1Wxg2kw2SsbwTqi/Q8J4TkVoouc09E4o3/KAfWh7/7Z6ZILZZ1vfUHNlJ/tinQxYKOYd8vvhZxA/pa7MBfsRhwKjkcQ8kjIWJdsd2VeQMLTH6l5qRJVdr0oIMuQSmJ0ff/9mgCwLnNY/v151WP3IdygtTh610VabfiJM+D/Wi074Bwsy0nMxfV6nHh90Q7jJa17uNYQpb9arCEbuX9rybqDAe7VjQinSk0zJDjFXgdN7xicw9NVF2QoDPLiticgjV+/01h75W4at+piZhxFY5YFSW1Ek8hvPi+Nf+p3Mq+4a0oM8LxJvLyKRt13ZZ2zmbokkN/JeO6xaF6xMxSnXGS/JvlpEK79JQOaISLPN4qWV3gcJLtU76ZBlGMEP4ubEDyn6VCysf4eMm25+1Lzs0k+WgqklVWID7ogns/RTIW72X2rBvJ+Mn3nkE5uLx07xXJPD/tXKotAmIobdzHdNWvH+gWHRGuT/HlrABaGsePb8aGV1kGS14X6Y3gYjgfP2TozH3kft2UpXt/IambEWGSZUGG/zVCCw51B4jtNozC6kMyH95ZFql6pDY4hoySyN4yYZeVvoQxEHcFrgc2jHC00H7xDluPTPCfT2IQdRx6hG63DAKix5tKriStOC7w+0brErnFKZe5KfQfGiNLokARolRHfvXov+1kZYVuIsLjKGPGdSTk+pTSk0VJd5RSN5+udio1dbkSwAvOrPfUEfGh0kmNWrXqUvO/mBjokAkBnO7JEhMT7Koogl5Uj2OAgMdgpQ8Y7nGbPkB9mhjHr5+mrFFrorh/LURgikjz3Ry3QsG1EkGS9bD4QBBzwmQ0k1MCOcUELQTNuT1Uy8MK66jjfy1Cmu+6GlImwGpEaLznrq8Zandy/2BN+25p3F2O70BpjgLOC5RVFBMbujE6iRu3RlVBoNxrQSwteiytiuAFtviarWR8XIbhW9mUuew/J6NXGOI7bYvf3lBxPiaj5YKGVYV4/On1MTD2Zi7pQ2rvvdyh5tJLyNj914PzDjOb0tYUVX+me+QhJDxZfbe8HNBWFkm2xu2jMOhMu9LICgHmCObRLfXBe68HZRoK2JqP12pvx3zeihLAYMhGhY9Y0a8qFTgLFqhfnhidKcBuKVAREssLQ1UAvhYAb+qzBj1Pa4r5bbLOPlRKaSyJbO2sJo3Jh+9uOQc1BhzSwegeeofz4Z3Sh5ceETdv4XGQEzPi2geiBaoNWgDJIm0hY++x0gWtpFSjkavLRjdX6ZPuMmWOXT//kSqe2vNUcAsN37xZkGkhsT4jb9dic6bndGwDGYu5VWkJ1a6ALsyJBnDmtalXmuXaRp8QHTBEbkLoXIi1xE7q4ySyUvqsxwV9MNLz6Gwr1OejyeamB2/utcKUglNIbHb8bGlRzyefPH0ogoeod84rXMKktoNNcwH/dFzj4ENybdcy2bgbyVtdlwJ1Ko9UHp+p1eBCtAcaSOenTdF5tSJIUoyFKm4pAF3yyPs8TVXZ+ii/PyAVWjZUAxNeI7W4FixmECtow/sFVz92VlY/aAe51wMZ6Qm7zRvEGClL9sKhbYOa5/zNj9KUZSyFeweQzllQesdCMRLe/UQzZ5UoRjrHx29YDyNgN9D3q5QRNDRjSv/Be9Ds8plb2lR/pR52c1qYfdSJs2EqOaxK6mD8owq6+KbL8Q4QYvkZyfxX/Y8A3s0h1Byia9T8flW5WaOtdI4+Thu17YI/szxK+M7qEupeBQDzzz6ZaAwkwAJmMMbEkSopQj3cnZOZci1aOO3HbnIh25JjeCnzVkebHStoq7xs0JQa9hdu5bI+ut86SHqrUvTwVX6DF6A/fa6sihE4YPYfv3</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:12:30,983 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:12:30,983 - INFO [Shibboleth-Audit.SSO:?] - 20190919T021230Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_bd80822f-b394-47a1-92a3-b9f8da6b4ed7|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_62e5fad03dbc976db4947dfa471ee18c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxqmyQ7EKc9em954JPPI3kIP1bUeVOtl2FfSvGnFqwStf0m5R3/bQZyBiJgt3TaJyvvhxk4saLOmpnH94w5YubpE2+i4YULE9qVhpcF5zFLqiZrK9oLXN+oSUhN17PVOKroyThp+XzB+C6UJy6Yenl|_b665135b846554306d0c6dd96974f6b7|
2019-09-19 02:12:43,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2019-09-19 02:12:43,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin
2019-09-19 02:12:43,628 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://sandbox.marchingorder.com/shibboleth, acsURL=null, relayState=https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin, time=2019-09-19T02:12:43.628Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_118538d9-c6b1-43f4-a92b-52956ed41666"
    IssueInstant="2019-09-19T02:12:43.628Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2019-09-19 02:12:43,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2019-09-19 02:12:43,632 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:12:43,633 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:12:43,633 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:12:43,633 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:12:43,633 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:12:43,633 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:12:43,633 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:12:43,633 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:43,633 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_118538d9-c6b1-43f4-a92b-52956ed41666', issue instant '2019-09-19T02:12:43.628Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:12:43,634 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:12:43,635 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 8 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:12:43,635 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:12:43,635 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:12:43,635 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:12:43,635 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:12:43,636 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:12:43,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:12:43,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:12:43,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:12:43,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:12:43,636 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:43,636 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-09-19 02:12:43,636 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:12:43,636 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:12:43,636 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:12:43,639 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:12:43,639 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:12:43.639Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:12:43,639 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:12:43,639 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:12:43,639 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,639 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70 to 2019-09-19T03:12:43.639Z
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:12:43,640 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,641 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:12:43,642 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3166604b'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@57db50fb' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3166604b'
2019-09-19 02:12:43,643 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,643 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:12:43,644 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:12:43,644 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2019-09-19 02:12:43,644 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2019-09-19 02:12:43,646 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:12:43,646 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1cf71d88289a22486479731192729dc4
2019-09-19 02:12:43,646 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1cf71d88289a22486479731192729dc4 to Response _78fb9d97cc702d31f7a8570c7ede04d8
2019-09-19 02:12:43,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1cf71d88289a22486479731192729dc4
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:12:43,655 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:12:43,656 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:12:43,656 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxxpNhG5oyNUOAuhn9JR53UQMb6QBEIfCbnCYu8tKPhYpEQwqX90E66R1HL+9g/aHrbFuwc4dvGoMfVow4xD7GieSpfl0tA4fEy3PHPTOO0IXk5pZ954RXUBVxo1u7ftXXfcLEGUHOf4oi1p5ZVnAy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:12:43,656 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1cf71d88289a22486479731192729dc4
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1cf71d88289a22486479731192729dc4 did not already contain Conditions, one was added
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:17:43.643Z, to Assertion _1cf71d88289a22486479731192729dc4
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1cf71d88289a22486479731192729dc4 already contained Conditions, nothing was done
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1cf71d88289a22486479731192729dc4 already contained Conditions, nothing was done
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:12:43,657 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1cf71d88289a22486479731192729dc4
2019-09-19 02:12:43,662 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,662 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,662 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:12:43,663 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,663 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:12:43,663 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70: replaced old SPSession for service https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:43,663 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxqmyQ7EKc9em954JPPI3kIP1bUeVOtl2FfSvGnFqwStf0m5R3/bQZyBiJgt3TaJyvvhxk4saLOmpnH94w5YubpE2+i4YULE9qVhpcF5zFLqiZrK9oLXN+oSUhN17PVOKroyThp+XzB+C6UJy6Yenl
2019-09-19 02:12:43,663 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxxpNhG5oyNUOAuhn9JR53UQMb6QBEIfCbnCYu8tKPhYpEQwqX90E66R1HL+9g/aHrbFuwc4dvGoMfVow4xD7GieSpfl0tA4fEy3PHPTOO0IXk5pZ954RXUBVxo1u7ftXXfcLEGUHOf4oi1p5ZVnAy
2019-09-19 02:12:43,663 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://sandbox.marchingorder.com/shibboleth was replaced
2019-09-19 02:12:43,663 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:12:43,663 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:12:43,663 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:12:43,664 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_78fb9d97cc702d31f7a8570c7ede04d8"
    IssueInstant="2019-09-19T02:12:43.643Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1cf71d88289a22486479731192729dc4"
        IssueInstant="2019-09-19T02:12:43.643Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxxpNhG5oyNUOAuhn9JR53UQMb6QBEIfCbnCYu8tKPhYpEQwqX90E66R1HL+9g/aHrbFuwc4dvGoMfVow4xD7GieSpfl0tA4fEy3PHPTOO0IXk5pZ954RXUBVxo1u7ftXXfcLEGUHOf4oi1p5ZVnAy</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    NotOnOrAfter="2019-09-19T02:17:43.656Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:12:43.643Z" NotOnOrAfter="2019-09-19T02:17:43.643Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:05:37.872Z" SessionIndex="_605338e573eac0bf3ccc689254f8d514">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:12:43,666 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:43,666 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:43,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_78fb9d97cc702d31f7a8570c7ede04d8"
2019-09-19 02:12:43,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _78fb9d97cc702d31f7a8570c7ede04d8 and Element was [saml2p:Response: null]
2019-09-19 02:12:43,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_78fb9d97cc702d31f7a8570c7ede04d8"
2019-09-19 02:12:43,666 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _78fb9d97cc702d31f7a8570c7ede04d8 and Element was [saml2p:Response: null]
2019-09-19 02:12:43,670 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:12:43,670 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:12:43,670 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:12:43,670 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin', encoded as 'https&#x3a;&#x2f;&#x2f;testschool.sandbox.marchingorder.com&#x2f;api&#x2f;Graduates&#x2f;ShibbolethLogin'
2019-09-19 02:12:43,672 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_78fb9d97cc702d31f7a8570c7ede04d8"
    IssueInstant="2019-09-19T02:12:43.643Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_78fb9d97cc702d31f7a8570c7ede04d8">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>U20+5LqfscUqqMSsceC9idKHqBsxl+R9cpf3LgZ1NQDz1qd5DrWKBXhZEpPeZzoybBRCDJbTqkHvFUGV+0e/Zg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DxSfbhCZeLj395Xlpv0Oiu7E1Y64czcvopNShKhPTOeoF6/7hdTx0HB4bn1ntm9Zyi0XQHxXv6ClifndNqNADHWRNkZCaX13kGZ5FYE5ITC9UQ+/3JR7x9k5AUVsRmLeWBICoHCW6QUXF5hr7r369QlwQRpC+rL1j7SVs8A9prreOU2LXDbcuEnUdk0OHUuSts9u/gXlk/yTeeO5ZQwxsj0ct4HggOm4UcAgyao11WvcoIVuVUBMj5PGbXarOpYGSnWpA4xhvAB+GrIQTmSo2O7YIistUTO9CU0JeLD1PeE60YNqBl2n/ztxPPnJ6zlQ9IZi6AcDiTC56WKAQ+FL8g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_e50fbf9630d331b995e325e466f9040b"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_b5dc2de2fe7b31af31629919297c24ce"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>U25rL4O2uTNMU1TCrfOTSVI9NH5QARvhGwfhOniLz8gRUnmw+gZkva9ayE2RS24mVuZphDHAyAasVNgp0nE52NFB4L7V8M9L634zqHlCJ6xt4nl917tINlP5hcuk4noyTi0EYBlEO3z8SAFO8DPQaR3zv7a/fHizyRLH9LWrRU0TgIhkmyDwgDtoxFXnfEB8vSr0nzAmJ4dGf55qn0oljQF+FTtq1a5aSI3ukbXh7zql8ZwydAf1oZqdGq7shvCKhM150gj1pRd8O2qHJguFhZ/KDd+Ptjt1Et9jnx8a3nFoVUxXHadSt97f/tQc2Zk554nAxAz/JJeZoT1WlYPuXsaP636nz4Ty+GFnCFon3+9sjGMH0h28Vrecwk/qcNTOCBJeJeND26QbmaoudG1vJLJB8aE1ijzawtk4ZZ5iy4TromDIFbWeWJeT6ERqnDkwv6s9HpXEh8I/EoXahH1uqUE3L09u3qlKmCoUXrOL5+MylhbJ74JYLHr4mMZMrXEl</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>EAZ/EXWeBviOplUcb3j/ibfG6SuQ6dXcv0VyS2TztaYawUbSXIf7h0EZfcLnzwDejWw9uI9vc0X3X9gauj2plSKNuZWaKtmbcwMxkd0VIGfbQ32ZxTArr+6CbBi6cd+LeazRu++nxuIYSVHtB0lb0PLRorf2+iQ4dw9vylCeQK0qMBkH12ud0kTEHHw21h6GTUxwb+xM4A/rY1gMkxcufgmX8iI6RrpKrzyKjW3ZnPJjcToPxssyGWSNMq/HAuJqDNRrD62cI6tofV7/4B+o3Hkkn8DXX6kpKVe6i1zw5CLNmjXMLyucnGwjDDhhyqkex+LF3KWP3M2dFFFKFDhi/sNBTfKGeSTNgy0/iJHxWT6YHVL9ieUD3rmjsiIOarq0OkJ+8+yxwFZd073Bpx/POGrytAVOLcSetapCPDqsgNb7+CqQ9k9qEi6GGrmaHjyOJZaTtaPIDuw0ykBLgpkO4ZVEn5ChFOMCixgt+1SKaiRueBsfsRpKVAxxtwo0ST9TBbg0PTsjm0SSTpr+dI7AaMuSYX+ViZLtP5bPDFCCQKKO1/YpdfMepQA8B7VAT2O21p4o2FYZ8mE2eRfXwddqdkDOYanwIUZcq1tLIPjmMcTiHt0BD3cREsaCQKU6KyeRti4ghJnxCg2bO8aEjNL+JtDIt33r+YNHA04h9JYbwBvULXM8DEMZnM8T2ok3413ossFC8FTetzOleDnyUgc/KaGp+Y9QOZscp+FVAMhb9SfygRAYPYirR81tSc+oWcsFdynoR6HLlQ9PGlU1gkzvhrGl0mwVuBiSBvfOBj1HD0LbiBoZu1K7zPE0ezzwNmw54fNliQo1+Ko3GLgLWD8jNwzOlj/InHKfCa2rzynFcoYBnbrPUsJZ2kgD6sDhzs6m/Wpwvq7tZPeuUjLktWxAcJRaDhvYnK14VZKq/tLinNDLz3zfkeVzmm+6oF7t8DoUegALk8wdRo13Z+vNnNq7EFO84wmin70o+v3YGlN/uEByLeXkL5cmtwItbgMFm33Qowo9A2sHV92n97S3rbPPJF3y7XUao2TSptzH3KaFDgBJNyBqdW6BCh+oN8xy+gcutgT6Jqtbyam7zPpVzHthDN6eZW5qywBAShexFKwJNUC7VKHwUCxMBSn4/jlxjHAjYvetyFL9azhPvj8OHpLlPccKpz0zb2o88UaRFPQc3fO3lzEYNUWOdxVuEpXFBcO0u2RlS7Fau40er91rA9OnefqfsuSmTUDMfF1RwyCLvtwyirJBVB4LyIaf1bT7jE+VSsM5czBfRyzrVrEpmwhHqlLJouhAegm2C7jW/JSx9PUdRQHVVf8Mzrz5vced6Etsxjn2Oas8tq1nNNlyinHhoPOyk03wvsecXOuT6irv/QaqsUMTE5jqsx8YOg2vy9KRLqifif7W4GQ81B/BAZ51I2ccVrGUd+Rp18ozSklo04ISlaO/XyN+Bim5F5/u0Re/Tc+Z4AGqyi9VOAjA/spMW5p42/AhH0Ksshz78KExX8w2SSB+60yI1/F4i3KJtFly4Al510yAGEspg4sqEaQdNFy4UBHUeo1k67z6xckPIOLUe2F6ZSHlX8exY12f2jZRr5/o1sqAFaww+K15I6oVgxaE/l+z2q36tUrQeSVu18FNk1pm0Z8FZxMxNetSXR6D7tUQjCvogNqVHenil91A3EMep7pYGDVslaDuhSWFKmgG3GaK2XTesPFdgpZBUVRTOxr3mv1SOI2+/OuDid79xybSB9G6Cq6i2G9FrcSGeYBF2oi2ipxlZO2AOXimriVSr8krWMdAelxLEyd4Ccyz3K5z0kB/1Dwy9ONkHXGQ+IS0kEBPSXMwVHcanWlUKW0HeGsTcVgx+alNylOqyDWpie/ZycYm0bFfUW+J2uIAbLsgr/eNCzx0hOaBUPAa2dLNZ2QHFFywWZ/iNRafjV7nk2Vw7xzK5MvHEETJdG7HjNvtBE75j5QjmVw5TPxyGQibUyNvYR2+OmDLRrMmkAjvycqtRwetr2krfWbxc1MPCbFhWyajvIIS5ibHZtf4twwGwEQncGscW/dCSF9F5NtnkBnCIkZqK30DedhkJgaZQ+tK4FIdKnD0Y+GGjBjYR2ssCcoUFAl5Cp91puD1ERTvQxPmRZ8FYtwjNWDlvR0eq5DOVrSTxG22Y9rYd/gnlD7yjvifoNpihHdPoUzhcbmF4446bLln+0rxkK6CQFGj1My0ZqQ7bBI4YEvkkFFP/xmMZJfKMRkn4b4LYiQ1yIJui71vhCPcDh1KixD6gio5V6GyBVgT/Hvr7lEcU8LTPcR8nnAz5Xgp15BaerTUDTKaSVFUnMtG5UHBlCAnq99dVe8KMDEYKJ+F7fKLEf67PPMMVPOiAyNE+zHNifCNEmxn4lIyKk179n+30SRBy4U1mro05QpeGhj2FmCa4CGEhL8dSYStKQhL+U5QKaC/PSQXsJU+hB7EyZ3XPxw+U+sma2g3GHgmXnUw9bhfux4SK2gT7bbo2bMTJEj5qwUYkAx91ViB/SPpnx4rvpQPB7mxi9y5667EryNGejr8QRr11a6lWMXDxtHOOuGDrGH5evB3lmAQEaxujr3IOgYcLNEN4552AVw07j7rAUyWvjkwhMbiVJofZ5DogM1Ri/Y9jtbL3wUyyxYpbd7YCMag2clZ6fEfmsC7QABQ5YoInLC67CUvxZp3aRqYMKDuI6+kpxEt3TeeLaCwKNHQbZf3n/xlqLViE5axL6NY4dBJYulEqXGVsYRF0ZzyMi47Wsyu2xaigln3LjtzJp0iadfUU6vmiehnaU/Xea8z7WWpLF6AZgpWbL84ByVDQwmmH2eOX7qafOwKPs0aYhOC5TOBwPiQPikmrEMlSGi/jjOsMFyqi2RQprCR2xH10uESFhvb/tjyCx2yO+K6q+IlckFOGeymuFxYdpfF6QrTMHjcC+Rd8YZ7VSHrJN4NX18Uv0H+7kBgPdH/CjpL8WhuyF6vhjJTSl94s8xMXGREkt0XzmfF0ayU1MiYmYG1dFsUBJDY/m59ejbDMLsoslHjet5goVsjszwUw2FbgoKVEOPlJTJ0EqfspkO+jwUGE6iBgAwMxV1FQv1oKFRAOMn5R1YpOBxOEU2cL2Ey+6c3cadYLH9uBQ6C4K8f8odFMthp2WyuDzlpgW7JcnqX3yjricDCUZafn+qwfFbWQv9OLzqmHeEmC6mI7lbObkYfZGCsmc6xee0XNquZ+8T+HfnqZsOeNveqHAoEzQt+GuGqIrtF9Ol6L7JJPvnTNBlWQUhZpFetgJFNfWyzMAE4GQHf1NY8YHEyNYYWPMfRbwjbx7W2QHkjPiV/RJKByeX9qFkgdL6HprzpQ8iZN2xahqixamNwgEk3M8OmMkWVAdZM8LfI3QEyIcXxFHL9mZVTpzXWH98R+9G4fPRK05C4i3pnXNug81vWrFiRWxOxPVtVzlARVVyWqRdoColirS+pExPnMGXwrJnRcxl/wjVFw5UnlsMQZKUJIJKhvb5UYv3CRrEMG509uxXDjo0RIIHTT/913zeIgyg4viNZZEl0KGIyEklqM8O64TCCzrPzpJKbCz5U9aR65SH6cJ4oN667cZNQIdi2mrrNepkN4wI3O1EXJhCeYmZwdaoDE0HTIThP6VZHVP6RDDAXq0vLExTTR9UNfGBdQf5g8q+tTdveq0zv2H9iQj8hkqLzzxgeknUfBrv1rTI8Jw9djgBNMg2NOuR2PXdHP3djdkAth2s7enAzmh0/wGxv/rMDRyU40aYKqlwaff2CJIADxSPO/CihD1N4s4qYtHPc3zVbArwAJDYnZ58eQN6wA2uke+iXZjeg9R+lcPI0Et90R8zVe+xBQM6Zff283D0mwenTpRkFiYixPV1xSVhnL7hZU2gWMbe561UojUF+iv9WquERdaYY0GY3+zfzJEMAXtAWfp64f42KUZp/IZf1xzGdox39TSupe+ZMYzLzIb6iZAyV5MxqckXhxDcuwDB1Q33+yGVd+3xX0rFSpm4RZayEolqgVOQ7PAhm3FVSlFqEAo+L3dwFZ/uWeMV80JmplcJjYf2JCZH9oyi9SADEkUDnXhc51xijvyBGeJ1LGiELNCnKL7FrfheKn26sdLIYrqHR1y4qDYknjDsdMHNmCa/BsYNkxi/FrT4oOJDReVYbXKb3rB5H4OMMOxfR0D69++xJ4wpv2A5xNhQDEaf+5Gh6ajiGk1GevRVyh23auZ6X1h1Coqor/OhIomg6AXt4YeRCogdjZtw1Xr3WuF629xu8QBNtMcT7pRCwws0dC9kh6D5rRkI5gQskNPk4ONH/TPjDUvjOUYZ6TATRAleKor8/TsZPbfxgSZANupiCDkoVTd6WjADoJxTO0/lYzk5jwUg9BWPM7QnARScP4H9kfd6u7K2/ZAaXu/FavLoqjHVAnSFihnzHQweolBSTT/qVH48xfVpMVf5ns1fFcvbBc0fdkUC1KyiS7OwnVynT/4rOeRnaAWfPHYfm5qbYMyZ0BVnlf9HV8zvY339QAzIXUIxXfVfyCijsBg2VwuNymW1fFu2cBKCj/wqOtPqleC6uBcl+3/v7Ls4dlXRUUPqrc5nY1xWuPx+haMpO8eTFr4vsXKg0P4b+ljTE37OxF5EP5HGSzoj2cjP2IwgDdjsh5xSoe/X+CJNS//RvA3FCAZlSeRlZ7xRWwrQJk1nQuqyXWmFqU2fZsyS5w7xumEk2OEi0iKtWRGRSvP+j05yhTlDIiCBwGt9SmbhHohGgOFNHO/GZJAGEGq7O9CT+aV+BixFPRkrHWW6RJ+RP</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:12:43,672 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:12:43,672 - INFO [Shibboleth-Audit.SSO:?] - 20190919T021243Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_118538d9-c6b1-43f4-a92b-52956ed41666|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_78fb9d97cc702d31f7a8570c7ede04d8|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxxpNhG5oyNUOAuhn9JR53UQMb6QBEIfCbnCYu8tKPhYpEQwqX90E66R1HL+9g/aHrbFuwc4dvGoMfVow4xD7GieSpfl0tA4fEy3PHPTOO0IXk5pZ954RXUBVxo1u7ftXXfcLEGUHOf4oi1p5ZVnAy|_1cf71d88289a22486479731192729dc4|
2019-09-19 02:12:43,808 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:015f7f3090d0af05bfff19f68ef2c9c8d948b59276df467121010e7bf6de08c2
2019-09-19 02:12:43,808 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:12:43,808 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:12:43,809 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_cc36f3cefc5a09845bde23fe373c98e4"
    IssueInstant="2019-09-19T02:12:43Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:12:43,809 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:12:43,809 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:12:43,809 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:12:43,809 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:12:43,809 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:12:43,809 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:12:43,809 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:12:43,809 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:43,810 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,810 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:12:43,810 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:12:43,810 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:12:43,810 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:12:43,810 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_cc36f3cefc5a09845bde23fe373c98e4', issue instant '2019-09-19T02:12:43.000Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:43,810 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 8 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:12:43,811 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:12:43,811 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:12:43,812 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:12:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:12:43,812 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:12:43,812 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:12:43,812 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:12:43,812 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:12:43,812 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:43,812 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-09-19 02:12:43,812 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:12:43,812 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:12:43,812 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:12:43,813 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:12:43,813 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:12:43.813Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:12:43,814 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:12:43,814 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:12:43,814 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,814 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70 to 2019-09-19T03:12:43.814Z
2019-09-19 02:12:43,814 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,814 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,815 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:12:43,816 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@25e0ee0f'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@57db50fb' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@25e0ee0f'
2019-09-19 02:12:43,817 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:12:43,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:12:43,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:12:43,820 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:12:43,820 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9d8ac693acd8e01dc882438d1042276d
2019-09-19 02:12:43,820 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9d8ac693acd8e01dc882438d1042276d to Response _b17ee6d48fb5ef51570671f3a3aad472
2019-09-19 02:12:43,820 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9d8ac693acd8e01dc882438d1042276d
2019-09-19 02:12:43,820 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:12:43,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:12:43,821 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:12:43,821 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:12:43,821 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:12:43,821 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:12:43,821 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:12:43,821 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:12:43,821 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:12:43,822 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:12:43,822 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxbosyCXIXlpAR6FrLey8A4SbknAY0YfbD/pppuID46o8rbQ2EbjeePxfPnCWG5K8iImS/XWQGrRvH2EVc59nMdC+Ql/BqNw7VTt18NVd53PvlH9n7w7dNlUuM1AXDv568o89HWjNIesh1e9p9Q8id with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _cc36f3cefc5a09845bde23fe373c98e4
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9d8ac693acd8e01dc882438d1042276d
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9d8ac693acd8e01dc882438d1042276d did not already contain Conditions, one was added
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:17:43.818Z, to Assertion _9d8ac693acd8e01dc882438d1042276d
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9d8ac693acd8e01dc882438d1042276d already contained Conditions, nothing was done
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9d8ac693acd8e01dc882438d1042276d already contained Conditions, nothing was done
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:12:43,822 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9d8ac693acd8e01dc882438d1042276d
2019-09-19 02:12:43,823 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,823 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,823 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:12:43,824 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:12:43,824 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:12:43,824 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70: replaced old SPSession for service https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:12:43,824 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxxpNhG5oyNUOAuhn9JR53UQMb6QBEIfCbnCYu8tKPhYpEQwqX90E66R1HL+9g/aHrbFuwc4dvGoMfVow4xD7GieSpfl0tA4fEy3PHPTOO0IXk5pZ954RXUBVxo1u7ftXXfcLEGUHOf4oi1p5ZVnAy
2019-09-19 02:12:43,824 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxbosyCXIXlpAR6FrLey8A4SbknAY0YfbD/pppuID46o8rbQ2EbjeePxfPnCWG5K8iImS/XWQGrRvH2EVc59nMdC+Ql/BqNw7VTt18NVd53PvlH9n7w7dNlUuM1AXDv568o89HWjNIesh1e9p9Q8id
2019-09-19 02:12:43,824 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://sandbox.marchingorder.com/shibboleth was replaced
2019-09-19 02:12:43,824 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:12:43,824 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:12:43,824 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:12:43,825 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b17ee6d48fb5ef51570671f3a3aad472"
    InResponseTo="_cc36f3cefc5a09845bde23fe373c98e4"
    IssueInstant="2019-09-19T02:12:43.818Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9d8ac693acd8e01dc882438d1042276d"
        IssueInstant="2019-09-19T02:12:43.818Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxbosyCXIXlpAR6FrLey8A4SbknAY0YfbD/pppuID46o8rbQ2EbjeePxfPnCWG5K8iImS/XWQGrRvH2EVc59nMdC+Ql/BqNw7VTt18NVd53PvlH9n7w7dNlUuM1AXDv568o89HWjNIesh1e9p9Q8id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_cc36f3cefc5a09845bde23fe373c98e4"
                    NotOnOrAfter="2019-09-19T02:17:43.822Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:12:43.818Z" NotOnOrAfter="2019-09-19T02:17:43.818Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:05:37.872Z" SessionIndex="_e861bb08c17f913655afb93515530b74">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:12:43,827 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:43,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:12:43,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b17ee6d48fb5ef51570671f3a3aad472"
2019-09-19 02:12:43,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b17ee6d48fb5ef51570671f3a3aad472 and Element was [saml2p:Response: null]
2019-09-19 02:12:43,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b17ee6d48fb5ef51570671f3a3aad472"
2019-09-19 02:12:43,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b17ee6d48fb5ef51570671f3a3aad472 and Element was [saml2p:Response: null]
2019-09-19 02:12:43,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:12:43,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:12:43,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:12:43,829 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:015f7f3090d0af05bfff19f68ef2c9c8d948b59276df467121010e7bf6de08c2', encoded as 'ss&#x3a;mem&#x3a;015f7f3090d0af05bfff19f68ef2c9c8d948b59276df467121010e7bf6de08c2'
2019-09-19 02:12:43,830 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_b17ee6d48fb5ef51570671f3a3aad472"
    InResponseTo="_cc36f3cefc5a09845bde23fe373c98e4"
    IssueInstant="2019-09-19T02:12:43.818Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_b17ee6d48fb5ef51570671f3a3aad472">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>S5CfydrlcHnTBWtJitHRkB858AbbmVDjLmkIak1zv1aIqV1TUsEwTcsIv7gUgz8wlbVN0mHpfShfK/s6rFQwvg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Jzq1i+hE1vDhe0M5pDe8QsdC+4volRfncqPmYn8/tKleRFS5koGmQHsxFe8jKeelIst7kcUyAsJatwMsKXADEBYFWGDaw6J4V2oUelH4A03EAFGrldqk5+AeKcYpnEh24PResXjnhE1BIYf/pk+7hBPWMpXcYLDFYkh8g1LWT3vcEi+ImGfkA0Gf6vwnLtZJFswHaBkrXvX3jYk6H3PKloTutG4+O70L5GZ+Y+ZaHD+xyC5IeoWtELosq74mWQzGMLG2RVbzRAmegdJNuIWc9zsR2FHJWMxSUvWrRtiB6RPmrmpwHYVBnflomifTVP8RMoUOLl0ls+P46Rq3NU0Bmw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_1ca2bfef63385acfde857b9148df6848"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_3d596f11cfff35436032569e6e817a97"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>TmAaviHj9m31oENblLwanwIaOmCG8pldntD1lu8W2H3pBhDTD8X2Al6GGj1hZyPmb3Q83r1fDq0cphn35XrqaEXlLG2L18fwqLH+RAZHrSDqFqrjAcFlVTY76OlIq2eOkuydTYSK2lOdqElCY29Flpev0GKiUA4bGnszB6iLA+Yl8ATZN6UNFJGe2pe6d414kU5EkMP+yuvGo0WGIxTjqOribSUTbOYqGWkYErTfBXNUwIvtuPt4nXy7Uju+KqerODbl9lUyOQqLb4fgZiB2ZsZbW05iqgRCue0FQGYw3+F1oQ4HTej05rLfHtBaNyfDeo7bpck9RuChgv5i6yYUXUrydmzMBY5vw3OMw2AFxhwGqF1JLqnEH0P3V1EvdGCZzNJv30USaUUK48erUi2lWdphqzTn1RwpYHvBFzIYArnRHL3cpIjxlCQtu7LFyOzm+A5RYKVjpxHDNQTtYZMFX/48aqfGOdtfuFqqjrQWvLBbLoL9MgpVNIgYxgh3YZuu</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>E3iRY5JJFhyyRmDDGqoWGfDV7oqnV2f0eIamM6lC6MHqWNHwlPfbpSk6nXljrpF8K9sBSsP8cDX8EI7c8uZNbHISpBvXH8OnWvXqbxVwrkT7BHS7rmB8YYegFAKTPEltBfhJYqwFzJkY8/MxAnQtVWjxe1kmq2NxRkVg/NIWXNul04IS8KTKE3tRnPX7CfCX5CNl8Sc2jYlx+0kMStkl3d70XadaJPe4ZqWDK+Vq8fA19MHtzP1regEbCXDA2kjmi/6Iy949Iu8YUiJovRB9bHqSldW3sOGVAGivQYP2o2OY3Zk9JSrccd3Pun4vntt7bUNbW3azXY/Px3klv14i6kJrJrFy7EbhY1AsrzCpe0Twx1rHEeBleAbDAXVkNUU2M9+2A+BXVfyCqL5sm51AkEK9WNb1oSYo65pWq59j2WMX3bczbJemsrRIsGtBUk0is+RiwolZqowOlxOI4gF3cjgAgDKAUvlhmRLjl/8LQtI+GKLLLhLczie6AfVtNaQrswZ6hB4mrs36va0UxCqAPmN/IkJRXGWI21Yv4+JnXOft/ue9RcHafEDd+sKChhoyQFifneL/r1+MdjEV9Bh4shmK9UK1BSL7VjVAR6xt/EiQtl3qOEZpUPXwWOoZ9XBhHo7T8w+qgEUS88wWeedv6V8zOrsNE+dgDgl5hYqyd5wJk4oMAcxZ6+MPZDd0qSUIYOYFFkobjXq0k5hModXbS3zAdF/y2sjzJw9IFBz89AabfVdfZerPJH8soDTUn6GGBDcLRVHUTuNq/frWBldXpep4nBPotpcb/y3TnAUJH3P4AVr+wwkoTZDlW2sOYp49uRjnwYsUDVwwxwu67TbZxXZCb0zEkQzgztALRTpW0cKbt2aWrTtDKVk63a/yjgEJ35Tir2q9QfxNWXcD+pvF980hytEUBoX+g3iE470iv45ku387oQiBK+H+Q6Y8dCrW2nj4McOHKEa+nLkodXsw7gcE3f25aRgsS0ATJ4ld9BVoPoWLChicCmrkhq8xfOPXlZE3X1iGFBLmlvQjtVN2nhPiXRV8OR3VZVNmnk0TRWRM2dGWcvCJY5AtMHzlemPKOfztslQVWmqrpoMFS53dtSbWBqh45AMgV1P1CJbWFYP6HKJBau1tw6f/fi7ei4YlKhCAfsoCWXzkglPAXw0i/SIT6fgVVie48iJHWdMkvz+CvxqpknhT++hGN4n8t7lc+QGnHuVuDFNLK1BTsc/C1Nbgj7z7A9wolZNxFGa0TdwC+L14Nj5ik2QZeTa+rSNXhqINo3LufbmIQnFNTdHV1Cj5NkybDXDUun46M1zLwiIbkK+yqPBPqZAfCPqVwKUnkHuJ9Jlj9qS1ouWRUh++Pm4vnt+pTfOzDVZLpNnI2xQXfAJWsZHRqsIL2YyhKS0VlRTR/RiEI4PlaG9iKKDdkYAIV7yT9Rio9sEU8VoxQTNVcRJRfJNab8JGF1bJOllzS4pigHlsY3l6M1VpCvWoD+D8bkN+iTgdxhYw/banO8ogPBpREyGj+mHsf8gzWdADgQ5I7uW+bazUs2mGItTQFE3TXyrtccb6WHjbqvVYGxwcFSVovb3cs3T/y8vyBReLHecp+wZc2Kftb8Ge+6au2qr/E9HGOHRm8Dmp0sKRyYfn8n+g7VtmQ7MjyenFeA5mInrOWdXmQV88tsGikrpVPqjm7Rq9iikkRNfX/7mBIewlHw0UikCHx04RK+WMioasFuKNzGs4bNub8zZ/otXvCoIg9/WpoP8v880UNq37H6BD6RRRxe0rFPSLXUd0gYNrxJ0qKoI1ze8ksIZPaTzZDnrTxemoi/L8UjOrBRhKu2pLvlVAO6Dri6D/ygS/LXFbUgpxWnyG4nfwVvGQw1PBVHEr8YrFeD60NSk7fyuIq7vV51wCgNpgI58oMStsovcSyiYHVtRTGWVAYagAO/diaeF2SraX9bMSQ/ebBs6ELpxIACH3sT4CljHO/CP8hOmlScsGSi/kUV0X7vWEDedo2LFWXhf1RXBM6sIbsU7+WGsEzPD+erFNnNYFF04y3cQoPdRbE/taQ6n5Bs1sEMnDw+hchIQaUt3kXUwEJfQbbt+OAToX18S/EljwwtE+BXaEWNwXa8IbVgI5I7sCwLIWM42jtiVgwY+XoIzm7GLojwK2BoL9twY5nM8OTyGGsZDtrCLvRz7C9UIeC7m5tcaqcFBmZO5hwisOD9mXIhcDfIGLdVq00js7tnu7KnaHia0CFY0rqiAC45Qt74Fbn/49d9UMnNQxYijkh5phGdBJ6JQsfVm1mgbnzX/Vth/frGy/lIkPs7ksbWrbACyvzWM04Ea87BxeA8/wHqgjyjIkiljz3ypmxcbinXLAzvj7YahIk8jkVvBYBRcM71nFBK+7kN4eqUkqTAm33eildIsZXlYJOO1nEAuSg4Exk68ECWn530qTBgFrTNHvmQLqgnmQ4CEvdXsBMDtgKywPvxRbPd/Y3dsfbDH31/GFp8TFyy51jySJLAWZ8wssDcqjTMI/RxjGptPVjedmVGkJZ4i9Iw3J4DeMhdiVdKebkTa7hF67Fp7Vm8GHh5s/crJy0sOElWqfcwuN+rwh+RN3r+2yLQQirzSLmku9QXJbKTcWbYPCwkUquFnbSlZn2dWFBFSXrJLR01ZUe50HlCQMys2E9J/s7MVcO/PTzA5pzR0JirN/HIkdrnK7fqeo/xxn/yXXvsOtP8Mi1aSR5VF51KcE6M5Ko2Kw6yq/TUxgSW7ZZd+2sx/LbIM7k9M7xybi6BgdJSMoDYeyOxhUFbJxY+ovXoMKQcFSCEBRrVsjDKqfzZ/ZWeSR0zG5FXh/C+y++y7JDZnynwsyNnkgm3xHySx4njzCXoJEYUJ9ohgLPFbMHal2yqkDSOcc5iJaAgRBm9ZHjpT65z07dPxYL19M+DGKzsdPK6QgwSxHgly6nWpsO/LHd73crDc0w42BFmAassc2U5ZyYxKPkANlUvopKNGBc5Wr0kk9sb8bnFS++Q38Q2szWnrCnnWIjk++FpXncjc5HxHOwbFzpOFJj+gEgdhZmyT5g7vnUdNgaM2BJofjIhR9xVcnL/eWrNq0kFaWJPyP+DHAueDT24wjXYJclrMIa+LMJsgJmzQ4v4nb8xZqei7PNSvtKfltzUhH/QnHCM9hOELOo+MyIx9oXQmKKaI7Jg6Hi2zB3Mr/zyHXa5NJqtf9pSgCK6D7/qK2u/8HvrO4AuYTtE7PHy6t5x7ZsEeH6pXsWpOGxm3+IPrMihUI7HC2mY30u8gJ1gzOZfmi5SrZc+uJ6NggPFGzZw0ncNvyiryIwsO+6PNcKp8c1LHaxpRtVv4q+c6QNqqqixq/yw5emqo3rMPPHM5YlNSM3xRB6XSAosDXQwbZ3xlBp1rJAGUHKgMlghg3jI7UWYp3UF3DWthGZP3o0oFw6kGs9wCw3KkXNctpy+uVa8iZdpl3SFXET29EqA/GWoOCJsOn6Fsm8tvy+lFEvhj/IeTNXQN+eUOUb0nBAmBmR0fOuwW8ZcQerUANyeNB0qHXau14UOoEwcCaTHpT918ZZzOaQWqfieIL5a7uWq6zX914kMPmZIuXBHjlvAftwHJBT1ZZY+l4nKRkHk0BTucujy9zQhwcHa2iads2wcfz/sqH8iwqVGZDWlePNKnO06TKEmvGJmFxTprpNTy+u1D+xdmzWEKo72TkvrX7qkqSVKJIOM9k3Ov+uIz1xLd44BPMrgFQzV638+BBHcHcldDunZoAy5V2Jq0gSgbwtcvFwzhnG3i9kPvzU7/Pv8mZZ8AZXYuYE0I/y5I/hwqHXn2wLq3DusJSLa+jBdzv0e5D4PQ4zIgOcZe0QQ61C5FkhLpA0nrK6n5Z/CC4T7tzyMFHY2BqMaONyKbzNM8GQ04hIfqSaSQ65SsBh9alWuH3R2G9if/3j0YwV4gxMjxadakSsg+09IKaqHLhLpunghoHIiwVihmdMgZ65aK1ijvOhtKMV/w3HT/xQC+ey04GqaMXZDyF+2WhccRU8dtTAUdbi44midp2LVEJKjaJ6YmwDS3tek8msZoYb/PL3VrgGRerFBUveHrfODpagwJmYVmmmTcPx8YPSfOoLwHdIeqK9lYE2kXZDNvsPqqTr6Q5hto6eaISa3DzvOk7NgtvZz7bUWqSmwPft8CvIz8ZlLX1jkGwMWZ0PVtohJLlrpABuXOGgREBagBx2fXJJnNIvEB80zN0zR/Vi7rsqQbQNtiyve5zMJRsS2E6fjM+82oIoX3K6gqwrfsMfpyPSwcpbrHpwoRhs2QiK15MOiY7jb6OY+QQ6eUijKSEegaATkvxx64dr9ZVD5kL0Q03R/s8+w7gW6Vu6wWDkWEJpOYJU13l0QdS2ohe7r9GS6pZ5ScrwaulRFuEMiw3Z8N7er8yHKALtUnGJVdCspifUfuQ8BjcpPaMuAJZM0OJvFL0pO1CSsjTvRJr9VsthgqiuVDFxEE1ymwWh+IIXzYcXjL1lF4tNh2RALvOk3kYK/4aErEE6DNHZX0fLQZuhpYMH6eJDmwLWepHrBoS5xCE4286i01FLXLZtg/fUtgKohxfroVHBy5dS1sIk6jBXeFdoYohSZBsaDGpRsPnKKlO0SHm2Col6xml/4degpVbkxcDuSo5WkMhOuBNK/vYJDBFy8WVkMIThDa4Z1uB6EtmHaLCGlabsIwrlbkgdmADJYT2ibDTUqjU5vTFLT6oHMVCtwg6KlSIWVvaP8LinXTrJ3CH0c8POuPIuNr3zO1a2s9jznicGsgoFH+iLTtoPX/z+Y6Grwkuj8huEpqYEB0FMBSfec96z4S+2vR3ac2VGgh6uA4HIkI6xKqRO3ZLy/URFD658vPGTQIRJg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:12:43,830 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:12:43,830 - INFO [Shibboleth-Audit.SSO:?] - 20190919T021243Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_cc36f3cefc5a09845bde23fe373c98e4|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b17ee6d48fb5ef51570671f3a3aad472|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxbosyCXIXlpAR6FrLey8A4SbknAY0YfbD/pppuID46o8rbQ2EbjeePxfPnCWG5K8iImS/XWQGrRvH2EVc59nMdC+Ql/BqNw7VTt18NVd53PvlH9n7w7dNlUuM1AXDv568o89HWjNIesh1e9p9Q8id|_9d8ac693acd8e01dc882438d1042276d|
2019-09-19 02:13:07,147 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2019-09-19 02:13:07,147 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin
2019-09-19 02:13:07,147 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://sandbox.marchingorder.com/shibboleth, acsURL=null, relayState=https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin, time=2019-09-19T02:13:07.147Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_b742dff3-a652-4125-9f95-d8d80153a7a2"
    IssueInstant="2019-09-19T02:13:07.147Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2019-09-19 02:13:07,147 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2019-09-19 02:13:07,152 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sandbox.marchingorder.com/shibboleth' from origin source
2019-09-19 02:13:07,152 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:13:07,152 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:13:07,152 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:13:07,152 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:13:07,152 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:13:07,152 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:13:07,152 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:13:07,152 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:13:07,153 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,153 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:13:07,153 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:13:07,153 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b742dff3-a652-4125-9f95-d8d80153a7a2', issue instant '2019-09-19T02:13:07.147Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:13:07,153 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:13:07,153 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:13:07,154 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:13:07,154 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:13:07,154 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:13:07,154 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:13:07,154 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 8 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:13:07,154 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:13:07,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:13:07,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:13:07,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:13:07,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:13:07,155 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:13:07,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:13:07,158 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:13:07,158 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:13:07.158Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:13:07,158 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70 to 2019-09-19T03:13:07.159Z
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:13:07,159 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-09-19 02:13:07,160 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-09-19 02:13:07,160 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:13:07,160 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,160 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:13:07,161 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@c413287'
2019-09-19 02:13:07,162 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:13:07,162 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:13:07,162 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@57db50fb' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:13:07,162 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:13:07,163 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:13:07,163 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:13:07,163 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:13:07,163 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:13:07,163 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:13:07,163 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@c413287'
2019-09-19 02:13:07,163 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,163 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:13:07,164 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:13:07,164 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2019-09-19 02:13:07,164 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2019-09-19 02:13:07,165 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:13:07,165 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e5c27aa5725dbdba691ef5b62d4af493
2019-09-19 02:13:07,165 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e5c27aa5725dbdba691ef5b62d4af493 to Response _1941e91bd369d98e44e3f2bc71a77472
2019-09-19 02:13:07,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e5c27aa5725dbdba691ef5b62d4af493
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:13:07,166 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:13:07,167 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:13:07,167 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxAbPAVG6z5FzjrZVZq14Q0L+9CGOkdD2b+HSHAWWx21L3a8aX+ZJKvafEJcGqr4IcxlR4LpXlPyA+By5zJor36/fT4xL6hLBpD/6szZ4+bIy9pIGMFo5ISgvd4iMNGNmuOaPF3zhtYzafygwtP+tp with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e5c27aa5725dbdba691ef5b62d4af493
2019-09-19 02:13:07,167 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e5c27aa5725dbdba691ef5b62d4af493 did not already contain Conditions, one was added
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:18:07.163Z, to Assertion _e5c27aa5725dbdba691ef5b62d4af493
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e5c27aa5725dbdba691ef5b62d4af493 already contained Conditions, nothing was done
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e5c27aa5725dbdba691ef5b62d4af493 already contained Conditions, nothing was done
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:13:07,168 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e5c27aa5725dbdba691ef5b62d4af493
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70: replaced old SPSession for service https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxbosyCXIXlpAR6FrLey8A4SbknAY0YfbD/pppuID46o8rbQ2EbjeePxfPnCWG5K8iImS/XWQGrRvH2EVc59nMdC+Ql/BqNw7VTt18NVd53PvlH9n7w7dNlUuM1AXDv568o89HWjNIesh1e9p9Q8id
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxAbPAVG6z5FzjrZVZq14Q0L+9CGOkdD2b+HSHAWWx21L3a8aX+ZJKvafEJcGqr4IcxlR4LpXlPyA+By5zJor36/fT4xL6hLBpD/6szZ4+bIy9pIGMFo5ISgvd4iMNGNmuOaPF3zhtYzafygwtP+tp
2019-09-19 02:13:07,169 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://sandbox.marchingorder.com/shibboleth was replaced
2019-09-19 02:13:07,170 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:13:07,170 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:13:07,170 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:13:07,170 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1941e91bd369d98e44e3f2bc71a77472"
    IssueInstant="2019-09-19T02:13:07.163Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e5c27aa5725dbdba691ef5b62d4af493"
        IssueInstant="2019-09-19T02:13:07.163Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxAbPAVG6z5FzjrZVZq14Q0L+9CGOkdD2b+HSHAWWx21L3a8aX+ZJKvafEJcGqr4IcxlR4LpXlPyA+By5zJor36/fT4xL6hLBpD/6szZ4+bIy9pIGMFo5ISgvd4iMNGNmuOaPF3zhtYzafygwtP+tp</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    NotOnOrAfter="2019-09-19T02:18:07.167Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:13:07.163Z" NotOnOrAfter="2019-09-19T02:18:07.163Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:05:37.872Z" SessionIndex="_fc5a96c5084522fd0c42fa579f7efb86">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:13:07,172 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:13:07,172 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:13:07,172 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1941e91bd369d98e44e3f2bc71a77472"
2019-09-19 02:13:07,172 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1941e91bd369d98e44e3f2bc71a77472 and Element was [saml2p:Response: null]
2019-09-19 02:13:07,172 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1941e91bd369d98e44e3f2bc71a77472"
2019-09-19 02:13:07,172 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1941e91bd369d98e44e3f2bc71a77472 and Element was [saml2p:Response: null]
2019-09-19 02:13:07,174 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:13:07,174 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:13:07,174 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:13:07,174 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin', encoded as 'https&#x3a;&#x2f;&#x2f;testschool.sandbox.marchingorder.com&#x2f;api&#x2f;Graduates&#x2f;ShibbolethLogin'
2019-09-19 02:13:07,176 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_1941e91bd369d98e44e3f2bc71a77472"
    IssueInstant="2019-09-19T02:13:07.163Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_1941e91bd369d98e44e3f2bc71a77472">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>XERACtlqA5BqujxIzMykZp/XZidwYuklmKmwG37tf2x86GrPWJFncwbyrTSVBU6N8k+dHDf43mOoWM8yCg5T7A==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>HnxWm10rYVD3y38FKcmYk8CMLcNbYiuLYjdPAN+WhXGzngdjEz3N07aVpr3UAVmzlJRkN70AY4yo5V2IfJOV3VBDgCAqxsmnNWUMONu88g/IyPLTtRxH3FTiefqo0bau9GgkaxlRNohNpGwluNG1SIu398E0cfB+AzJaKpGcdlvC8bTKOuT6UZTcAWQLiGkm+EZKcv3Bcz5M1r0JzP6rZl9sOoDLuNRG942awXBM+cPAWHjN+iM2pOkZuQM9Mwc4UQ+dJ2KKCYnc1tHUefLJc3/mCw3b/e+dxmMfyqqqTpY9T9M/wTlqf2BUikVwSZvZhgCGDvbB3GsOAmR8i0DUBw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_48225c254ecb50a3829001fa487a6da4"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5065eabc7c1b34212ffff523aa9ec4c6"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>VsUNo+VRPNNWp8XxKvHvvhwwriL8anMUh0hi4tccWrBAqG8t14BWzTHhzqcrpU/x97b0YVWC9FyhJ2yvI59Khj1rC2e2E9WMX+PQ69WWosSECQRMWZTwQp8C0mPJbFHAOkZUz0iHycBJ1XugI5PvY7iwXB4In/BB733syn9PIeQZqZGU9LPVoaDKfqD41eSg5rm0AV17HAhMTotYQorLQ0Nqp5N6sj7YU+5yZCxmIzob7p3v7j+VVgHAL2d9fLG05UB0kj1TfOCISe5orOn1RTP980BT+4th1+sxoKz/G50Ztj6XFNY5TP5KZYLr+KL3IkC966iKrOyTpzdnq/FlgudUoGR77jmXeLMD0T8VP1vQnfmMbguszER1vfDaOSkovDWkv6xm/6UfAFwvJ+N7Ox1xmVFvIFDUkcCLBQTogiptJesDx1ZG34149oNOCcBytjqyAXDB/Zny+Zjge6SI2Xb+uHAGkzhwnknjY3T0imFWR6xOpofrlAQAxTKFnOjF</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>niMDsEHwIIY+ZwFIuL+RFfzwWWrM9Ya1u76gRSvveqYLgJ5/OG7vh1HBuDEUcIa34khIpZyXOriVxheUxWPuwfrxq2Z0JeeBQ1AhnwGnyTSiPCNUFQv28U7/CMC333YqTjXlY/vcQs5XTi6ducdFnQviE+iY6jGp/6U5zs0ugIsDAamOTPlw2UZAVCFhHL4lw9BlE6aUNbotVghwb+kH1um2+h+WKge2b8rSWzOSS6HtGNLXj8irOGNquH5PwNaBvpokEsOr+B0yW5sWqVyY30xtLdRYb//N9eKTuBo3rgtp2YedLbsApnFWd/rYBcdx7WVyMchpQrDxSz+g/Nc8jaHJAuQohxfC8YfQAxEB2rkTn5VLS3y8PWGzPMeqh/yXqa9bfn0EhyVgF3fj1L4KTTvdUF8RMhhLdbgONb0Z9DzxLTeDnP8SVRGRClmLomw0c49tEJBttjetTUIY3/TmsiPWoxIPyRcJnLB/8j2gFnP03HaFg0qwmJrlB6tEwV7Gw+GZue6AAjejtpFY96QD9vxooa31jdh0GxRT3Y3kQ87esWFWNaJK3/343z1DrY6BOB7OAfU0sCZKrSwDoB5cTqurSmljSCTXeBqO5fxca714ZvSfo7YdqfywSoz6qvdQnPymZdBPsFjGPoBzNK1GFdOoTxIOlRbgieNKkvUpSp8BzwOZ0JhpKqW+0FpTkYVClj26krGyM0BdMpjaBDnGKkWUIN7+3DXq6wWCmWNCjEueBxF4qluqLmdEi547P5Dr+guoHiVdLNZuuN/VoS+Lja8rJxBg/VL0LfzJut6SDnImXXkAGuA1FUQW0k/fZUV7MZS7fpUM2XYhEk0VYZkHHT5pO39ut90Al4U8eMxwlDrmncqzWak5PeVVH/OUhyo+x3+MtWZj4OPndfB7M9a0aqEvpIWI2G3S+EXunUSf4kuHS5swQRm4U2FQ1W+v03Uv5bJ4n2bQu/7Ma50VbYmRTfv2wjQeTVlrZpBeEKwmB91HN3Cp1rEN0k+5qUr6qsbRnFu/vxhH2EXaada4oeJlHtj8pw10MTgG/ndSiAL0vk3MSURsKSaepBlncjanRKrY50Iz2XgJtDuMb6ydN2hVq3Ifz0W+lt+4/oBNsJY2f0yxR/ivdU11NL/FfZVm5H3voZBdU+Kfy86FAySqGAWvLvPZm+jeKYCgqpSrojFcHqJwlmCdKWcKOaPd8XgJP3PNG0r1uULKeFJsqHv8LQEwnpqyFxtydv/gVlhXqNpW9PgdUjw463qoyVRtAhXWZRqQEp/9xgdaAfXBMYTefu00ZA4G3XSLSZ6I9TJrF3YLoy3J1SkMEnUK+nVzhgSppWZbIqStFf5W6lV6Ye82AzqLhtpuia04ec748PC1V5YW/CuiKSH9XEkaBSFbVKUmKLIUO1VGpPScc4SZd29ujIHz57cvfJD4JAVEj09TDrnBZO16ziiA++OdWSJAlaCYKMd+jyuYcGQV0b75WOtLmyGPJIGU9FGsOLUTlBi7eeqxfx8TTXX4caE3tcrDp+53NJQxcyTI1Jey7OZ0HxRPMQfDIfEECvt6W/+4vDOXaZFDKryxB7MEtGJs5zT0r3pmQtYXEZDBj97nqINcisB5I/LMvw5cUVUMI1rJkZ9XcLjvgzzQ2Ohq6Dxsvj28KdSVLnJVODAiZNhvWoWQljn4AsyA4JTUEP+h0fiaycQ5o1nStsKSyU5EagoUV4AjGQ4G3wbNjexGYrKAnrhqzs6tHWhdVvMfMmKUdC/nKF0KxHcb2pzA0yWHoWk1FhT1iTwiiIsGf6+4IV3Osd3WSgG3cKNmDPR30gJ6S9Q69AoSItM9jzITmxJrFlrXupQXwYLBxSO5PAklxIa6DNeG8Wa+CvMljncrsQtTCbS7qXtv2U4SGBcC7YF70TPKyUzHYUkaFTtY3xA52bO7kxLBWrEkqIE4/Vsv6dRGt0K6ET96TRusNdN0RNTvg9VhlGddX2EgNmf0Ny1+awPbtX0xKNSDBnGydxdgNxBWWv8b6ImrxwSeVmOpXRAm/GBrLRETV/L7qqTZZEPRxuEHNZTnsoHX8JXK01v9bRnDW9b9it+0HDEiO60iRldp4xf3XNcyQbyvi/4HhZSjN51hWk/d6J4zQ679VpgCsY7lMo/jTFk9Lftt269Kv7fV/qkezSSYo8ZVxu2FtdjLJhKtJDG6UvlkUMSd/K5aJ9RrcGUIDa7ELSHxwCXPEX+PA4jpOjWIaxSKlthTPypid74xXsyXkxB5/dshoQ2EBbX2FhHBhG284FWbGBtJ4v3BKDTL55fQ+GYCo4bnMrU/jRDOpn8fvd+zcD2rZg1SD/ClAAxCZbei/t/JOeMz8KueMa3bisT2X7wYxjlOlw58XLd/s++B7eBvMZc0aIj/ZCq/xXfy83gU3d8UgdVBwW/sUaJ+m0yHJgfkJGKX/wiVLba3vyOvLFnNTFJDBHWB/rHLzVGM8Hw/IvsVJ+hTjYfsburazyYwbHj/LS22xu2/Meq5eQHLq6q6WFXD+8mTudbQnK68PSnjyhsT6fKUTzTQgBuPYzCshpNp6oHxXKf0dHIfbpK0SbHm4WzVf6Lx0hpC7g1N6pMTAKHdPTLyVN2HZmRizWlUdem7iONbsA3szcWLANiuPhQ/VdCkduR3BIg9ndaFZn+OWQxxmo36m9p4u4Q5Dr/y/hqWqUch3/yrlTceZlLdGMYoIYBuz4ivtYhzyhgHXvrALPnGTPL76cRri74+v3dgqT37LPjKEUQ2yilzvEg/qWuuwQV+X7uQynDi85mvOGZxJEVocBfjv7mt584ocIhabvvent/pIH+XlgvsqxE38LQYl1ininbETLSHLJxmR5s4wzKrnIKYWDcpcd++gyOsLyj8QCkGbEME7HcLgwSTvTKS2mm19KuE03PhKJodFKt5J+fqOURMe7//z9A2TetPnM/hN5A/G/SQLe285q6koQDn+eOrW/jWxUQAS/GrJR2aVrj8NY7pHReU+pFvQdInmz9kaeuJBJp9S/9NnoBgwnS6FqDEK4HMJs9upSVVqnZguVKOaVyyWf2T5iqE4TWcGBBTvdt1T6j/oqN42HiSIqeuPDZi0aj1bgNC1CBPm99+KKLBEC4/nsPG9FNXMqx9E6obY5HhjLFMg6GLTQ8Cicjddm8ZGiJM9ruEHjQpn45xy6PWVwhZbq+BDuu9Bw2ibI+GTPQe99/AYJOoTo24cDn5CndS3ER9b2VSFgqXChYfVEJUtk0BOUDgGixSVrd0FsW05m8cuJvzqVuEZHOqXQ3aAfzs5CKeW8zc28TgeAfni2z29lUp4f8lDiMTLna3nobuXOB/IrRZEC4+9BzsolqOWeN+lMMNTTOhmXW1zkep1ei7IVxCtwCR8O1P3xHHY0buhCcnlB3Tp11rNE/6ZIrrihKcLIDKgfvBf/7YRXQam2xSnYhxYKZg7+EYOr8+zJGzBbHM9aUqzcawd7AlrTlRRixYfjLqMD1XjRLdXPsqAWf9nkEiOOireydDlGzTSTFKyBMdtNLa7yE1bxnxrWAZjTFylivsEwM1a3yAVIvU1K6Pwd77bP9ng76dCOhFxDQaUY4DTKWbl8ZzXWhcXga29HVOsupkMfXXcLL69keCFjNmpjAz5QdJ48keKK84ZROGyTa7xZfW5AZZZ7F5BQJDz5h1PX/5/zDjh5yzeT9mlVDsP5fchCFrnT591eBgqx+GAtUJUS7fuMMD1v0lJmMGbbDPObAhwJ/31oh6+WBWzrYEMxodw84eVIYiFv70THYr8Jdv2jMlAlw2pEq0MuWGxmugPzcJ5VpjZe03P+xjeoPwyLfDFMNxf3aIYsZUflrbm0Lt7wL2oINvz5eMeLq3j4XiUpXdLDPa/mC2M6vQPHQsHuNs8X8kIBS6mfJV/iV/sXPiYyHatzSXJ/wJ16jZnI+wp68/EpW1CtZnievUsudDMV/0EmCnJwZjAcHAlnhCLU645x5GAdFqPYo0Oc6f8FjJbOCBVpe3wg89AFr0K43RX0PhHscYhpKINcrs/W6voMc+FP5ERxz1OvzzXVUscjOJ51vWbNAh6/8xk4/tzZc694AiF+LIyeIfwvkpK0t+/caNEKgUGuLHqfIr0FOJ3fFzFDujWJhY21iMq2oAP1+ZjrYBxb7dWs1A38w3cv3+MC4qfiXkURZtPdqHRYC1MlYF8x8InQ4i5PSXxsr/Zhyj+tCE+C26ANXu6XSuPsm6LsOj6m3UW0VBmY1NVCksgYm6bNwxVgSq9L0GUX2YJHctPxxN54m+8gz9U0nH9I9e6cB+74pwVR34apG2Hc8djJkhLBMbcx7ZIa15pLC2h/QIC8bZ9Hq+RR1AMhKF40r4oBbs/1HdvY/vuAM7kokRcGF7HX95+YAmaq5zH5WoVoSn+AdFRWqRc5Jw/k4Fucu+I2PaWbm065spRN6dYGn2oeR+MI4L4PWeboTz3EB+t4MiM83uAoPBImFbnpHSp7PowJ0mPyuwz7mpmY6+AXqTi+Lrjet1hZd4Z5EtDunsNmmk2pkoUlA1P/sjEfBtyPvceM0hU7W5o1lDNlVmnnbOeKCnzVMZHiw/rjKpwuUcDvA7eqYeSTJ5Mqa0CRHNCk8g7aeHIjeww/UqcK3f1IrUyaj6T3qBCsYhCh/f1EtQlxcX/MSuGFDBoaeL/kC+PuZcY7ti66/wDkrId0RYerXSKDaDGLbo9NZXahXr/t4RnGMv0Oob8B9/VGHZpeZ5a30qyPCvdLchUD3O3vqylBoLu6keS/Dgg1SXc0l9G0h7qrCQEArPVX3Mz0jvIUPQ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:13:07,176 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:13:07,176 - INFO [Shibboleth-Audit.SSO:?] - 20190919T021307Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_b742dff3-a652-4125-9f95-d8d80153a7a2|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1941e91bd369d98e44e3f2bc71a77472|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxAbPAVG6z5FzjrZVZq14Q0L+9CGOkdD2b+HSHAWWx21L3a8aX+ZJKvafEJcGqr4IcxlR4LpXlPyA+By5zJor36/fT4xL6hLBpD/6szZ4+bIy9pIGMFo5ISgvd4iMNGNmuOaPF3zhtYzafygwtP+tp|_e5c27aa5725dbdba691ef5b62d4af493|
2019-09-19 02:13:07,333 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:bd2435c34d23bc5f959b8d99ac155d7e0cd4684c93c8eb95bf37e74dc3349e18
2019-09-19 02:13:07,333 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:13:07,333 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:13:07,333 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_c0ba1e8797624d96ca401761d59632db"
    IssueInstant="2019-09-19T02:13:07Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:13:07,334 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:13:07,334 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:13:07,334 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:13:07,334 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:13:07,334 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:13:07,334 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:13:07,334 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:13:07,334 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:13:07,334 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_c0ba1e8797624d96ca401761d59632db', issue instant '2019-09-19T02:13:07.000Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:13:07,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:13:07,335 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:13:07,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:13:07,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:13:07,336 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 8 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:13:07,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:13:07,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:13:07,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:13:07,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:13:07,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:13:07,336 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:13:07,336 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:13:07,336 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:13:07,336 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:13:07,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:13:07,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:13:07,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:13:07,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:13:07,337 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:13:07,337 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-09-19 02:13:07,337 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:13:07,337 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:13:07,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:13:07,337 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:13:07,338 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:13:07.338Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:13:07,338 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:13:07,338 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:13:07,338 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,338 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70 to 2019-09-19T03:13:07.338Z
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-09-19 02:13:07,339 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:13:07,340 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,340 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:13:07,341 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@765641f8'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@57db50fb' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@765641f8'
2019-09-19 02:13:07,342 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:13:07,343 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:13:07,343 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:13:07,344 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:13:07,344 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _bd8de192ee5d6044af7b2c2aee81315b
2019-09-19 02:13:07,344 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _bd8de192ee5d6044af7b2c2aee81315b to Response _4b890554cd110e446d28c2d683415aba
2019-09-19 02:13:07,345 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _bd8de192ee5d6044af7b2c2aee81315b
2019-09-19 02:13:07,345 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:13:07,345 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:13:07,345 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:13:07,345 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:13:07,345 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:13:07,345 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:13:07,346 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:13:07,346 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:13:07,346 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:13:07,347 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:13:07,347 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxiVFlwGJ8uHdggTlqzVXGUxjxL0srMejtawurvnW1jKlaWjedKtN+AdKhJUJNkHtOIQufOTwE6W1NTvKopEO+psLqrtkI9vjKgj2uY0iDCY4VtWvyCQPNjA3KMd+HrkHahtgJA1vSMt/QkF9f4PWb with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _c0ba1e8797624d96ca401761d59632db
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:13:07,347 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:13:07,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:13:07,348 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:13:07,348 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _bd8de192ee5d6044af7b2c2aee81315b
2019-09-19 02:13:07,348 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _bd8de192ee5d6044af7b2c2aee81315b did not already contain Conditions, one was added
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:18:07.343Z, to Assertion _bd8de192ee5d6044af7b2c2aee81315b
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _bd8de192ee5d6044af7b2c2aee81315b already contained Conditions, nothing was done
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _bd8de192ee5d6044af7b2c2aee81315b already contained Conditions, nothing was done
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:13:07,349 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _bd8de192ee5d6044af7b2c2aee81315b
2019-09-19 02:13:07,350 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,350 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,350 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:13:07,350 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:13:07,350 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:13:07,351 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70: replaced old SPSession for service https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:13:07,351 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxAbPAVG6z5FzjrZVZq14Q0L+9CGOkdD2b+HSHAWWx21L3a8aX+ZJKvafEJcGqr4IcxlR4LpXlPyA+By5zJor36/fT4xL6hLBpD/6szZ4+bIy9pIGMFo5ISgvd4iMNGNmuOaPF3zhtYzafygwtP+tp
2019-09-19 02:13:07,351 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxiVFlwGJ8uHdggTlqzVXGUxjxL0srMejtawurvnW1jKlaWjedKtN+AdKhJUJNkHtOIQufOTwE6W1NTvKopEO+psLqrtkI9vjKgj2uY0iDCY4VtWvyCQPNjA3KMd+HrkHahtgJA1vSMt/QkF9f4PWb
2019-09-19 02:13:07,351 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://sandbox.marchingorder.com/shibboleth was replaced
2019-09-19 02:13:07,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:13:07,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:13:07,351 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:13:07,352 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_4b890554cd110e446d28c2d683415aba"
    InResponseTo="_c0ba1e8797624d96ca401761d59632db"
    IssueInstant="2019-09-19T02:13:07.343Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_bd8de192ee5d6044af7b2c2aee81315b"
        IssueInstant="2019-09-19T02:13:07.343Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxiVFlwGJ8uHdggTlqzVXGUxjxL0srMejtawurvnW1jKlaWjedKtN+AdKhJUJNkHtOIQufOTwE6W1NTvKopEO+psLqrtkI9vjKgj2uY0iDCY4VtWvyCQPNjA3KMd+HrkHahtgJA1vSMt/QkF9f4PWb</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_c0ba1e8797624d96ca401761d59632db"
                    NotOnOrAfter="2019-09-19T02:18:07.347Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:13:07.343Z" NotOnOrAfter="2019-09-19T02:18:07.343Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:05:37.872Z" SessionIndex="_5518f05eee0722f7c209aac8ba2d2c8b">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:13:07,354 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:13:07,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:13:07,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4b890554cd110e446d28c2d683415aba"
2019-09-19 02:13:07,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4b890554cd110e446d28c2d683415aba and Element was [saml2p:Response: null]
2019-09-19 02:13:07,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4b890554cd110e446d28c2d683415aba"
2019-09-19 02:13:07,355 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4b890554cd110e446d28c2d683415aba and Element was [saml2p:Response: null]
2019-09-19 02:13:07,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:13:07,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:13:07,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:13:07,357 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:bd2435c34d23bc5f959b8d99ac155d7e0cd4684c93c8eb95bf37e74dc3349e18', encoded as 'ss&#x3a;mem&#x3a;bd2435c34d23bc5f959b8d99ac155d7e0cd4684c93c8eb95bf37e74dc3349e18'
2019-09-19 02:13:07,358 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_4b890554cd110e446d28c2d683415aba"
    InResponseTo="_c0ba1e8797624d96ca401761d59632db"
    IssueInstant="2019-09-19T02:13:07.343Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_4b890554cd110e446d28c2d683415aba">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>ikM7a3/5PcsDP4VpJ5evtdOygpJRW06JdhzR3/+xFhlHhr1GTIXkLFuIEnYDcd/P0qT/pNVzTSAo0Zg27Fr1MA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>aqNf/AVX09n89WbgyYwlCX7EPuATK1iGczg/5nnBoab2ZMhMXMoMkWEjP2JvvoI4HErnrvcUyYbr7+5006Hkmyc2CKO9lnzf24mTl2x4ruXYDq59Y7NaXUjNzDhVvAhITigKSQNEnMQkG4W4A8OltLWaeK2Wpj2lBPtY5XOHY69xchXuIaZjVzvfbgUwGgT2WGMFNfT9sgl1kEHy5WFza1dnrcOuqKDDIE6iw5QNqKPMlI6F1usUd7Lit7ejbls0B5kY8A3N2W4vfRQbkDgqBh0a3R0rAO1QsiyjTWGdEd5EZKsByqARraF/WjuFEIlsVFglvFwmkVRvyzN/oZYtbg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_d7e7b049ee493aebbd611ee1e080ec7f"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_76f68f9c94128df551d03d19e9cb3e08"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Bnp4wkBQzLk/eiktQmdhnoPqN1g2KCUJgHkVRPs0+tZa7mBiYWPqS8/N/l5RERj9qyxIPprOzQ1rveiIQBFbG4/Du1klfoF15EDM8zFNAiLgSmAN8H76DzXiHc/q9TYDGP5cu+z8GOAQhaAuMPZt9ytsovCbDGj6+RF5JSZHWWjQry+Z1zd4gZ4pCCE8Z9lJOhaegB815NCUejKSxi2tsUBeLWqeEW+38kkUoioWruZtr/I0JeghFE+tVPSmzN8mMhilmVYf3TZAOsgGa1Yp41//+Ow1dZ2XIRj0fp8uwRQlGK+LHrkOFDw76anVljiewCEpURv9QgL3QvLFq1Q/pb0mqO66Fki0LP/WHxPh1pZlQo5QkmBAA4xHjIkQ74s2DckFGzRPPSj8GprE/VLP+i953ursXt4WWz2L4SOewOM1dx1n1ZgsQCXrLrtoQC9YoVRSLJv6sLhIkcrd10Sr/mvAuMW4vlCXuIPb2Q8vtXDlmzbwymgOivsklb9Xq9CE</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>N/L4hL8Injt8es0qNya4RCekfMjvOCWAO9yJ7NLNcH3ecpLJiqeUlDYfxCN0x+5nbgldfyzwuZmRNsoeYY4jk8jKFjgzD2061nJKlQtSnG3lHhbI9FocmI/qZTohfoo74f6Xpt2/dN3QXxf8ueIh/KgL4j8gvGWZPYZ53OuiTRmtvukVQFdRYFAs7hMa0XtZzd1IkJT3D20ASn765b4ebZNqcwIEpMc1XMFgPY36YNKeJEXT2ypwqiB0vw7za2RzCuLEtn7xJ+gdnwhGIeKRvQl4Zcjkq+tVJ7fI1+2K9iUqGZeFdV0xfTWfM966O+1KgY2TMhA7pFyzr5TeBEaodKS1kk00Ha2K7fVZW0Oc4j5W+LEoVrUODhz+KYM1Vfv4NQlr2HXMZAGAaq0FOAwnorwnmc6dRxhLdbrrMEAri16/kDoUkM3zUcplHT8DYTGnj6m/PZteozxILQtZIeXD16MlA2Y8d0NBBT1ZZ+eBO487xjSkCL3XfXCdU677rjotCDDRP8mFFEY5uMjPdIXkh+rEkioqOAB+ymLq0IxmKBBq3BR8i69aLuBZtg7f24vQPLpJA+17ZJVPNiFnRgGalHv8G9HtaaK3lqeP6dEVtUYatALUgnJAr/W+AX00DttYjuiVp7jWuoG03uFRKW7NseSNg2l+EER/YnSNK5A8NfCU91kmGbOXtRynSwRdTVYLa8VUDukGShTxNcZy/a/yNbx3TvxXrLjeKnVbDsE3wCjRBIWC1pPAbcr04qYhjafxGtrOFt4hsKx+4fiw9SqyfWxOIWylHWVD8dLAJyL57WAWkIM9N21peMNNkP+Oj6ME77ZeztMTMXbcazigKqhcxFiovuFkQx+IGLhfaa6NnXNr3/fI5bLjLQu3MWRUtSL1rZOm7th3pkpFOzFotCO7b4V1CP4wx4G5prfHlnPgi08J8zGpC6LJ9qupZ2knHN4DBu41qzEVAWZIqE0M8YbRY0kkfyi8w/9OM+39tWWJwNBbCjixsPyVFHc+pP+fR92NiygjMu4QVn1jZ5gbr8exoOEYPHLmumv85WzOkCYXCP1q/P06oOqpSkpWVkYjYdcTLuBXCiWLiF44Z184PIr/In8tjBCBtbD40BPHhCkDKZ0osb9z/Oax/XYCqZnbU3QZldHLpySHdWFMP9MiZubAV8So3yRHItnyUAGyG1FFU0VVhrT/PsHwW6EJhTpbBFGhdHXRxgHFELSO+XMVzAnW8utHaVBRA/aTzikmZjgDednn/zKT8CuVnmg2VeDmChqjwcSniizQLBXXFkjpu1rRSzj6cCdV2CV/oON1pb/IuWFru3WGKHIBx+utIGl7McrzFGQBCY/e6Qkcrk1tCn51MATN2GK6G6ryZVwfwnFE4F5uCijXbKS2MnNGCwozAtWdr29kEnOlaIk/rQozoKUJpJhAGkMrHVXYLzMWy4+RkHdgkio1/7Gy1K5knTF3cNjjS2FmdOesaOP54f0gj5MtNNaJjGjcuNbmXbtTQ7DCPp+WPHBXt/aURwEYqiar5e+TwiIP8Ew69OQUIlnlgPiBn+vRpc6Bv7DsPK19ysjIxnVOlF4e/hELwkkPiLj61dCmVagiYfMPCAI/tFA11TbepdJNwbztg6XcV/msh7qQaFbMY6MqSIoQSVb/sEuLpCRXhxp7eGzGi3lZwfoBrjS0gRzSu4pLQN1IWMHQZ1xQlzmAYAqSlumQclHmZXr1ZSge5Dt76jW+D3Msc2NB/yym4p7QvkLzzmeWtvwfVN5m58KTc7FyhyWSUwEXy2zJMx4l+oCF3RGZe4uMIWcxP79ytAUIlHg1VnNMMrs4XD/4Ffu0r19LgFtEE45xtoiV5O0W8ZdT+vi9gU2bVph2EUZoaPPu0O7ePimy1f825skBLEQyuVxT9Y/lAfFVLEA8txQZUkw+bclDhbEblcZe/Nn4dMqmjJ9Tgseo4JKY71yDZp11hdlsvexfyZmtW6/7qmmAOp9zBfI6vo+4/NqvgfQHsx1OoBPJ34nVZj7XzGb6cvxfGhImcTG/SoPR6vnTEhtEzUmU/QWI7QFtJ8qI0FriV5o8q9XfAf+REUVUQMr93NnbQmh/nrAVXhDfBn5LVfvJJaoPzlJVe0FiPV2f2VN6VO4HTr7zsIgF6eeNyAI+uJATy9js/AE4X/QFV2BsbZyz/YCncLgHzatATThOgRD/f/kOkjcakud2USXUn58e6+sGyUu/yvN1JOCOGr6q7jX5wHIgMx+CPlo1U/VstCzzBq7FSlS+J15B9i1EXR484xyWdokzwfDF6QtN05K3PtgG+N5GVoA5CxIRzu1Ak+AKP7Mnx+edZx4DM14/X4YW3JaV6f9eOg+teEn+DnkHx1upoXoj412JbyTV1mtV/bX29Fm68k+jMPKl3aoJcosz1Nnb1yB3cY84pptZ6DxjOJWKbr7fc9qJOxBnlZMr760JwiIAIq3ZzTPeSAeQpmctJsNpn5Qjj11bha+G8FkrA9+A/0VImEYPvTWwgEFPt04yz/qkHz4SBGCcq1lcmvweGuT/AryApr8CPmR3PMqaPgtvbpbMORJM/75t2AQdTEZsJpqqK4l5CJ1R7P+hNw2S4lc079/YQNHIon9DTBhLpW7Xcytk3NnVXDIgsCs+YxPsObbDILbWEMPoHvyWsCFBEFFhVpN3TR9MsJraYC7WanTfGYzUWUuLcA7DBWODlrtH4SAEEPENCyB9xnaj3QiL9s6vrAzEJ23KhLnLp5mRY9EvaEIgz+w7D8bAW0t9CnQMjKlfM2ZOXsyH8R1kVwS4Aq33+ypkgoZbjeQcSFNMPTsCePqpAOqtSu2/U4Zp0wkuIcC+7LwDZUatx49ghesAoYUgvo04/cnykNOouiN5nwS2Ea/APo8CnVHjrLDa2whX6wn1OY8wR1hxnnFBTFfkdF/ohpsJaThTI8128gcGna6ES+J/qK2nSMYdvcAdl1uGu4XXt1MXD++VMx53Ue91wOE54xjV52xZlHLNtwFihna0xvpRze7KzmwWm+8qXDFzqWMitDeE7Zz0/v66KQQur83nAsHSK09t9L/6TSGTREdMIZbxf+FSAsG9ttCreaswFA49cpXiYeTRsPvpXb++KakKf6Is7x/zioPQEzXdRSOBkztN75MRuEQXcuyjO0Up1DjHS5FM/KmULSShMooLPj1NNDtyNQ6mQMmMTCxSMAECJLU3ep18xYOOwCcuyvqh5vhroTOg2rvo3eq2n+56nOSLCp/adTxqlHPrWX8VyvvXVIh08iT+rSVm2cA6S3tgP64m1Z6vQQtaa3ujR8p21vZA6GWHWvIr93J22CyZBP7dluh7b1zWnRDKgBMUHxYEtc0oNbHC3r5zGdwy5TvP3LMWdUEymG787JM2xN2+ivK9+wUE2mICnM1AkpA8SUbMWgowICIo+tpVoXaXNrnPV6Edq4mjLZ6A8ajTktRaY20ql8PYZQyuo8c5Hpjf+BsVu7FTMJPMvxFrU1dD7aZrZERE6JPTuPCpB06HDT1lzXXox6T7MpUoFTzQcx7ooBtt+ogupUSn2vwKdJtyGFA+eRDGUCNYKuaUzVXl0moei4SURA/qm6kogURhPlqP/uvMotRr+ABS0eX9pbIaYMffk8ZroofNHjiuuOQwKIqE/s9EACx4WTFqbsMfImlgKoFKy3qIwqgydIBNMzFmFeKsRyNABsEpt5veW11DyJLClAPDDmCyNz5PLSo3z5ucgcaIO57IKlL+EJTFL9CCOZW1F2I5QqBILijzNxA66M6mCiokQEa8zPMfEfvO+wcm1/dgHENtuNbuErMqNReMwI0EVeeCqOqkOMnPzzCjRkt9CGHGYo5+ShXyBv5Zmhb7uirWHx+B4AhhXq1MkQTxOmHWR9SkAOFcoxxmV5m+RRpvNIX+pYMnrhwoMC0QRu63pcgQZcTUekkJcWHyW2qbaEMY4FxaikiKReX1BcmEv9CGRzY+zuhyy5pBWt1ky66SfDK2ueWzF2wjjSsKjrVJsnkMzg8MFiPf7vH2lQzITWc2muG3vS5DMAah2RKYLuEWYLB1REDPm7aa6i8V5VaIi7feSc8M8Y55dC0L+e1HbnRIB/WVPxK1IvhvBk8LeJDk79q391LKumIZj3oKuk1I85D19ZYtxoA0WZZDJHqlBCe0OJpTIZJGruolvyX1CPJ0q3go1yGxDQexm2LBSnkJLe6o7kYv7sscJWydApsNB1h7tc034GE+3QxvREmoDEAraevxF17pCDRuo5AVDrE9w1hKy2XJsR/AhfPUust2u/mDxFn/I6kYezEj5M/nbiPbSKC2xieuQenaGijsVGJnsL4CpNVfE2+Ta8p1ZzZFgPEgrIhy9rqqBOy2nOdEl7a0JDlkBxN4sxjgH4+JFFYDqMOlxU65PVNtSYM2+s/HBWTmTExU5PcAspi0xs00Hwf8AALUCwdQ44PVUD/ZxAuQXhAn7VlkvwJDKI0LIO3ZWE+NiBMVp9iEgjo2ES0JrEkMW1+hOe7YfZnkFpzzXSkHptLH9lj+cmg1YmpFL8yZveKFby0j9UzZInVkZQw7nT4Q1BZdKAW6LSmZywbAegy5waDXk2k13REmoSoVEOIVgMxUOXsHEoP9NPHK7MFkP4lhpgXbm14LGOxkNwO4IuaixfC2MIMT/dUwoZ1TljUySd6XQQ44PQmpf6P41ws93XCwZEq60Alt62+qQ5wuX8BbvjIvToN1/ctxDsUnr91n4T5LjnpqvjiSGpsBbHHztZEyZOlWfFN0/HWmYRMj4HDBvD5lklDZJfkVp27vWLP9iS1emFK/OZJ9Lur6G5N00qtPlK01qzWar7EBu7T4b4ZedRZnTcESG32BzlFuv+5y7g==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:13:07,358 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:13:07,358 - INFO [Shibboleth-Audit.SSO:?] - 20190919T021307Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_c0ba1e8797624d96ca401761d59632db|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_4b890554cd110e446d28c2d683415aba|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxiVFlwGJ8uHdggTlqzVXGUxjxL0srMejtawurvnW1jKlaWjedKtN+AdKhJUJNkHtOIQufOTwE6W1NTvKopEO+psLqrtkI9vjKgj2uY0iDCY4VtWvyCQPNjA3KMd+HrkHahtgJA1vSMt/QkF9f4PWb|_bd8de192ee5d6044af7b2c2aee81315b|
2019-09-19 02:14:25,968 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2019-09-19 02:14:25,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin
2019-09-19 02:14:25,968 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://sandbox.marchingorder.com/shibboleth, acsURL=null, relayState=https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin, time=2019-09-19T02:14:25.968Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_dd780f79-f67f-4a90-bd43-ae68c7083e20"
    IssueInstant="2019-09-19T02:14:25.968Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2019-09-19 02:14:25,968 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2019-09-19 02:14:25,975 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sandbox.marchingorder.com/shibboleth' from origin source
2019-09-19 02:14:25,975 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:14:25,975 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:14:25,975 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:14:25,975 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:14:25,975 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:14:25,975 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:14:25,975 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:14:25,975 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:14:25,976 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:14:25,976 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:14:25,976 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:14:25,976 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_dd780f79-f67f-4a90-bd43-ae68c7083e20', issue instant '2019-09-19T02:14:25.968Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:14:25,977 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:14:25,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:14:25,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:14:25,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:14:25,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:14:25,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:14:25,977 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 8 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:14:25,977 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:14:25,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:14:25,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:14:25,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:14:25,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:14:25,978 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:14:25,978 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:14:25,982 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:14:25,983 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:14:25.983Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:14:25,983 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:14:25,984 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:14:25,984 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:14:25,984 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70 to 2019-09-19T03:14:25.984Z
2019-09-19 02:14:25,984 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:14:25,984 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:14:25,985 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:14:25,986 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:14:25,987 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:14:25,988 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:14:25,988 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:14:25,988 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@73f2ff63'
2019-09-19 02:14:25,988 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:14:25,988 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:14:25,988 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@57db50fb' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@73f2ff63'
2019-09-19 02:14:25,989 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:14:25,989 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:14:25,990 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:14:25,990 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2019-09-19 02:14:25,990 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2019-09-19 02:14:25,992 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:14:25,992 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _866f9ca30de9c576a906af48f17b258f
2019-09-19 02:14:25,992 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _866f9ca30de9c576a906af48f17b258f to Response _19d8e3363d7b84540bd6819a4123d1e8
2019-09-19 02:14:25,992 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _866f9ca30de9c576a906af48f17b258f
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:14:25,993 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:14:25,995 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:14:25,995 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxDYzhIBysbGBWMDaUesM0byxNiiO/vAh1PG1leXt65zxrc32cmwvfEQ4FuCUApKbaMHqAxx2kuBR/oOVDJBs8SZTrP6fSHAg3gCCsM93iYS7AnNmk2hbwEvzJQrFO0iQuheCERGRj+VmgYjaAgx+G with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _866f9ca30de9c576a906af48f17b258f
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _866f9ca30de9c576a906af48f17b258f did not already contain Conditions, one was added
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:19:25.989Z, to Assertion _866f9ca30de9c576a906af48f17b258f
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _866f9ca30de9c576a906af48f17b258f already contained Conditions, nothing was done
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _866f9ca30de9c576a906af48f17b258f already contained Conditions, nothing was done
2019-09-19 02:14:25,995 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:14:25,996 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:14:25,996 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _866f9ca30de9c576a906af48f17b258f
2019-09-19 02:14:25,997 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:14:25,997 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:14:25,997 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:14:25,998 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70
2019-09-19 02:14:25,998 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:14:25,998 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession c1bbd32280de89a5428c36ef6dad32eb20672d968d1c98333188d477fc63df70: replaced old SPSession for service https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:14:25,998 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxiVFlwGJ8uHdggTlqzVXGUxjxL0srMejtawurvnW1jKlaWjedKtN+AdKhJUJNkHtOIQufOTwE6W1NTvKopEO+psLqrtkI9vjKgj2uY0iDCY4VtWvyCQPNjA3KMd+HrkHahtgJA1vSMt/QkF9f4PWb
2019-09-19 02:14:25,998 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxDYzhIBysbGBWMDaUesM0byxNiiO/vAh1PG1leXt65zxrc32cmwvfEQ4FuCUApKbaMHqAxx2kuBR/oOVDJBs8SZTrP6fSHAg3gCCsM93iYS7AnNmk2hbwEvzJQrFO0iQuheCERGRj+VmgYjaAgx+G
2019-09-19 02:14:25,998 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://sandbox.marchingorder.com/shibboleth was replaced
2019-09-19 02:14:25,998 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:14:25,998 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:14:25,999 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:14:25,999 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_19d8e3363d7b84540bd6819a4123d1e8"
    IssueInstant="2019-09-19T02:14:25.989Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_866f9ca30de9c576a906af48f17b258f"
        IssueInstant="2019-09-19T02:14:25.989Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxDYzhIBysbGBWMDaUesM0byxNiiO/vAh1PG1leXt65zxrc32cmwvfEQ4FuCUApKbaMHqAxx2kuBR/oOVDJBs8SZTrP6fSHAg3gCCsM93iYS7AnNmk2hbwEvzJQrFO0iQuheCERGRj+VmgYjaAgx+G</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    NotOnOrAfter="2019-09-19T02:19:25.995Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:14:25.989Z" NotOnOrAfter="2019-09-19T02:19:25.989Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:05:37.872Z" SessionIndex="_b69c7e5fa342416e81e47135054147cd">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:14:26,002 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:14:26,002 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:14:26,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19d8e3363d7b84540bd6819a4123d1e8"
2019-09-19 02:14:26,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19d8e3363d7b84540bd6819a4123d1e8 and Element was [saml2p:Response: null]
2019-09-19 02:14:26,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19d8e3363d7b84540bd6819a4123d1e8"
2019-09-19 02:14:26,002 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19d8e3363d7b84540bd6819a4123d1e8 and Element was [saml2p:Response: null]
2019-09-19 02:14:26,006 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:14:26,006 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:14:26,006 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:14:26,006 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin', encoded as 'https&#x3a;&#x2f;&#x2f;testschool.sandbox.marchingorder.com&#x2f;api&#x2f;Graduates&#x2f;ShibbolethLogin'
2019-09-19 02:14:26,009 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_19d8e3363d7b84540bd6819a4123d1e8"
    IssueInstant="2019-09-19T02:14:25.989Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_19d8e3363d7b84540bd6819a4123d1e8">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>XPE+23nlGzXj12TskbB+TpOR6vALWh+lXtNe6di9EwD1eg+clZJmue17QKopYmZoxnMiDoAFgZMEMlfHhmDEhA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>TO5aHlGDLhKXWsvdE09Mymuo0mkTi07D2rkUmn0aL+pEtfIVY5dtD/n0lu8EaqR2uDB//PVMxK7XnCunnue3Yc7AaRXvtsHk6PRR0TT5XcQub1Iuwqxa+yt2HcCP1ATRikSz3d2mG9hlcHX/bZJ4QuhRaTHgpD0SUuy0uacSHgaRebXUUDmz95D9T61y9NExJG7memjFO7fGY2eDcg7qrxqat/XuP8XJ9f0vPVEKARgO1nL+TBr1pfp/VKW4dWfrsoZEBats3Lj6r59/4cfJVhlypQD0MguotKl5MfGj3dRtpsDpdo2dLQ0Qyx9XSXV56rgcuJvYmiehTmXWmqijZw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b25e8b8e7e862b852cb04a6840ae94f2"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5a03ecd75b197b0ca29078d5b909f880"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>DAJHSJiMIFjZo32vs/YStV8VTjpwR8659HT5XlkWNX6byQ5B7UDR4VYNdmZAyf3B2gVqm+wt0U0eiFu21SO+z2Pq3rrmaGykWWLitS85AlNnht59ihBp16h+z1D/PL6LuxufJeXJ8jLQxx6cdT75rmUIJFvRwdsXl3lMP2azgCsfuwDKQ7Ahav2kRwKVROZA/S5OwwLtNkHMqRs0Jut4z8TIZv7YT6m3hIugeKf+RrC5ntDU01aWbqUCn6jVnBF8tAn9JycpqEoALjbqjhuknTOIlpchKob9lwbYqSdyrJzDRPKxfNjp+ygKOuyL9hz/cvRCjVCp3umvvJaTOYVHE5k8B7G1zrpXNdaFXvZkHzYzGuLt+PZfBvyInG4HbZdoSIeTcfh/prISg2ZHICIPy3giP46O00bfrwXp2mY8IutxgOAwI6qIV2AThURvsXjAbDyqXi6Ofr0nY7BYqcivAN2clpuueTwU4Sw+hpxsMwA7wGQ1jIYNsOQOmLKQqZkA</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>pM2zr3I0LH1MRyzepXomTzFu026QB9ln80QO/NjQOymPB4JXgL3EOeKfybV6Xf4HMdRnx73C4wQm1E8MTVfHtsdSs/vYga/S39YXzdkJMRBQrOqHTcDAIHIrxgpMehdPifb9wljPrRMSeg4okhfvZdjPRAqlDb5ZqVNh5Epmqc6/tgCnLxVG+h2j4remqstX/79qyGRtgXfzZoANYPp4paHl5ksMtbmPFGJ9SJ1iqiXXOsxHY8mr+IvlB1Bvvrfx/u5dJ+ZxDEjVhyXFIvR+EQd71bpu/efEKuqSph8CTc7pa0uh/MUces8xdINkDFBHKkJo87Gmp1qJ5yMElY7S5ZYonbugXm6bwu1WRqrGtq6qoIoKaV0ERwT8c5W8UdN6Xlw6H/gZSPf/rF1wmVLTOU8e7pmITinBsgEG9gPpZ4sJDNJXO5o8HHV0/gnIQV4l2Ok7BXos2S3cd80NpeCspw+N/t8spLIRiebi2yFmLtAq95ibA65RDiV1RqLO87/wXdYx+1x+wMHRFPcJqU+s+o3l45lvYFi+k4FFhXbOu89w739zRjfFQo1w+riYJLMDvK95aTOlypMqevkAZGUIJvYAAmQSKkmxFCwLEh4/JOfzw/UYsZKWbELN2DnbOqtGeJdFb15GxhBT0ODyN5/7KaNrwYKcMts8mbPCYsgnArQRod+ZsrwvPLpvofivgBVCPQswfkofrTw9M+P8/UqpfXiNOodker/e8V6TLecbBOgH6XJlEnmhXHSVFw+K9dLkuJih1NePCH/UaIS8hlaLWAyplYNhUF9O7/Y9jOuk0lv5gWt5Yc8+XU5MFV4i09WK/G/5s5EP3eNae1lUaT3VrwOLvoFqU7Agtpcwps+VWWrFA9O41J+rxsCKIrfWkffdUNEMogIeNMcxso+Rt82pY3oYtXLqA3q3HimZ8SIkgGrn6dwKDd0XuW9jy0OzwyHmWUOhjM9D/EJJpdVMx74IxsPy9wgqrNDfBGIPluMeSMKT6rU330GBLYzlop/yoD0ftAMIRiXrGBqshLHc5PYhL2V0db21pKCKHHecuz0MplQjhxVkGGKOlHjFGyQUTv6rIwRidszq36LQhGfDWxV2S4HBOahmpxnUzt13SANmmgMGawQPum8Z5ZcvTGQPpMtGw/o6aF3h/MeOA6PfdEh4cYfpROsJjPLbTvtMgboatzhW3pLAQAdvu6aJYUTd6RJiG+P8ViuW2kR8Xf1uFFnQls7iRl/5h6Gm7GopBoS4xAucy4kzxMyl40q9jYtB4RZjdjZomqxSU0fyDfCX9HE7TPPEaWDA7EyHMTjURGVschKklILFnaUWYBq1BKqZwBt4Ps14i7sU4yTsqvu9oOJCW9vUZCxNR9W+cBrmq774JGt4XxOVLdVsz9nApO1ltTfxHL+O7BdFt4YZaGhA5BsdAhZ/mfn4Y18/NbLjJSlga+pOrqCkiwQCky6ncA/RNulWspsMPSyNHFIvRvqN7DpscrmPMEif1ajomphW0jfWbKr7TfwdZ/icfLU20nFjLOhmrQx90i5REWbZgd5alhgEl8C9FDI9kp/xtOhHl3vtqXzPPN/RtDPkzoBgHgts3VmmH53AgI4WG8jEOwLoZ+ppCtK2RH9oUqrsoBwcD3LojC+0urvlMlIjLvBE72bEnfneCWTrk4vzsNRZ+rU2igTlBM+Zc+pPLAgVvKhtzffh0JuaAwdgtXE4Fl41dgw3iT8kJNYffnVWExpRD5DhNFBmU+R6oNI8VgMpPyPOAlLGCgtNBl3xSIzZnBZDrSAp4y2jkx54DaZVBFkIYRIEdn+JmqEYb1DqTFs8UCa5gISEKdbdbRdRi23aEJGgAW5SHmbtwgpDUK02Ba9jNr/WIIzs/qMI/OQPQCOz5g2AoKRINS7u2KNg6x+yBeSEYgWfN3maPoJCTUtnE95IusOL8dxkGJv2ew0jB/QaBXrD1P2am2feM0CF2g7BSfUchzSBBv4LxIcCWMTfo//EHubmQhB/gQ6yAWki3LjzYNkFpq09nWNlexQ6UHRCXtev3dTmCh7LSNkxz+A5l8hsm07AXrQnQ3Q+O7p2eybm2ux66jE6/CboBfPsv/faS319LPjEhs37wcBn1xm/mLBPc2UmR/Xk0jrTb64YZRT9D1heNuMrep5QLKD0wIVD92iN5VfqYae8wnEq118kMGDfISCABt9QO3JlCCz9mcwj8SXqFYcasgfg3jmMF/PfLYXmhN+cwIcYR069f3jXBPsJf28EXMmKqwrzyur0Y9YQgFPH9Yx9WsW3ggjI8OvycJEUtOLg1bBFzwo5xtxg98Z++ptIU6dKeeP39SReXny2GCt53iE3q2txTDdVdDIsRIHngbzPViexXAWHNJxSE/k4AxfNYguVP9peIMYUE4YWDVW/Gz1TVYtt120fM1joLUGJm4F0o9g1ISZ5ZbiU1SPkvWr47ihDi6rro53CdGWK8SLzM9SR/qcWH7lY+N5EncueAGiYyz2/67qXlLG+hcNs1eeQMme4JvcQGKAkld1WRgOQG8JuF6aHWzsUmJQvvZbBWwtitmXFZwp1B5PsyaR0UkK6bCcrmvm8dEabTlBe41dkjyT4WR/+9K8xIkSYvHV14AOJy8P7cBDH6YHZ4hpV77giSQr4lcnb9ctRDqA60YOdxoWLZ131Rk6FbNfztaLUb31JLpw+sSIQH2RKFfGZ5PcloKHBdRbW6AHEWG+/40uBFEAM1vLXrbxti709NvomKzh4lGVDGZMxBQovhIyyqOsfXNCjEeuzh9zSPxBrryu3M1SZN8azkPwVslyhnNAOGDw6bAG91fSkTQSdmm+ccYgDguc2ZdGjhMbYukAUabzEoiH37Q740A+VRLSxM0UqFDwFu6Krckl0M9h8mlIcyIEtEhxSwwTIUx5TiyAU0JdJ5SHpmWX4UcOCcBiK3G08RCCTn1xtLeN7ssa7OKt0ZDT+uvkikFdXkhggAzUMTCUnah/ATpAq5OXHk3YBAQKpvtFESTj8zgj7/NddMkJ2Sp4W4ylcEhXoCZ/OZ32UsWPkL906fpEBeDQz7tCdRiQrNzEyn9KpH42LeireG9rWMESlZwYGtgHTGr89ctSJgvhwEZTIV7YOBjmHdOPZayOmQ8fOjuffRMyQ1DXi/9ekBwvgdojQSEeUxlLzI3iT7aNU6N66rUSQBOMe3ssJeN1MVO/EiVq7de1+GowAVCjPOhOB7if7BfB3eznvuPcNZp/h7zDwJDOZrRqpXIRLPrSjub/VlnswhB7+AnWuxFPufJE4kNKRBcWQfHOAyAfVFS9Zozx2qrfXcBCb+pZTYnhoYwSJ+uEF/vPPWrfHl9Hw/IoZB3alVeoG5q5NVrEdcMHnwx+kcCqLloVFz74XDhPAyNIO+Xtcek/1rCbDQg3lDH5xnnT2iTRkIPjIByOZcETKxms8ngDxoXexOfuRKto7TrMnOA6kY1xuE9MT73NA4HJC8HkPJFOjFCSKj1Mx3oR2YEXbVtd7wGIDBP0M9/Ltxtf8jd5MyKnoeVwTxzHGGThdyJir2y8ugPydOTIe8A+/E0M5J9L75rBlT8K+YgXkO940Ddyy6rkppoJT0qLxB+yF+VFDBHsjRN/LYIm8A/M2yfFHpR48zHlR4WUGvPAzDwz/32chZOHuTMNpGaNSQdBYYnOHUKqbU1lalVL1uvSueuMVlgNHt7Ej7W4JUHS9ZtRJapgL47utRfOLqhvZZBq1nNlHaNFijCSyERbbFEsxRBZDqc5qCnMNjCBUO0h+xiIkh5lhrmHgxaVuFtTH/s7dznw7lofFDYGig7AH1bYVKdIZnVsJ6q3YaGX/6km/HB5IM4jD/Wd7P6AGpjjccaIHT3dF9pjC+5AgV2l0N06PYeQN8TmA0p18nJziCtAycCWrhnhh+PB1HK+Lalei9Vxls8V8j8TkSk1yg8KnZWLYf7KcdXDxFHFbPcydIJwepH57QKf1QYIMC03aX9v1eXgQTSL2NBXZhfLYF2ajy9r9T9aLjzbHYnoaCTKiNow0OZ3RrwawyzXxXgyZXwZXSzte44W3nedEC1tfxsfWlM8BiEH2vvF+/F+jSPbXumCsP27DamkYqjOO2fndsuG0Q3kdIGIa4QhTGPutrOxkqFT9XafmlNus43MKQJwRd3Ydmff28i77EVCivFOxzbdT+pUWJSPsy8StuledLVAq/TINdgZIZtSvIf8QevVLpPZ73HPCGmbWADykzmUAHDRn3y/zyBoimak6RwcTRHaypXYUDPdhSEOFxreIyjUFOHZyKMGG14UxdNcXeMM7SLOF3aeWwKcmyEM+oTwet11ocP5LwzjKkEbY+R1FB8+vgh/svdjQmy1vyp8FBzAEvTetmlKsWgM1eQ047CjYwWbz8JHed9Ns4zt0IcE21riCCPmsRFAKSlAGuZaQEm7y5nysgpgg7q2W9foXHxECHPj+woFecnx4wbRC4lXFhCHyMvmUySTq+/wqZVU7QJhj2KeQvoiI+ZmAFDZTjUMJMAso2x0Vci7q2LHLK3RGhHwENxjZb41e1wx9jdTWwt+avZ6kUw+b6ywfGNHKYz0jgPCjbB8B1UDUOKnpgnC34N9G5OrS82T7QRfLzyyxaJkN9XyGkbAiw6eK3pDcn8vuxHvu0EK3ibkUwl3TcWkS9O7tF8/t817fqktjZg2zRd6DS4U6eOFDrqTm9ZIlLcQXrrDTc/YvKGsSoVTqAnbCGNaiq/I0N3SXADyfo5CcrzB8pxLbvX7+FbIXP5GTuIsXPjyriJxONbXpzdMpzYKyFIX3+OSM</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:14:26,009 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:14:26,009 - INFO [Shibboleth-Audit.SSO:?] - 20190919T021426Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_dd780f79-f67f-4a90-bd43-ae68c7083e20|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_19d8e3363d7b84540bd6819a4123d1e8|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxDYzhIBysbGBWMDaUesM0byxNiiO/vAh1PG1leXt65zxrc32cmwvfEQ4FuCUApKbaMHqAxx2kuBR/oOVDJBs8SZTrP6fSHAg3gCCsM93iYS7AnNmk2hbwEvzJQrFO0iQuheCERGRj+VmgYjaAgx+G|_866f9ca30de9c576a906af48f17b258f|
2019-09-19 02:18:14,112 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2019-09-19 02:18:14,112 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-09-19 02:18:14,113 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-09-19 02:18:14,113 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost.com:8080/saml/sp/SSO/alias/sso-associate"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQd974051-a379-404a-a38b-8054eb618fa0"
    IsPassive="false" IssueInstant="2019-09-19T02:18:12.174Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ca:homedepot:auth:sso:associate</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQd974051-a379-404a-a38b-8054eb618fa0">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>aQeBfjYSkiNTmDwPfOa5GeGL3Ln+8gMybCoJGPTlhaM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
PXqDgpkZD9D47LltPzmhXDW+/oyo2Bs843cu6o0UMiHDlFyuHRzV3qftxwI4bePJo5RETBf9Jpr6
/SN0E6gG7gzS11UZytV6elnUKnjct/6t8SZpE9hlAws0ugoI3uoQ/LpU84xvNf/3kAbb0ww/9XFK
6Q1H5FuITNpINAyt9IKg0A3mfvmBmxMNHwni70wFCjNo2SPh9LmBaxp6tePJn77GzYr6pyOoSxLx
QUrYidAyVPMiNseLy8smo0SsnSuZYc7EWxO1CSXYMVlVNbHaRLq2KO1EqiPcapf8/CDe32JRfBWJ
if5zkcG37cNp8M9k08o8FEvKQQJ1iqNL9UWtEg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDljCCAn4CCQDBMt006KgZVjANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCQ0ExEDAOBgNV
BAgMB09udGFyaW8xEDAOBgNVBAcMB1Rvcm9udG8xEDAOBgNVBAoMB2NvbXBhbnkxCzAJBgNVBAsM
AklUMRYwFAYDVQQDDA1sb2NhbGhvc3QuY29tMSIwIAYJKoZIhvcNAQkBFhNlbWFpbEBsb2NhbGhv
c3QuY29tMB4XDTE5MDkxNDAyNDQ1MloXDTIwMDkxMzAyNDQ1MlowgYwxCzAJBgNVBAYTAkNBMRAw
DgYDVQQIDAdPbnRhcmlvMRAwDgYDVQQHDAdUb3JvbnRvMRAwDgYDVQQKDAdjb21wYW55MQswCQYD
VQQLDAJJVDEWMBQGA1UEAwwNbG9jYWxob3N0LmNvbTEiMCAGCSqGSIb3DQEJARYTZW1haWxAbG9j
YWxob3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzDiifuVAjAnFTxesPh
IPQS86goXr+hK7+7gu+q5zvlw57oUhGTz8SZG2s5NjNCFIc/y8Q1jha7JJmrLaZQOiZp+w9rDLZ1
ILRLJG1gniMBGjAJWnDWQgc4PdIH9kcGRRUyTGzQKEdLqur1lYTac0mtXNp8CWtUL+y/9L8l77AF
wZPjiAjsu+La2STQYKZ+nGOg/a/Y+8Sck69GTgQrpNLhWDqXS9pLsDVf/W5eQ/GDkSXV7sZU3u9A
3gCdgBbbTdDHMsr/z8GY+svsUmyQ1YUPhOuchElBOPCQAF1+BZr189GRlLKxb6nmj43rLPFzZFr0
HJePgHvIxIaVAfeJEGcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAWcm5Kom9RwU+GJR+iBu74qxG
C+TZYf/YBdAHf3P6dKM0hauaTxCuTO/bgmQKc/x3dGZEhjgov93f+mcDEvi4j+AmbvMXS+L4s3Bj
dmlSKUG+ZjXnQOVmj2hCRfDlahhX9xP8JhVwchF2YeSoX7Yz0knWFEVkRgpzFOyXnf6x9HA/pE75
QYyoO1dHCPzlocgBEJnqCgzELzIz963ok2LMqOcfZr5WgpLMI/IGNKBOFbUyRJjS71tkFFP5g2F1
1Wryp8CVBhgfzFc8sOUPlXXCH76Up7BukHTYvuTheXWOJMVknI5OrZdXN+XqgmQT/ohih3jedMYp
ej/kNI/Iz3nCBA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" SPNameQualifier="sso-associate"/>
</saml2p:AuthnRequest>

2019-09-19 02:18:14,118 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'ca:homedepot:auth:sso:associate' from origin source
2019-09-19 02:18:14,118 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:18:14,118 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:18:14,118 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:18:14,118 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:18:14,118 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:18:14,118 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:18:14,118 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:18:14,118 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer ca:homedepot:auth:sso:associate
2019-09-19 02:18:14,118 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQd974051-a379-404a-a38b-8054eb618fa0', issue instant '2019-09-19T02:18:12.174Z', entityID 'ca:homedepot:auth:sso:associate'
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: ca:homedepot:auth:sso:associate, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'ca:homedepot:auth:sso:associate' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:18:14,119 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:18:14,119 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-09-19 02:18:14,119 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-09-19 02:18:14,119 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-09-19 02:18:14,119 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 23829225539562106213014301243136041322282988309009629279671692767873527207106584569321402730087158735920646049799503627116539537460404897658568743128624945094667341403795258008484236975206751892292087484478959653919708361901490135901133771388720714171418031251092948541534737194855640573850633457913502644827905892037369652523746279304726983406106249326604483780215280811125663741291992488631627682952696870519409262777963202278034175849414250621536710205906469560046682159959454526094436102676443116228928628411505004702620922939540309272548245989155051563888715123190234569707636418619677273315040341865652464193639
  public exponent: 65537
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQd974051-a379-404a-a38b-8054eb618fa0"
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQd974051-a379-404a-a38b-8054eb618fa0 and Element was [saml2p:AuthnRequest: null]
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQd974051-a379-404a-a38b-8054eb618fa0"
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQd974051-a379-404a-a38b-8054eb618fa0 and Element was [saml2p:AuthnRequest: null]
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQd974051-a379-404a-a38b-8054eb618fa0"
2019-09-19 02:18:14,120 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-09-19 02:18:14,120 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:18:14,120 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID ca:homedepot:auth:sso:associate
2019-09-19 02:18:14,120 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:18:14,120 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:18:14,120 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:18:14,120 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:18:14,120 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost.com:8080/saml/sp/SSO/alias/sso-associate using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:18:14,120 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:18:14,121 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:18:14,121 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:18:14,121 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:18:14,121 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:18:14,121 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:18:14,121 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:18:14,121 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: ca:homedepot:auth:sso:associate
2019-09-19 02:18:14,121 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:18:14,121 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-09-19 02:18:14,121 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-09-19 02:18:14,121 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:18:14,124 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:18:14,125 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:18:14.125Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:18:14,125 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID cf593dffd482f4c1fe6f4a51ce733bba4aec59b9bdbf133ce5428329e027b417
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session cf593dffd482f4c1fe6f4a51ce733bba4aec59b9bdbf133ce5428329e027b417 to 2019-09-19T03:18:14.126Z
2019-09-19 02:18:14,126 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.38.242 but session cf593dffd482f4c1fe6f4a51ce733bba4aec59b9bdbf133ce5428329e027b417 already bound to 172.31.19.108
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:18:14,126 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:18:14,228 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'ca:homedepot:auth:sso:associate'
2019-09-19 02:18:14,228 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:18:14,228 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:18:22,846 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2019-09-19 02:18:22,846 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:18:22,846 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2111907607::identifier=morty, context=org.apache.velocity.VelocityContext@71dd0ede]
2019-09-19 02:18:22,854 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2111907607::identifier=morty, context=org.apache.velocity.VelocityContext@71dd0ede]
2019-09-19 02:18:22,855 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:18:22,855 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:18:22,855 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:18:22,855 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:18:22,856 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:18:22,856 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:18:22,856 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:18:22,856 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f18247dff133007a7ad579850dd756027b7929b05244784b7109dd67651d4050 for principal morty
2019-09-19 02:18:22,856 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f18247dff133007a7ad579850dd756027b7929b05244784b7109dd67651d4050
2019-09-19 02:18:22,856 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:18:22,857 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:18:22,858 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:18:22,858 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7c77c178'
2019-09-19 02:18:22,858 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:18:22,858 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:ca:homedepot:auth:sso:associate'
2019-09-19 02:18:22,858 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@60f008a6' with context 'intercept/attribute-release' and key 'morty:ca:homedepot:auth:sso:associate'
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:ca:homedepot:auth:sso:associate' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1600354996347' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7c77c178'
2019-09-19 02:18:22,859 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:18:22,860 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:18:22,860 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:18:22,861 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:18:22,861 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7c910cf45a19af1bf6783047df18f24d
2019-09-19 02:18:22,861 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7c910cf45a19af1bf6783047df18f24d to Response _80971316fcf442bca6da9df20fae4aa3
2019-09-19 02:18:22,861 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7c910cf45a19af1bf6783047df18f24d
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:18:22,863 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-09-19 02:18:22,864 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2019-09-19 02:18:22,864 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID msmith@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQd974051-a379-404a-a38b-8054eb618fa0
2019-09-19 02:18:22,864 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost.com:8080/saml/sp/SSO/alias/sso-associate
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7c910cf45a19af1bf6783047df18f24d
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7c910cf45a19af1bf6783047df18f24d did not already contain Conditions, one was added
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:23:22.860Z, to Assertion _7c910cf45a19af1bf6783047df18f24d
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7c910cf45a19af1bf6783047df18f24d already contained Conditions, nothing was done
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7c910cf45a19af1bf6783047df18f24d already contained Conditions, nothing was done
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding ca:homedepot:auth:sso:associate as an Audience of the AudienceRestriction
2019-09-19 02:18:22,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7c910cf45a19af1bf6783047df18f24d
2019-09-19 02:18:22,866 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party ca:homedepot:auth:sso:associate to existing session f18247dff133007a7ad579850dd756027b7929b05244784b7109dd67651d4050
2019-09-19 02:18:22,866 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service ca:homedepot:auth:sso:associate in session f18247dff133007a7ad579850dd756027b7929b05244784b7109dd67651d4050
2019-09-19 02:18:22,866 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:18:22,867 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID ca:homedepot:auth:sso:associate and key msmith@samltest.id
2019-09-19 02:18:22,867 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:18:22,867 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:18:22,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7c910cf45a19af1bf6783047df18f24d"
2019-09-19 02:18:22,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7c910cf45a19af1bf6783047df18f24d and Element was [saml2:Assertion: null]
2019-09-19 02:18:22,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7c910cf45a19af1bf6783047df18f24d"
2019-09-19 02:18:22,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7c910cf45a19af1bf6783047df18f24d and Element was [saml2:Assertion: null]
2019-09-19 02:18:22,870 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_80971316fcf442bca6da9df20fae4aa3"
    InResponseTo="ARQd974051-a379-404a-a38b-8054eb618fa0"
    IssueInstant="2019-09-19T02:18:22.860Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7c910cf45a19af1bf6783047df18f24d"
        IssueInstant="2019-09-19T02:18:22.860Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_7c910cf45a19af1bf6783047df18f24d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>JKEEhtYj9Ls5Jvw/+IqLoY81/zrP2c/843t2GGNdXQg=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>lMbK+jKDm4ZXYJPpkRlHH1lXCfOLp62CdovvAfms5HrCLEsCP9q+ZDxk5fQIdDzLiE3gJztNT9lGbfqQ3Rmf5aZIOKDIhKzSrB1OUKaOjemPgrpRJB4lTnSHKaKljyoo3Of+PKaYPIqfZB5HkFJ1DBbtuDiXk7Zj2Q8qn0yVo82z0B6BLAb+CdT8IPRfCK+MnFQJmwivh8tAGiHA+Nl6HgUpwxdLoOMEhmeNaeQU/PTFLTkangrNECixylKwlCvjjpbgeWTj9ODXn1eukRgRZm0lbSuvjxQ5ralGZReb3g4tjVrSanKEgdl+6bZ6EjR/IIsavR6Jj5BIj2+jd2uQjQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="sso-associate" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">msmith@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="ARQd974051-a379-404a-a38b-8054eb618fa0"
                    NotOnOrAfter="2019-09-19T02:23:22.865Z" Recipient="http://localhost.com:8080/saml/sp/SSO/alias/sso-associate"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:18:22.860Z" NotOnOrAfter="2019-09-19T02:23:22.860Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>ca:homedepot:auth:sso:associate</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:18:22.855Z" SessionIndex="_44e4e33cbf84569e0fbfc5bdfda3b484">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:18:22,871 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost.com:8080/saml/sp/SSO/alias/sso-associate
2019-09-19 02:18:22,871 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost.com:8080/saml/sp/SSO/alias/sso-associate
2019-09-19 02:18:22,872 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_80971316fcf442bca6da9df20fae4aa3"
2019-09-19 02:18:22,872 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _80971316fcf442bca6da9df20fae4aa3 and Element was [saml2p:Response: null]
2019-09-19 02:18:22,872 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_80971316fcf442bca6da9df20fae4aa3"
2019-09-19 02:18:22,872 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _80971316fcf442bca6da9df20fae4aa3 and Element was [saml2p:Response: null]
2019-09-19 02:18:22,873 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:18:22,873 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost.com:8080/saml/sp/SSO/alias/sso-associate' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost.com&#x3a;8080&#x2f;saml&#x2f;sp&#x2f;SSO&#x2f;alias&#x2f;sso-associate'
2019-09-19 02:18:22,873 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:18:22,875 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://localhost.com:8080/saml/sp/SSO/alias/sso-associate"
    ID="_80971316fcf442bca6da9df20fae4aa3"
    InResponseTo="ARQd974051-a379-404a-a38b-8054eb618fa0"
    IssueInstant="2019-09-19T02:18:22.860Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_80971316fcf442bca6da9df20fae4aa3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>2MkZnW74Krvo2hT4LIeCAVwcntcIwYk5EDMV4iAqFAw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>O+ob9A3vEmZELbjZ3eSJGZix0BuNhyFxfjg5Q07OJNa4cUVH3ozJfKSVv7Tli984BP8F9sKmoIF2e1aBGbKDBWGAA0fvyEE15cqp0qJlyDuHRDyED/wBTbjElPhVgZMrcAdU8DSRChLXUv+yyOgzhJ1aWBsgVS34+SUmmwqhYtFRGsoEqPX/j+nBwLj+Zb77uqDb13zNtZYkTZqOtr8RRoGf6RpOzoevaYEIFZ1dxHewZskbp42GL9tW4IqxIGPlR7q/3ZeTkA+D7tWm2fTOusRK9RKU0aiMo7fBGKw8ARhu1BsHMnMQAVRYoc4ZNQlAtd9VKjcCnDlsRQxo/GBIqw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_9628405c45a43da9b411af8338034942"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_17836156549cf05a5c8c3683634bfb1e"
                    Recipient="ca:homedepot:auth:sso:associate" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDljCCAn4CCQDBMt006KgZVjANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCQ0ExEDAOBgNV
BAgMB09udGFyaW8xEDAOBgNVBAcMB1Rvcm9udG8xEDAOBgNVBAoMB2NvbXBhbnkxCzAJBgNVBAsM
AklUMRYwFAYDVQQDDA1sb2NhbGhvc3QuY29tMSIwIAYJKoZIhvcNAQkBFhNlbWFpbEBsb2NhbGhv
c3QuY29tMB4XDTE5MDkxNDAyNDQ1MloXDTIwMDkxMzAyNDQ1MlowgYwxCzAJBgNVBAYTAkNBMRAw
DgYDVQQIDAdPbnRhcmlvMRAwDgYDVQQHDAdUb3JvbnRvMRAwDgYDVQQKDAdjb21wYW55MQswCQYD
VQQLDAJJVDEWMBQGA1UEAwwNbG9jYWxob3N0LmNvbTEiMCAGCSqGSIb3DQEJARYTZW1haWxAbG9j
YWxob3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzDiifuVAjAnFTxesPh
IPQS86goXr+hK7+7gu+q5zvlw57oUhGTz8SZG2s5NjNCFIc/y8Q1jha7JJmrLaZQOiZp+w9rDLZ1
ILRLJG1gniMBGjAJWnDWQgc4PdIH9kcGRRUyTGzQKEdLqur1lYTac0mtXNp8CWtUL+y/9L8l77AF
wZPjiAjsu+La2STQYKZ+nGOg/a/Y+8Sck69GTgQrpNLhWDqXS9pLsDVf/W5eQ/GDkSXV7sZU3u9A
3gCdgBbbTdDHMsr/z8GY+svsUmyQ1YUPhOuchElBOPCQAF1+BZr189GRlLKxb6nmj43rLPFzZFr0
HJePgHvIxIaVAfeJEGcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAWcm5Kom9RwU+GJR+iBu74qxG
C+TZYf/YBdAHf3P6dKM0hauaTxCuTO/bgmQKc/x3dGZEhjgov93f+mcDEvi4j+AmbvMXS+L4s3Bj
dmlSKUG+ZjXnQOVmj2hCRfDlahhX9xP8JhVwchF2YeSoX7Yz0knWFEVkRgpzFOyXnf6x9HA/pE75
QYyoO1dHCPzlocgBEJnqCgzELzIz963ok2LMqOcfZr5WgpLMI/IGNKBOFbUyRJjS71tkFFP5g2F1
1Wryp8CVBhgfzFc8sOUPlXXCH76Up7BukHTYvuTheXWOJMVknI5OrZdXN+XqgmQT/ohih3jedMYp
ej/kNI/Iz3nCBA==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>mD7iGxK3Biub0y0jqbwDO20Su6UgA8lzliEhS3/VTacoCOO0UY9708t1MZ16aSJW3LoY7+5gueSzG3oLeQtEuoBq9URCsI8lO+IN2j+lIqF3DmKMhd+AXWXYNfYTz+yu/8sLwpONtlSbD/vfcTo0gGv6g5SeBOPVkxvuHSj8qwaTgrOtYb3GxxoWq9jYA5Ml4v4sbQg1hwAS8Rg7Fp/E/40OyTIi3SV/CqcyXofqV/t1z9LdZYijb4Lep3A5xUuPVOmM38NJaYXI+pZeDCpG+IDpRSe3oMth+AdzyDHy/L6rRV5EtchwU68gVoB+dVpzLS8I0QkFjoTViZLRu2kfUg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>z5k7/aEWuSWgMNoguu1/4NTG77WIK7zcPAicijrievcrtjpTDEpbXzalOZlNAfqY9i7UoLz0BRHOseT4uf3v2ccQ7LY4kqGHXnmM060PuniDihm2GU5CkRPphbnQBZGI4KtVnsGIto+KZzfpK3FglCCqaQOd34LRg6jGwZT6e/unfdhtBa77F8WHpV3eIy9vK8N20bYJDl03GrHr2vBxIU4DCsTDNaBwA2aEinF/yVdtkfBgqwYgV2UbZ23PG3YiHiu0JEEv6RRNZNxct5cRYTH9y7WQrdqFx+Pv0e4mcKbPREsgl2FMpkVbnSSsHUdjJiojEHvLHNZ3V7gLvaT1fUTylxrbfRPeCT9NFL05fJ5sy1Yt8lHgwQ5jE8eh4TObUb+RljJNMjd3V1JX/zZtKZrJTmbvS6xVc4NnzoTDWqrzmrDwUat13eUzE9co9zKqQwtcvZO6H5OlJmFIKNbDwABZd0qJOhVuXREeM7ix0ul57nAbd1Qtj33q+leEJTs5ETdzNfG8ZJs0vtJThDcrFJRr3iD5hbJ1UO7UkTFYe9vqclWlz+IQ6x91mplmmM9PQMhUtqAm5PK89dD2KSOYXLWmwgbssf0HE3UNSxZW49kymZLlhy8qLtEx6K7Ed4j/a7ThhNMjdrHNJEK3Zh0ntY1C301U9AnX8+KZIWQOOfU96BPuGTOfgwdZOaHl1ZpuJpw/DgLK2vY5HGgAypG4vplsHNXSDtfsyRFGI8R01ek8yyH6UVvtQ9QfGVlokQVzDEX2MguAu/CNIF0+YBSJp0PIQ1QI+r1aSSWZyog1M4iKahkr2oXOrGF0jsV9d78av0nwX3HWNlXvR999LkZZ16Vos9iUZYHLmD4A7ZX5je63XHvnlrQF2nr+DED3JHaOd0aypEakrjyCXMQ25YIAioSESGEp8E5WdUfE9hSacYPfsHr/USqTfx7VA3jWt2n7Ucfdcf0TlQLL5oZeISQMNV43odmWMdYR7z6/ebsHlYB6AuNbNj2mNdbdFFeW+Y435wDy0KNBhx0fSZdRjf+3A5T0d8nz/7f37YBA+gs7711cPVonrn6a16WzGuWxtUbr6aNkij8dMi+AXwqk7m9y/2VJ5F1dFCzAuOZSKVVN51/CJx79Ty8VZRouToRyjCPfVMFFLI3sl7yt2dHUJV8fbYi7eCCV2LbfbCeCzss4Dy3QMwE390mqkBWT5b3VrUuH8n3jm2Dz29GvmxyutXGgPBRb5kguqnfbSo1Wx1hXWanGZilD1WpspyqJPnoKGbLMiuATkMHvfaDXgV+2jvxi/ADoMXwsfayOshvnD3LjqxOpHjUmDUXIOreaRvENrJum+2AG8P/rz1yAWG1nHo+jQqcy13UtikOm77OxMKiZKSWxrLNHLXUs5gnS3EPpWTtX4rvwOuMcBSw1lZYgdFrRNYAEHuX0Z75CKQbmld73lXVwmEStCH6clx64WYXVdBoHyWp/OOsveLezoZ0ss544yGn8IfJpyHm9/AjZZGVLSmDmuV/lr2HAiK1irhnE+T2L8rjHBPAQXDnaUiqgxZzleAdIvH7JWjY0FhAVp4c99b/orJ6VWr/743/fl2vPhXU6cfqCwukBpG8shSyLMXYmljDigiskqHy7qAfc6MTtRQo/IA2S9VQloxY4ZW+s2KvSmeKlZ7wIoq+niXTzlIQJs3FwupVdZZ4egjxEtLJ5X8Utr+Ufi1mEHN1XT9uLBcC+j307ADo7vNyNgrZaxMAEEbE5Zwzw2w6FPv5LTOp1X38xcqMAIZZ7Lg1fhr7KS6g0rh0pSRovTtWmEYrYBnDzJgXSDfqEhQH/PnfxRfD/tXKipmbEUMtJky2WI9KYGwashqDJbRz2FDR78Snd4NkqjbZ7IzsQLr8IVdYQia67kl2fPuntYgNoeeyQ64TiBw6VoE1Do0VKFoQnYSHZG7NrVgek+TUwW168e2PdVw37Eh99cwR24vw2xrQvxB/tOJzANyJ+oZOo2FPjxhZECQ2vaGa9sQKFrl8QIbTjzej9Pzqp/riCyv+CdakOuDxnTjzUAWyl2Z3xNcyD3mcSDyPBd3C5XxU6z2dA71XEKMRWcm7+y5/h5/6sBgJv6zQ/0idGD/bL/0VVZaToM7YcjtAFzuzw9RAgut19KmsTgz+A505P+tKPYsVAMokWiYPovq9iTuHfzzE7uOgLuEYE1IjWX9ne02c7rbkZyMYgyYmA3JNzSi7XzzUSh03g33NixqwFKx0HBmy23xcK3IVzt6VEduN6o40SySEbMYWcEfTzeZbADMGctfIcCWVLYVXCNZEMTvmJrrc2Mjb7ENyGCOSBl3FSHIG7cHd0NtvnLwiw06rZW53eOEA75xunIrGC6r7SHMEXLe0v0HbGQIcYZeJyNJc9TikuRUPQnpC5PiSUCnlJ3CirijoIOWDYscBxLMExHZ4ZUYHkjtzPzvoDvlcc4T70bGK5ROHdCn+LxBqIM6K/20LqTb26Slv6z9OIysh+Iazr6aq0GcuBfqrDIQUN6ZMdtHRL3S+TfG/OFVrjqxqTEVT5wwU846XeaCtOHkNg+mK0fY40oVHgsRosVu1w+ffRw5bGOcuJUYPow0wp1HSJQwQ80CF8xbuUfXGqCibHHm4qxebXlFUFc2tfmZXsU8S3S8u3LCIo7XN1uMmQtEwbT+I939k7YhCWjlYXN3tncJ7ccehJL13J2jeeQv0arekUIkn3oaWmcLsV8AVVobM2p4K1kirGCclo1eTno88RZyLmHB7Vzg+cS1+moMXKCddgPWSYo/Vr8E1FUQDf7ONLCyQFO+GXvq+x+TvmTDRXgo0rDmeOhVB5s5kuR7jotrffe44nCBuRDoKtc7IS64auj5zSfoPKKm3nRs1Zyq0Dx/uueT44jVmIPUP6zwwXHbLAxweAzN47v9286wfvByQ5HQ6Gqm8pwbNZwFsNyDcE+NFdrc3mmLmhQDys+LbDhs5wpgH9wlSgyPu1pli4tzbCGHyb3+SF8awntGNjVI+tZRctTFs3wNctAPybEcH5ceHpVgeoYwTduOF34IgzYU6La5BDDPvUuSQGvzUvQptbEI6pHfrUY1mCbaHblisW7vnvzOQEF0anuNPJAnb3tMIbeHEs6Xkuw3TANV/mSZ071s+3L8ulgKCPw7iJ+UIXIyiMoCdemart83HjP3pzWGEh1BfS7r3YMT2jOveD7si/gDp11M9IjkxOxyPDruONO89qcDQRC5TkkUPUoHu+99OBsdV9NuSTiq4etcou4p7AeKNlYAy80SEkcEX1T9W7IRyu7IKsFZa7wabspIKv6RRXcwJls3yRj5iEnnRinRSnhGZm7vtiMYdcYFuIkhvH8wHxY1jBKGgamOz0ErKg1p/+q/RgutuT7+N2i8Li8r5KxX4OD8zWxv5XHyKr6j88BQEss4BsLhnQNmcPkgI7kG1IseSVIi7oLmdF9xdobs+RBkOKnWTqcFETViTfghhS4wMjumDJqRFJuohoFwjqcRmYBdyGrIjFGCAmJNJKrep6G4Vz3UGSCR0cWV3UyRt1v6e21pv2c1ECEvxwfhx0qmcM1EdOT3fav7XvZouN3sq0zAh+na0Iz12LrKCAZ9U+1d0LsMfDknwQ3IZYsVlOGFB1pYD/U8rTsdxWEftVkPZ/Hl7tgdBJ4XlW/Sc/zDXzAoesvk8M0Ct8yVIjUCEr8faRRm0+Z0y4d2cJmom13PAlhFCnaSevWQ4SEesYI3XiSJIkaj1awY/o0e4D1yQXHjpmZg6X9dLS5s93S0uSHiQ2YybnTUkPfzNre6fd+v0/M3euPDTPiT6dcb9oHY/A/TOtC6ORbo+m9aLwNmTPnOwQpzdvAvR1LaNJEdVH2pX1M+4sJQkukJcaaFdywV304UMmcpV5nCF0LtnRZfdXuNuz/ZPh7c3oK7ljc7Wxovr1Xce2i6vCpLF8SXbVh2f3kWfhYeUYzaF/YypgTFS+qowIizmAV+2oMPD5H/Cor7ZVcrZuVAwmcDVhXdp6xbNX/wXyNAYV5vWwhN4qOUBOvFGkdrtFIiYvcBvSsBRr+kWHzqLd/02MnL+GuztION/HXq3sEhD0gdnnFB1it0Ca8Sv66i4dCVZec1Gfb6G7jYAh2jM01HQ0Zjn59l8LVhpVPE1SR7qQIRfmGXaV/XkcTCvMsU7L8TIcbtqaW6FoIYCKOCqumrRvt3tcER2B1K7L74RSOZMWs2EH67gMcfoTsBAv7i3t9M8SPdv9pRDMFHYx9/ZCvcOYp9W5jheaX7m6Xp7A0CM5zb6xg9pN+oGz9uld/h52Fs80tlPYj4CBWniIXW/boCuPqTJSksCAyE8Q+DUnJH2SvyhPeJDnNAoLQ7e/4idj4PRpL1saf8Kf3sJhdsErIDZIuEsf7qtWoNBl1oorO/Y6ydZu3N3mtD7qSDpLnFoBJt20ZvSUp5ocViohByFaHpI3/AXEcTOjQkFCrNv8oEmvZkGx5ouhKZImYvuValvOvhi0mdBGXVasPXmZfLU67j7CrZEQba3Tg06e3Mu/W3gLegeY7J2Cw4elc3EVZDs3xLZDPHP/8KMLe0q1OXs0H4+SfUQksiwAKcCc03YA7s3BD48WsbVyYLEp73xHv3gLqKcKt5qDrG7aKIGlkqEj8qzWFpRgh50+l/BZgvHW9B52P8eJDwxaNXcV55eqN+gqsrE5EK8/ypqx4wVkk67hjlfhuENJuCK3ncTYuKd79V0Y1lBKDGsTZQZvZ5B5jiujobz1yXiPm2TYv1pbVa1Fa7+sGt7sc+P4CI8GLaI1nDdeZqKhpGSzFu2Tjgosf/Upu0CHucn78paxOQrJDsuYQFAPz2kNFFUSgU+o9tS1WkltoNvU7pPdsfr4p43oH8SJCgLBSC3k7EluY9NxKpVrEWZzNrmVlVfIqWCdWl3GxHx7RTXbMVjQfSVCL4qDgQDQcmgbf1eIVib7d/36BBDWB93ABlechxVHXM+gcfFYrgI8y/ERmtiJMEA8ACrfZVwhWD+TeOFM5AKpoGX0pQB3Fq3nuetZAx0cf6gM3yvPsjmWM2Fiogj40q0mHEfsriRKK/Cf7mOomoOdV+ToyWg3RJjwZ24i0JZkab2UDv2ArXSBrrJcnhoyig0wRK+/AR85SR4/qLeTyQfnOSHU3iaIOo4k6/IKXdIoL7ZjCul2RwK0BmbudBQE7doCeMICqDYulqAFajYfixWUQksRFbD9EBXCvNKi5TeQqBHdHF9yk1Vn9uobNClodRJj0hKt9ePswajnGB1+PcBiZ9k9U9+hTYg0x2pKA5i215mhtCLDaspnfX2Qtjj7J0NaW9UePXdrmenZioSAsqOlOogi5oV33aZNkOyhX4LDF1LuZPD3Psdd0+IVcQpMCleHFtXjip80NmE6sIwhMlmlLMUVf586svTOP7v5Gebw1sv2TV8SsSevwoyFeL2pCQj0wMNS0Niux8jd89eIlTPKXMTCe1S8LmNMF35MVKYie525vHLjp+uE+81RbWETpLRtzkRowcwUXhGQIKY0POi456K1xUKyWwz+vj6EJyPZuQkW4HGnDQg3FmwqlzWYQbGxolOxkJojam7meGCo/Ze5NBc1lyIv9cyzOXofHnMztoVJr6Vytf9i42TosMZoo3ZVEZIs1O769GlDXrvFBaAievwUIkAv0NkjUA5mLkJTSru0jEl07N2YxmvwAgp5/wqyydIrt1ZezCbBtVLRd0JEuxGi3ya0vX/5lJ3cxbdw53p+oDNNxgdPu3H5fkddggta4VqixNlOM1Kc3MfldJkqXV1GaCp6SCUtT15baen1RM8nGG0AZ89S6b31w5Fmw+U/uODTN5QQzNgWJcg1fQCeuqYkH7/SYOx8tFq3HU1Z8B3pJaT46/LF3/FALer+N+bRhj0hhMbU7LYsOXFSI3kEwL8hDmcdcM0QkeuMIFWz4T0tJc0eK66gNWoJG6NF1dM4rgF2Xp5cNY5HxpUiogCt3QZzye2TNusztArztnGY1AutA0Y5bPzi4LwTQlwPk+PUrwBm+DjAkW5lXQXaYdcOsEQb4krYcwbA8cDd0+8tdCjviPid0D/utKTlqpl4xk/85i1vl4Om5JUDdDMV8rBAPQjTtNq3Kinnlar1n+e7ifej0hoxMP5IsKnzf7dRebmUcQtrBLGcI7Z3b2qTmerHFaKzT4xmLBQllVHsusTV9sVz1rW6F/Vm7KimunqJ8+jodgucD7dls/ulTxGZVI7uMKXZ4rc1LG66VW1KRkqLhI/BLf1y92XdeUa+xwYBKhlnjqeQfZjSAPMnel2QSJkcQG4g93fSoJkDFiXVzX5kL9HPMTkbnj/f7+rljH2WNeSDvGNARJtKJUQ2l5aVDNVxMTwn3T83O3XqP3/XxeIFqWlUUTyL2YPuPlRcRArdaXZPGqSUQp+aBj28kKuSbFtGyNzi+7pcXJoB48HkmEHcThpYcvLqEAyOztTrRYE5SBInIwjdG9dzQr6Lx4FhpxS7pr5fd7mIuPPPrvEe7ByLMf1jfAVX7P+uIvfFISGvhhdSpO00DVKwxYQfOf2ihVtYwHYzVFevMBlVUxzeQlzGXmrctSqVCHpmMdC4X6pgJF2tMkShs7MYKJUxg5ddW4m58XIVBaYMYev0F0DBFkHtmomFHXasjISyQsqGQL5Oxy6Zs2Sbb1znrSKsf4mrR2jlmIdKjpC8gdVal4nHt4D+W8Cxk74pbTKG/v90MKTJrybAlb76k/zbI7m1+DHghep/Z6xIbqZBO3pY2sJhOP1omts/KSKIUtrvPashX2Bht2Qo4WONNVmCvjc4JwI4dBkVMkuSxGwCE1XcUrVGSDzYPY4RA91GNZ69tUG5p5FWYzRFxqcciglnOdXc814aoEmjIGVAtfEFM+tXNDKs//zjp+wM5IKtp0n2Eny1Xu/bSY94E8qw7rJrqQ02vvAqsEIAdwXP2jdpbj981eeT8/83yVT3j9qhGJoJ19O7A8tMlUeGTBKUdUVIlRMya/dpWfm1MPOQeDQu7y7WS9O98jLCpszPU2EWN7HYb3Oav4Jg4NBuZJJQW5Hy1AGJtaDZt+tuZwYlBdl+YZ58d/NcAXl1zkdL/arxELkpEYSrsi9EGocEdxHYPAYVj9J5VlPqWg378ummsfmfioOOlHCxF3Mj11k3pxrj1CGs4M2OB4WxsWcM4hUljMGF4ylJ/6IBcn7URD0/YFmAce2IzMs4A+8FGsTIKD9tJrtW8L798FRo61ZVwQhB9lioPFVIqKUYHV6SzQKTvCVO2LQIR903D3LQlFZ/nVtwSRvg3fR/aA+azCJdT4YPMooNH2woKH+lRbjFxZYApaexQ+4OyQJJfuUuHEgxfWh9agOBhnRGv21Fpfu0V3QQMjwNTtHcEho0alhOM5mU/O4wFuP2KsfVuFEbxbrVfWk3xrbb5Pohf1k/okiMPUhz+CixiSlHf3lIqlMYIUBHH5DfBSrC50b+dzLX1jljVn04TM0Y9fdCyKgZR5i9TOXnhTVLS08eSDASG2Vumjb907QPZMXhm+ymMC0ekgaM0K/PhFDy0MRDDA8RYtdcmulyqGF/tvVxSh7zuJClpFFjc+aMU/SRXrgEOzPdJfgGMwewt0HvL/jmHxaMgATY/OISICfv8gbnj3GxqAFZlfbvxMvbKGpAS03l6CfRR8ZADGqdNcMzfDk2CppEl7kH3D3CwFKlxSmFfwJbCRnRvhuFqvMgf9KbtvGVXG/3IMzOa11EwNBBSNZgRMBmbLGbUUKNJtSERRgoaaOPC+iCe+A0bg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:18:22,875 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:18:22,875 - INFO [Shibboleth-Audit.SSO:?] - 20190919T021822Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQd974051-a379-404a-a38b-8054eb618fa0|ca:homedepot:auth:sso:associate|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_80971316fcf442bca6da9df20fae4aa3|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|msmith@samltest.id|_7c910cf45a19af1bf6783047df18f24d|
2019-09-19 02:21:46,905 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:3f11e561b4720385045dad907ddab85267e0605028911cfaa3a91e32cada5382
2019-09-19 02:21:46,905 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:21:46,906 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:21:46,906 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_44682d5ceddec36e6cb1804f2cb1d2de"
    IssueInstant="2019-09-19T02:21:46Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://hftpdev.i-sites.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:21:46,911 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://hftpdev.i-sites.com/shibboleth' from origin source
2019-09-19 02:21:46,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:21:46,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:21:46,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:21:46,911 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:21:46,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:21:46,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:21:46,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:21:46,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:21:46,911 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_44682d5ceddec36e6cb1804f2cb1d2de', issue instant '2019-09-19T02:21:46.000Z', entityID 'https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://hftpdev.i-sites.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:21:46,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:21:46,912 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:21:46,913 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:21:46,913 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:21:46,913 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:21:46,913 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:21:46,913 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:21:46,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:21:46,913 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:21:46,913 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:21:46,914 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:21:46,914 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:21:46,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:21:46,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:21:46,917 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:21:46.917Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:21:46,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 208987bc6a45d7fc3543e69770cd8b76f9b0817430291606e6b058cc02ee5c39
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 208987bc6a45d7fc3543e69770cd8b76f9b0817430291606e6b058cc02ee5c39
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:21:46,919 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:21:46,946 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:9541c020b83cd5e69e7eb075f2f28e683e33397df504a1742ea9ff6bd0ba5f39
2019-09-19 02:21:46,946 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:21:46,946 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:21:46,947 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_e5283c27aac1dbde8f18e21a75054c86"
    IssueInstant="2019-09-19T02:21:46Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://hftpdev.i-sites.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:21:46,947 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:21:46,947 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:21:46,947 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:21:46,947 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:21:46,947 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:21:46,947 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:21:46,947 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:21:46,947 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:21:46,948 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:46,948 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:21:46,948 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:21:46,948 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:21:46,948 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:21:46,949 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_e5283c27aac1dbde8f18e21a75054c86', issue instant '2019-09-19T02:21:46.000Z', entityID 'https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:21:46,949 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://hftpdev.i-sites.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:21:46,949 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:21:46,949 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:21:46,949 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:21:46,949 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:21:46,949 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:21:46,949 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:46,949 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:21:46,950 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:21:46,950 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:21:46,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:21:46,952 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:21:46.952Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:21:46,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:21:46,952 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:21:46,952 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 208987bc6a45d7fc3543e69770cd8b76f9b0817430291606e6b058cc02ee5c39
2019-09-19 02:21:46,952 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 208987bc6a45d7fc3543e69770cd8b76f9b0817430291606e6b058cc02ee5c39
2019-09-19 02:21:46,952 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:21:46,953 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:21:46,953 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:21:46,953 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:46,953 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:21:46,953 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:21:46,953 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:21:46,953 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:21:46,981 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hftpdev.i-sites.com'
2019-09-19 02:21:46,981 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:21:46,981 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:21:47,027 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hftpdev.i-sites.com'
2019-09-19 02:21:47,027 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:21:47,027 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:21:56,419 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-09-19 02:21:56,419 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-09-19 02:21:56,419 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1046616314::identifier=rick, context=org.apache.velocity.VelocityContext@71432a7]
2019-09-19 02:21:56,430 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1046616314::identifier=rick, context=org.apache.velocity.VelocityContext@71432a7]
2019-09-19 02:21:56,433 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-09-19 02:21:56,433 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:21:56,433 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:21:56,433 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-09-19 02:21:56,433 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-09-19 02:21:56,433 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:21:56,433 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-09-19 02:21:56,434 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905 for principal rick
2019-09-19 02:21:56,434 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905
2019-09-19 02:21:56,434 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:56,438 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5aa18683'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644ac862' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:21:56,439 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick' value '[{"id":"*"}]' expiration '1600389846913' as '{*=Consent{id=*, value=null, isApproved=true}}'
2019-09-19 02:21:56,440 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:21:56,440 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:21:56,441 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:21:56,442 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:21:56,442 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7f48aff7a144034c99790a977f1a1e6b
2019-09-19 02:21:56,442 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7f48aff7a144034c99790a977f1a1e6b to Response _47532985df57aff582c71bc687ed456a
2019-09-19 02:21:56,442 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7f48aff7a144034c99790a977f1a1e6b
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:21:56,443 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:21:56,446 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:21:56,446 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxtQ3EmdrestQinGURTplz1ND9I6GO5I+aHMMyJaUAZRxk0QJKnRbVqCUY3fzgeOceZ6TRVVO8xBDnR38YWemp+GnAWw1n3guuwOHVAa6RzQWq3ScnvNxYQuCeEKl6nhIGtt6AzJKh0VSP with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.7.69
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _e5283c27aac1dbde8f18e21a75054c86
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7f48aff7a144034c99790a977f1a1e6b
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7f48aff7a144034c99790a977f1a1e6b did not already contain Conditions, one was added
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:26:56.440Z, to Assertion _7f48aff7a144034c99790a977f1a1e6b
2019-09-19 02:21:56,446 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7f48aff7a144034c99790a977f1a1e6b already contained Conditions, nothing was done
2019-09-19 02:21:56,447 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:21:56,447 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7f48aff7a144034c99790a977f1a1e6b already contained Conditions, nothing was done
2019-09-19 02:21:56,447 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:21:56,447 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://hftpdev.i-sites.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:21:56,447 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7f48aff7a144034c99790a977f1a1e6b
2019-09-19 02:21:56,449 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://hftpdev.i-sites.com/shibboleth to existing session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905
2019-09-19 02:21:56,449 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://hftpdev.i-sites.com/shibboleth in session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905
2019-09-19 02:21:56,449 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:21:56,449 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://hftpdev.i-sites.com/shibboleth and key AAdzZWNyZXQxtQ3EmdrestQinGURTplz1ND9I6GO5I+aHMMyJaUAZRxk0QJKnRbVqCUY3fzgeOceZ6TRVVO8xBDnR38YWemp+GnAWw1n3guuwOHVAa6RzQWq3ScnvNxYQuCeEKl6nhIGtt6AzJKh0VSP
2019-09-19 02:21:56,449 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:21:56,449 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:21:56,449 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:21:56,450 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_47532985df57aff582c71bc687ed456a"
    InResponseTo="_e5283c27aac1dbde8f18e21a75054c86"
    IssueInstant="2019-09-19T02:21:56.440Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7f48aff7a144034c99790a977f1a1e6b"
        IssueInstant="2019-09-19T02:21:56.440Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://hftpdev.i-sites.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxtQ3EmdrestQinGURTplz1ND9I6GO5I+aHMMyJaUAZRxk0QJKnRbVqCUY3fzgeOceZ6TRVVO8xBDnR38YWemp+GnAWw1n3guuwOHVAa6RzQWq3ScnvNxYQuCeEKl6nhIGtt6AzJKh0VSP</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.7.69"
                    InResponseTo="_e5283c27aac1dbde8f18e21a75054c86"
                    NotOnOrAfter="2019-09-19T02:26:56.446Z" Recipient="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:21:56.440Z" NotOnOrAfter="2019-09-19T02:26:56.440Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://hftpdev.i-sites.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:21:56.433Z" SessionIndex="_cd5d52071d1288b18497e66c76bec923">
            <saml2:SubjectLocality Address="172.31.7.69"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:21:56,452 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:21:56,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:21:56,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_47532985df57aff582c71bc687ed456a"
2019-09-19 02:21:56,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _47532985df57aff582c71bc687ed456a and Element was [saml2p:Response: null]
2019-09-19 02:21:56,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_47532985df57aff582c71bc687ed456a"
2019-09-19 02:21:56,453 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _47532985df57aff582c71bc687ed456a and Element was [saml2p:Response: null]
2019-09-19 02:21:56,457 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:21:56,457 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;hftpdev.i-sites.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:21:56,457 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:21:56,458 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:9541c020b83cd5e69e7eb075f2f28e683e33397df504a1742ea9ff6bd0ba5f39', encoded as 'ss&#x3a;mem&#x3a;9541c020b83cd5e69e7eb075f2f28e683e33397df504a1742ea9ff6bd0ba5f39'
2019-09-19 02:21:56,460 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"
    ID="_47532985df57aff582c71bc687ed456a"
    InResponseTo="_e5283c27aac1dbde8f18e21a75054c86"
    IssueInstant="2019-09-19T02:21:56.440Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_47532985df57aff582c71bc687ed456a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>mA2aAOubNHxu9nUIsU4GGLL7TLaNPcMSi8sefW7gf69ekpXETkVCzo66KtOA22FFzcjQWjP7gWlMmul1Pum/Aw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>PNNwrcU3tU75fjR4/9q3zuGPZGzwBT8P0m/gt5YU4MYEq+14aGOyXeLJKPjQi8KPv/FNvegbeitgIRoD4PrNIhNTX54IAr6P+G7Ug0OjA8Tw6n5S5C8HljP5tIPt+I0mHxYjM1d0RpGIC/VhvygOybiNy8EyEame59TnMub9u4xoRMM2FuJ/xzpWfdAn9KQUycwh+BsRvYqi2YrOG/B4IayPisXtuzai6iW6eNsKxnWduwIc7W/glK7J1WbvrexEZJzkM8ER97iLzReE66U2PDlO6jxILKHcbSeRJjTC5f8RA60CuhA44NjmIKLVGqxiqGW8nd2x3yLFD7xZkPXHGw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_cd531f201d392b6e406ac742b2e20b7a"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5a679c610bfd1bfc8fc65df7604fad65"
                    Recipient="https://hftpdev.i-sites.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEFzCCAn+gAwIBAgIUONhwAfMtaDakwKXsZzLTK0SDL24wDQYJKoZIhvcNAQELBQAwIjEgMB4G
A1UEAxMXd2ViMDUuaW50ZXJhY3RpdmUubG9jYWwwHhcNMTkwOTEzMTc1MzAzWhcNMjkwOTEwMTc1
MzAzWjAiMSAwHgYDVQQDExd3ZWIwNS5pbnRlcmFjdGl2ZS5sb2NhbDCCAaIwDQYJKoZIhvcNAQEB
BQADggGPADCCAYoCggGBANWEcM567UJnGwt3tHO/zzVLFJoZYpZhT6jYfADd9LvBOJg/wVDJFYsw
fP9u0oxkqmYwtoG2+Y2SNRCbgFt8DFqk0XQ6bj1YzANluSjzw7vwGxDPVAJ3FNFh5mlogB3xB7fI
iTYreDXUGkoOaOgf5Fsy9jYgwpJ6/rZQQ9XdpmKlSKuK/jpn73c58G/gS46MVMcri+xQ4Cu1F9Pg
DdJKfGGVcPNp4iYCZw3Yvj5T1wKQoEAPFEegZiwED0sKxVHHfQHkxHM8AqU5Z3594Z4KPdeBkCyP
VFynSURN583PMfSesllDEKdg1quqNSH3bks+fHzEbxEKY1eaFllKx6oxVC9dgV7XVNA4H2gkpSD8
iBxvJAODL/RjZ8gukVPdweq0gmEFdHwfTJYKGkCrCtoFkZiDjKrbksFrMYrtRfLxWhOLeoFRt4v/
yljpLN28tFouecfjNGTqqQ6Z4hn61nLmHshM4sIj185vw1T7zWaSFS9QEeld65BSllRrysKQV37i
DwIDAQABo0UwQzAiBgNVHREEGzAZghd3ZWIwNS5pbnRlcmFjdGl2ZS5sb2NhbDAdBgNVHQ4EFgQU
9GWe5JCxUOuyX6EaT9eELFp4cKowDQYJKoZIhvcNAQELBQADggGBAGQaYlX7R2Z0xx9Lp5UUjAXa
npjFeDoI7vA49sCoJaYqJ+OeljUPiyamIiAuC5Q4AxaeDTlKka8YtP5hh9ZQO+VRssyedLWmzD5L
CVr6dTgxV/oq1IPpnbShhg1gYuKPrwkjKThM6dNlzy1nDfMCucnIN3oyjNErpaDLE+o3GgtTWpm7
C/LWxecdKYoTHjNMUqSB+Es0iTPGI4kmg9oNW2CS7KyIzWjYjZrq9OiVv25tFww9mAPDNx4bgZZW
1iA13lTzNvF9OGf6LszjXqqNbt78PH5JoRJD/GwfwllCNDmzYarfH8UmwmUNb+IoRwhGnphevPan
0Cfc9P2i3+C0HzIz+wTzlFJCYzTRmOHLHfzakKwSaP0At/WfvDoIRvWJXotEXoKB6Me2Qw9wCc5K
sbqVP+kteLkwOe10YjiXceWpIUfuo2lMHZXPShLxwgEFDHVk2gpJEFe0I4Ox59+0ezrN/gxuwBu+
MOt2DU3gfe0jgZNiizq3sUBpyQ+GxUjPuw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>uwG/w8LIi2y7fbG1g+SNbU7saYhItUOHvboOW4Ab5+v6lLPwmbIscH+h9LkVmeRpr8zUTNyCcBIv+xrmvO933/zeJuH0mJ5SaAUCerV5GXAH2VeR/pBB/aa2ckk47yHrT+QrfZ408O4+EnrxwYHEXqbppLKCv3UxA0cH3x7J6D7caBeOkk1ns0tlkSG8uZ/t6Rl1GTHiRM7Tmt9nLJ0oZ5xaMTBqCK+HgFIBg9e2gpjml4ANrjWn3IbFZElyI1i6vTTZhyaJjZDS8U78FTunKNXCy0cIsKi1UqY4M3iRgIf5CI6qt/ECgiu21VCdBjSaKQ22ODzsw5Xc5/DZFvI+3vr6BXL8q3P5TyqrFCi1Wz9Dg40lyiyAtpv8QDka4G2YWwIMDH4JBo6KQZc4XcyciZS9Q3xWdQSwwM8D7fr5z2qg1W44KPiinAmETbddF7WJ8rY5X/lk66PpGIHbzqiBeDI3lTKysQ4K2VvXY5KkaxBqLVJylPSOIhguOVU+vxw3</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>vBSKGF1N1pKMHIJCdlGKO+6I5kkGHlXhpxQfqtM3dg+N4HjfwHK/Y3bhGZh1b651/OZkMd7ZCH2UX3lr0dOdDqVogKiuBJC50qqfUTrWH1+NYSlgnD8wkZTl89JZeOcOCx8kHiALVNYb1E57xOwJpGtvnQeWt7IgsieGcGRfzMx7Nc0n3NDPTgfn1JZbzdP//l4w+bjsFh7LmwhTCFLN54t7tolXUtNYxsvsqjewIoru2NMdC1xesurb5LBH77jLQ4vehcrpZbadi8XW27EeJiuV4vMuZxoQDJMu1OSrq3v6gCDY6ssW/gtvSk7RlZE2ngFA/H73ny5qhPqY1MePy4kQ0snAB0vTttg/Asz87xXKwWIWjd4Jm1nD29L58Dw/bq9XnUa6Ha+nskrbX8Gp8TJLAf5vhXTUG9QEbnAiU2z1b9/5pz0fBoZDUHK0Cy3JefLMDjYV4DB1RDZvUaOHN1CZGbY/ZOgsYBa7ycw6lZrLhPpF1jZei925arQNAOY/HAXUHrka2ZZ9PFtNsTmrg3LmkP8+JzwNmvn0c+ocw2+XxH7knbSoJ6nx3FErX1xXdzJSWH1pKlbGvM+/+oJq1u+k3MlkJEXHMp28CBVQdYraXkqMQ8b5XNMKHo71maYilxAW/KPGNqxCLjyZFTdMkIFgZZ1AAFADDWqKIhMWIV8canueQZ2bDVXPK/gzRwXzicOy097lEsm++Dpw7LgdMe+3aF9S/yOOAR3Hp0mhVcxpDnr7hZzHRSrQrdgJsPXQyCKACKwFHxq4XjsXKcf7yCngBZzkPjps5vNDWRWNDM6rEFRycd/Y7NbvomqHMtQWlmDUg51Gwy5tWWDyJKkY0rjGQoYJbdXjsUVwUY6iT4JhbHPYIV2irwpY2MDgtbnjveqUMZPl4IBL71Mg7UKkw1OZ2YAyjYzHlcPthMHNd6ObozwruixNKuypPPaoRa//zmz1Gfr8KXOj/JFrM5h90tCXJVt4HgXG2vmYXazeWKTc+2rz/UJhTJj67JmyLgHz/n6DGawIPjP/8ez/LGyOHVVtpPy4GBuSva4X/0Oh46Pl3ncDMg8B5zLFUBpfVN9LbStUL6vRlbFDdUHPlEPaudo9HHo531JP+PTRxcAXHdXEMxizCszAZhfwk2Tl5e+If1C82fkMHT4oY5PaG27WFMZSJqOVwzUYDq2yV4H9Jm8/h969aV+O5nawvgwEzCG3bat0MMzUqNcsTXs1muaYAbq5B0TIeV9ez5WIkHWdKAgj/8Olm/NgAhYtVJLtUoed9ZPEmtTDOPNT9T3sEXkGOkVL0GCpzHkiuj0qbq8H11nOuMqDeiou/eHZomvSgkVyYXZ1GFiQr81QYN2ueneTyVFIfTh+Ym8Hc9OZ50nPsOaPRrP+maLiTNglxkt8NNDyeonqDwKnEM5BWuAGWlZeN2MfMZGbxu25vB7bi5joUooc0LaQIkGrBFb1MXfEiSmHRenIlET130lKdbtEMFP0KK7+XXN8f7auDki39gVsIo/tXr50C3haMlLazRSHR4PCUqRKgmMJY6D1FHLmwDlr2WPfNHaMnYFJwONxj6jtAuvmyjAO63Zj1d51lr7vgQY5YcK7njNCT38BuT2NaesJA6Hpbv5KQUelpPy9sRshXw79yZfBIZUkOcuF1wAISEfwlG5zF0AIXIT4L2vrweEbBVvXmtNmXCngRB75ap8+3rVoQLeP2d5FdSfrhDekKoeOgs3TXc+TRqdv7LPUyM0AkLWpOYQzCx5BzaJi3JmNS5bNc9vHqlXNDkwV6XHqf6dHfQ7TucK/jkQec7TwAxy9E4Esn7m+Hw0AJGBgy3w+VT0tDEevRVSjethRUuFkQkEZwfOQkgnSwBaWfjKJtFInIPrInc4URml/O6WC5WnE85SLU/Sm2Bdd4XgwJHfrTBx4c2z0P//SevwHEQs1037o4EiOlMfoD7p2JVbHoDU4tt4hpdiJqWR0fPnyihxU9rGerQ3OwRtzve0wCku6tNG2BBCwDFxVnOzLinakU6d+akNlruROc77lZ31jA26BvAeulJr9IHzAjNX90cNfDfNL1Ceao+pfjzHnZgCJy3ZiugfpwgMtZYleynHw5JcBaZw6XwaqYZKnNYYhJyyYbQviMkF+y4LklwtU7a/cdTLHQcAzzOX2NyPrwzwuriEUcKYevxR99MNK7f5lg+EZJyNSP8CS02vXUYgWKfMY06ceYm8+KJs2fC2JfBuKBXdurdYjoWSLqv0ZJ3RwRLOWwk7VaTrR2ZDI5JGXzvsttT9NdfamEGWj9uFLc/iXVhFkdRohobZxUMhK1+ExPpVKfK84gNcpCjQGkOltf/2Zdaw1qcM644PzD4WeblHJTlSyD2LTSyiSVwzhJ9rlMatAWfwWRuJeT8FJERnpx5kxvoNubW3Lp28eI0lcM1GLgzGXa/tppX3rZXUEpX7LgzUq+nr5hvnhMB659tR2oofK2beRUicSbyd0X5WQxbSMM2rEU0ZX8mvHCqunPsrYLHK7GaFeJw338tihUklfb6VheGSitB2nzYhNX9hfkxV+eRN0BMycWoUkUH7HPeml+c4TGVVgbX5uAqcdCJZjsg2ZaaqnjIYcMt7BqYb+g4Rw5bp1fndqGT4t24l0AmrOTXElJs/eyad32LlcINqs8yGHCblq/5Sitp/DJogQBue4NfiPfxTogN8x/215/LDXwo2YgZvbTz+GqGrfqmfuiRvBXdGR/G8CCDseZncd9AvM9Y4Xa5bT5tRUI1FFzlA39y2BkaUZc0LklEbOhdd2pyEuEt4lleGcO3u+8+8jgGPJwB7C+QRL9wqXDTwo9TXn3CPfSkbNU1MtxPcLLxJSYuRjxgDEAFE4lUecXnlUH/om386f86BDBvKSOFwhtmIQnO3iHDoF8cNgnnJUlcLS9Hxiz+vQPnh6Y0mReJ3V1nDyKf9euS25q7mpUr1oIGpTNCZQ6lGE7K0/LaZARApceTrpbqb8yvjbTm7D0v6Sl4N9n28uXrPyVgUUDUvDuWBw5qlPJin9Hb/GeaozsAQ5+gdY0aXHx1yk+dxJHdOy7JJhXMErWRu8MGcZAKYHJde4HU0QarY15EFR2W9A1/Pb1PDke0uQZY3XATeYSstwW0ewHomKHKiJeWQWCvqSa6EOvr3gwjyw8SjLlnQ8i7SoHcpNV70LwnVg3hNQU0E2wigFxfsUiZeWm8gsDI8jsstTihMpqzo942wNU+cytuaTgmiqcPf515hNLs4leyxjp6iIkGueAdycDEQfpOf1l1APD/v+TnAG1pIE9RVAC6AqjTNgSEmEcjP39OrA9i8vhcw6fgBBNTaJqFS1fs3thqic7dN/EKRqFiksxYqc9paDC8QKw82/w9q/JLDnP8bbl/4Aqxt4lnRSEu6JklbI8Zj4RMQ0EGbVAsccjOche3xpgCQ1fuRyYuS/2XXbYuLK829sN2q5FvFPEnYjfy+fbvbO/keoiYP1cprWTUiyWM8w10+Ea5twl43FPQZOLx1X2kd4VLxyjjY99OehlTJLFofCXDu+LYwmaQe0WhIcf8hvCZg78hjCLHTXDi6Atq7AhfLa+KIEXPrDqXAbGDgzB0P0sIrVvcgj29eM4gsCCJ4zmCI4O97Zvk95SgENskyLro15D+YTPJXSKt4X/LaGvM6q0W/1LPslWLomhv5hKH+H1jFmlyqI9W9wDss4QhHA7fMmix4hexDXviXA2XvjTMteP+AL0POIFgge4R+o6KBenwiEWH4kS1KkKCuG/ZpKmgM3udcGLtwaXKVVmwPzKsilP8WqwcozjcFhgptetDe7sRhRy+UWuXSlcBRV5gakQ0njU45BV9bB45KepBQ2r+pVfi8eURmnV5GxM7VA7WNKifX2JqMYvEBR8lSvOIukkyXjpjAEaYR+QE1/B9fAGQkQhdRSM1hm4j7XdzUuh2V2H6EdApokWN2+6o40GaZvLtgG3ZziBEtDdvuV7L3OPjFEZtf3vL6PeyOzwHe6juoUKa+FhtpX/yygPFVtg4rRb1jVew7n6XYzjDJ3hqsKqXhsYlK5pwEX2niC9UIcG17lTZe84z/E9vm/nQGGHMeC65ZYfdQoK7RKG4SEhYMcEEuK6WlgC/xHGj21jvSb5cDh7TGmt0OH8gK8oa2Cx8zVLJSfY9NfRscHAzqR4hyO0OMOKntlZVm+h37FdsCDQcTwhtPc2cOPuvVg7/PAZS0XSO+uJ3SU9boT2HzxwDDPbmDA1ezJH0kBY9dyyjDMrnF/b+uOkLrfyynduhfOOHj52OuYjfvz1ev+vYZ3054r1DPqLKkX4KYBtJ3lxpGqY2s5xZhpxroBAFYTqzat4iqpfF4PxOHG2rF5UaToRgkxk9V+jOYrrozBK7Lr2se5QphQNCC5ihADutELa3rw536RCr4Lvtrp1SrNfUVDXEojCauBVAXwWxZo5Qm6f5imwvdbZDQJgffZigte7y0NDJH5gHifoLNWwfnIulnEgvZjhsZZ9mv5qNnqII8CgjlbdBKdUM+TQXBtkAFA8kXQPqKhYcHa7Zhl6Whzr6VNtHiihB3H+ZXBCX4OfUF4iyM84Ap+KOFFRcbUmbL0a46kES4kLj6Rs5fsenFwcXzinMAyjrmG0D08XXdX0ibutotql1nOvk3PhLpbewZTuAPmNTyMH2BGWJwuii9zysP49CurF1CEDekZPT7Ux5gMo0iNh4qsa+PODH8qZd982uEwuRpAQtjv8IwHlGl1v4tYlvEbc3EZn50IyDayN9nwU8YdLwguRrTPE8VmqtWbW7fgbonLWAfqOChxsKKerDcHO2xomqWfHiFVSw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:21:56,460 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:21:56,460 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022156Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_e5283c27aac1dbde8f18e21a75054c86|https://hftpdev.i-sites.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_47532985df57aff582c71bc687ed456a|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxtQ3EmdrestQinGURTplz1ND9I6GO5I+aHMMyJaUAZRxk0QJKnRbVqCUY3fzgeOceZ6TRVVO8xBDnR38YWemp+GnAWw1n3guuwOHVAa6RzQWq3ScnvNxYQuCeEKl6nhIGtt6AzJKh0VSP|_7f48aff7a144034c99790a977f1a1e6b|
2019-09-19 02:27:29,762 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:27:29,762 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"
            ID="_df9a74d95ed4f48273e4071b9ee4e760"
            IssueInstant="2019-09-19T02:27:29Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.210.131.52/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:27:29,767 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.210.131.52/shibboleth' from origin source
2019-09-19 02:27:29,767 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:27:29,767 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:27:29,767 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:27:29,767 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:27:29,767 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:27:29,767 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:27:29,767 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:27:29,768 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.210.131.52/shibboleth
2019-09-19 02:27:29,768 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:27:29,768 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:27:29,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:27:29,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:27:29,768 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_df9a74d95ed4f48273e4071b9ee4e760', issue instant '2019-09-19T02:27:29.000Z', entityID 'http://10.210.131.52/shibboleth'
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.210.131.52/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:27:29,769 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:27:29,769 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:27:29,769 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:27:29,769 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:27:29,769 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:27:29,769 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.210.131.52/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.210.131.52/shibboleth
2019-09-19 02:27:29,770 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:27:29,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:27:29,774 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:27:29,774 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:27:29,774 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:27:29,774 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:27:29.774Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:27:29,774 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:27:29,775 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@381308725::identifier=morty, context=org.apache.velocity.VelocityContext@4910a5f1]
2019-09-19 02:27:29,776 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@381308725::identifier=morty, context=org.apache.velocity.VelocityContext@4910a5f1]
2019-09-19 02:27:29,777 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 861f2dacb029ed4eee9ef267249f5537918b781ec5ea3ea021e836e5f5f49a4b for principal morty
2019-09-19 02:27:29,777 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 861f2dacb029ed4eee9ef267249f5537918b781ec5ea3ea021e836e5f5f49a4b
2019-09-19 02:27:29,778 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:27:29,779 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:27:29,780 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:27:29,780 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:27:29,781 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:27:29,781 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _46e4a40464a77629c38cd124b5a86c0f
2019-09-19 02:27:29,781 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _46e4a40464a77629c38cd124b5a86c0f to Response _a1eab954118977b337a5d8e71078f6b7
2019-09-19 02:27:29,781 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _46e4a40464a77629c38cd124b5a86c0f
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:27:29,782 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:27:29,783 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:27:29,783 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxns3BU6G18Kpk7ETdV8gFOAYNDqLLn2Yk4VpmOK6UVeRLbJRGouwrUwZVj/Lva80THTpi/w44cbUL8tGBwLoPfcUInZUd2tW/Pu+uhOo414ThmsHA6UFf66y0PUa8VNIOMQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _df9a74d95ed4f48273e4071b9ee4e760
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.210.131.52/Shibboleth.sso/SAML2/ECP
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:27:29,783 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _46e4a40464a77629c38cd124b5a86c0f
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _46e4a40464a77629c38cd124b5a86c0f did not already contain Conditions, one was added
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:32:29.780Z, to Assertion _46e4a40464a77629c38cd124b5a86c0f
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _46e4a40464a77629c38cd124b5a86c0f already contained Conditions, nothing was done
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _46e4a40464a77629c38cd124b5a86c0f already contained Conditions, nothing was done
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.210.131.52/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:27:29,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _46e4a40464a77629c38cd124b5a86c0f
2019-09-19 02:27:29,785 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.210.131.52/shibboleth to existing session 861f2dacb029ed4eee9ef267249f5537918b781ec5ea3ea021e836e5f5f49a4b
2019-09-19 02:27:29,785 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.210.131.52/shibboleth in session 861f2dacb029ed4eee9ef267249f5537918b781ec5ea3ea021e836e5f5f49a4b
2019-09-19 02:27:29,785 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:27:29,785 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.210.131.52/shibboleth and key AAdzZWNyZXQxns3BU6G18Kpk7ETdV8gFOAYNDqLLn2Yk4VpmOK6UVeRLbJRGouwrUwZVj/Lva80THTpi/w44cbUL8tGBwLoPfcUInZUd2tW/Pu+uhOo414ThmsHA6UFf66y0PUa8VNIOMQ==
2019-09-19 02:27:29,786 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:27:29,786 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:27:29,786 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:27:29,786 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:27:29,787 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.210.131.52/Shibboleth.sso/SAML2/ECP
2019-09-19 02:27:29,787 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.210.131.52/Shibboleth.sso/SAML2/ECP
2019-09-19 02:27:29,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a1eab954118977b337a5d8e71078f6b7"
2019-09-19 02:27:29,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a1eab954118977b337a5d8e71078f6b7 and Element was [saml2p:Response: null]
2019-09-19 02:27:29,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a1eab954118977b337a5d8e71078f6b7"
2019-09-19 02:27:29,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a1eab954118977b337a5d8e71078f6b7 and Element was [saml2p:Response: null]
2019-09-19 02:27:29,789 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:27:29,790 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"
            ID="_a1eab954118977b337a5d8e71078f6b7"
            InResponseTo="_df9a74d95ed4f48273e4071b9ee4e760"
            IssueInstant="2019-09-19T02:27:29.780Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_a1eab954118977b337a5d8e71078f6b7">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>hJSVyEujmjO1EaXbH+Bmqr0y43/9e2/nzm7LbIKJAJbF4+IKuJesx/wl9CMRozZ62rRBfzBFZPfRcKrDbA4I1g==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>ldZmZWBIYrzPlWMI2/6Z3gOP8x3w/ZR+2PRmKI//v69ZD/fgIzq/aCLL5Clz33DVOS6UAEyvl1Pq+B7ckkTZkJgwQIqa/Rfcl9xo+ajPoXDMiXL84OnPg6UPvua3NmdkfHb8M+gGbWx/tgMhhMKoIMFhPe/f3DWMbLwSklPyMi2iXj06a4qtvPEJKifQG6yZWThW0AlfLndR+0OGDbYEuOHDiU88UkaXwNiwaDGcFqpeq5lU8DLfnx+f2WH2oPtqqM4XzY6vZQa6GQ4ydqMggg0+Jh4cLoik38b6V1SwvFJzVLO1HO8QmmtrLg1gzSV+bIWH5SdcPT7LUwLRYauizQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_46e4a40464a77629c38cd124b5a86c0f"
                IssueInstant="2019-09-19T02:27:29.780Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.210.131.52/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxns3BU6G18Kpk7ETdV8gFOAYNDqLLn2Yk4VpmOK6UVeRLbJRGouwrUwZVj/Lva80THTpi/w44cbUL8tGBwLoPfcUInZUd2tW/Pu+uhOo414ThmsHA6UFf66y0PUa8VNIOMQ==</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.38.242"
                            InResponseTo="_df9a74d95ed4f48273e4071b9ee4e760"
                            NotOnOrAfter="2019-09-19T02:32:29.783Z" Recipient="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:27:29.780Z" NotOnOrAfter="2019-09-19T02:32:29.780Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.210.131.52/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:27:29.777Z" SessionIndex="_4ae6f4513b54bebc7d4066f147740115">
                    <saml2:SubjectLocality Address="172.31.38.242"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:27:29,790 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:27:29,790 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022729Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_df9a74d95ed4f48273e4071b9ee4e760|http://10.210.131.52/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_a1eab954118977b337a5d8e71078f6b7|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxns3BU6G18Kpk7ETdV8gFOAYNDqLLn2Yk4VpmOK6UVeRLbJRGouwrUwZVj/Lva80THTpi/w44cbUL8tGBwLoPfcUInZUd2tW/Pu+uhOo414ThmsHA6UFf66y0PUa8VNIOMQ==|_46e4a40464a77629c38cd124b5a86c0f|
2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:27:32,286 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"
            ID="_4bce72a47e7b1bf3e320b271bf0e575f"
            IssueInstant="2019-09-19T02:27:31Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.210.131.52/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:27:32,286 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:27:32,287 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.210.131.52/shibboleth
2019-09-19 02:27:32,287 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:27:32,287 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:27:32,287 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:27:32,287 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:27:32,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4bce72a47e7b1bf3e320b271bf0e575f', issue instant '2019-09-19T02:27:31.000Z', entityID 'http://10.210.131.52/shibboleth'
2019-09-19 02:27:32,288 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.210.131.52/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:27:32,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:27:32,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:27:32,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:27:32,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:27:32,288 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.210.131.52/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:27:32,289 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:27:32,289 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:27:32,290 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:27:32,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:27:32,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:27:32,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:27:32,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:27:32,290 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.210.131.52/shibboleth
2019-09-19 02:27:32,290 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:27:32,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:27:32,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:27:32,290 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:27:32,291 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:27:32,291 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:27:32,291 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:27:32.292Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:27:32,292 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:27:32,293 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:27:32,293 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1852654539::identifier=morty, context=org.apache.velocity.VelocityContext@28b7e828]
2019-09-19 02:27:32,293 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1852654539::identifier=morty, context=org.apache.velocity.VelocityContext@28b7e828]
2019-09-19 02:27:32,294 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:27:32,294 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:27:32,294 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:27:32,295 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:27:32,295 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:27:32,295 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:27:32,295 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:27:32,295 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 29022df3019b627d7913826dd8be6b240a2050959d05f8288e4ea1e55f801cba for principal morty
2019-09-19 02:27:32,295 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 29022df3019b627d7913826dd8be6b240a2050959d05f8288e4ea1e55f801cba
2019-09-19 02:27:32,295 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:27:32,297 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:27:32,298 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:27:32,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:27:32,299 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7c38b7a821ea044b62a8b25343c48612
2019-09-19 02:27:32,299 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7c38b7a821ea044b62a8b25343c48612 to Response _bee83cf8c1bc802168d6c6841fc9e000
2019-09-19 02:27:32,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7c38b7a821ea044b62a8b25343c48612
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:27:32,300 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:27:32,301 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:27:32,301 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxZ4RK9ZqERCQH6SzOIJekFAIN1EbS0SicTVkOhKvuuUYv/edw5JgoFKMl8anQYyg733Cy7evBVSzgZqVTeeB28hVXaUsEqdqQVY88kVreIS9pInkMl7hUewNAGgPdyNs5/w== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _4bce72a47e7b1bf3e320b271bf0e575f
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.210.131.52/Shibboleth.sso/SAML2/ECP
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7c38b7a821ea044b62a8b25343c48612
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7c38b7a821ea044b62a8b25343c48612 did not already contain Conditions, one was added
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:32:32.297Z, to Assertion _7c38b7a821ea044b62a8b25343c48612
2019-09-19 02:27:32,301 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7c38b7a821ea044b62a8b25343c48612 already contained Conditions, nothing was done
2019-09-19 02:27:32,302 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:27:32,302 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7c38b7a821ea044b62a8b25343c48612 already contained Conditions, nothing was done
2019-09-19 02:27:32,302 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:27:32,302 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.210.131.52/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:27:32,302 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7c38b7a821ea044b62a8b25343c48612
2019-09-19 02:27:32,303 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.210.131.52/shibboleth to existing session 29022df3019b627d7913826dd8be6b240a2050959d05f8288e4ea1e55f801cba
2019-09-19 02:27:32,303 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.210.131.52/shibboleth in session 29022df3019b627d7913826dd8be6b240a2050959d05f8288e4ea1e55f801cba
2019-09-19 02:27:32,303 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:27:32,303 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.210.131.52/shibboleth and key AAdzZWNyZXQxZ4RK9ZqERCQH6SzOIJekFAIN1EbS0SicTVkOhKvuuUYv/edw5JgoFKMl8anQYyg733Cy7evBVSzgZqVTeeB28hVXaUsEqdqQVY88kVreIS9pInkMl7hUewNAGgPdyNs5/w==
2019-09-19 02:27:32,304 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:27:32,304 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:27:32,304 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:27:32,304 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:27:32,305 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.210.131.52/Shibboleth.sso/SAML2/ECP
2019-09-19 02:27:32,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.210.131.52/Shibboleth.sso/SAML2/ECP
2019-09-19 02:27:32,306 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bee83cf8c1bc802168d6c6841fc9e000"
2019-09-19 02:27:32,306 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bee83cf8c1bc802168d6c6841fc9e000 and Element was [saml2p:Response: null]
2019-09-19 02:27:32,306 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bee83cf8c1bc802168d6c6841fc9e000"
2019-09-19 02:27:32,306 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bee83cf8c1bc802168d6c6841fc9e000 and Element was [saml2p:Response: null]
2019-09-19 02:27:32,308 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:27:32,309 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"
            ID="_bee83cf8c1bc802168d6c6841fc9e000"
            InResponseTo="_4bce72a47e7b1bf3e320b271bf0e575f"
            IssueInstant="2019-09-19T02:27:32.297Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_bee83cf8c1bc802168d6c6841fc9e000">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>odbCfdg8Rneg2o5lp//iniyM4f29+kCdBF5GKIOMNiMqpuYS0QfOE4G3RdGQ3XONWTBVQJ3gWD86DMqOLcwvsA==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>jDvdmb0SpYlhAbeADUGJs4a7MyAJKfNrZ+5wNnuLNFw9hT3s1YqOEPwlZ9cqs9IWr0Ctzo3bz+zr80anaTHj5RFMp0JRhaAHvARKtu33R+RIHE3/mxu+VS+34vgqBpX0jqnrP9R2cRO6kDll8UcEpb3U/T5iyZSeheMg0HjtTZqZq0dgxfPrRIgObBa7bBvN3plKyE1HJTYss1Vx/YmjFbaG5XhVjwWN4Ooy0O/Gn9QauGI9lw2l1I329eTEfsYYMUpZWqxUSLkdFRDqTuGFcsaoAMj5Tr8ffSclSKPBDJyp0CV6VlDZdG2cU1yP3cJWnD6fnRkJG4D3A4T6Z3Cc9w==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_7c38b7a821ea044b62a8b25343c48612"
                IssueInstant="2019-09-19T02:27:32.297Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.210.131.52/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxZ4RK9ZqERCQH6SzOIJekFAIN1EbS0SicTVkOhKvuuUYv/edw5JgoFKMl8anQYyg733Cy7evBVSzgZqVTeeB28hVXaUsEqdqQVY88kVreIS9pInkMl7hUewNAGgPdyNs5/w==</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.38.242"
                            InResponseTo="_4bce72a47e7b1bf3e320b271bf0e575f"
                            NotOnOrAfter="2019-09-19T02:32:32.301Z" Recipient="http://10.210.131.52/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:27:32.297Z" NotOnOrAfter="2019-09-19T02:32:32.297Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.210.131.52/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:27:32.294Z" SessionIndex="_64a152a2ef65c788cd9d204ef7d8d4e9">
                    <saml2:SubjectLocality Address="172.31.38.242"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:27:32,309 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:27:32,309 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022732Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_4bce72a47e7b1bf3e320b271bf0e575f|http://10.210.131.52/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_bee83cf8c1bc802168d6c6841fc9e000|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxZ4RK9ZqERCQH6SzOIJekFAIN1EbS0SicTVkOhKvuuUYv/edw5JgoFKMl8anQYyg733Cy7evBVSzgZqVTeeB28hVXaUsEqdqQVY88kVreIS9pInkMl7hUewNAGgPdyNs5/w==|_7c38b7a821ea044b62a8b25343c48612|
2019-09-19 02:27:36,543 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2019-09-19 02:27:36,543 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin
2019-09-19 02:27:36,543 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://sandbox.marchingorder.com/shibboleth, acsURL=null, relayState=https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin, time=2019-09-19T02:27:36.543Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_5ddf8435-4259-4304-ae14-464aae42d4e8"
    IssueInstant="2019-09-19T02:27:36.543Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://sandbox.marchingorder.com/shibboleth</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2019-09-19 02:27:36,543 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2019-09-19 02:27:36,544 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sandbox.marchingorder.com/shibboleth' from origin source
2019-09-19 02:27:36,544 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:27:36,544 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:27:36,544 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:27:36,544 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:27:36,544 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:27:36,544 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:27:36,544 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:27:36,544 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:27:36,545 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:27:36,545 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:27:36,545 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:27:36,545 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_5ddf8435-4259-4304-ae14-464aae42d4e8', issue instant '2019-09-19T02:27:36.543Z', entityID 'https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:27:36,546 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sandbox.marchingorder.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:27:36,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:27:36,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:27:36,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:27:36,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:27:36,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:27:36,546 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:27:36,546 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:27:36,546 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 8 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sandbox.marchingorder.com/shibboleth
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:27:36,547 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:27:36,547 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:27:36,548 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:27:36,549 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:27:36.549Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:27:36,549 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:27:36,550 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:27:36,625 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'sandbox.marchingorder.com'
2019-09-19 02:27:36,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:27:36,626 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:27:47,341 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2019-09-19 02:27:47,341 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2019-09-19 02:27:47,341 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@138914355::identifier=rick, context=org.apache.velocity.VelocityContext@1098c0c6]
2019-09-19 02:27:47,348 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@138914355::identifier=rick, context=org.apache.velocity.VelocityContext@1098c0c6]
2019-09-19 02:27:47,350 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2019-09-19 02:27:47,350 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:27:47,350 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:27:47,351 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2019-09-19 02:27:47,351 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2019-09-19 02:27:47,351 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:27:47,351 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2019-09-19 02:27:47,351 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8c6c959359555a33861e5dc448aa1069eeb1c151915920be313f89cec757666b for principal rick
2019-09-19 02:27:47,351 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8c6c959359555a33861e5dc448aa1069eeb1c151915920be313f89cec757666b
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:27:47,352 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:27:47,353 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:27:47,353 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:27:47,353 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3c2e1dd5'
2019-09-19 02:27:47,353 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:27:47,353 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:27:47,353 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@699fc66d' with context 'intercept/attribute-release' and key 'rick:https://sandbox.marchingorder.com/shibboleth'
2019-09-19 02:27:47,353 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sandbox.marchingorder.com/shibboleth' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1599497118979' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:27:47,354 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:27:47,354 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:27:47,354 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2019-09-19 02:27:47,354 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2019-09-19 02:27:47,354 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2019-09-19 02:27:47,354 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3c2e1dd5'
2019-09-19 02:27:47,354 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:27:47,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:27:47,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:27:47,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2019-09-19 02:27:47,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2019-09-19 02:27:47,355 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:27:47,355 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _00c7a5bf2a5e0907b77ea6f7614057e6
2019-09-19 02:27:47,355 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _00c7a5bf2a5e0907b77ea6f7614057e6 to Response _e5e3ad96de085d201e27686bbde8873c
2019-09-19 02:27:47,355 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _00c7a5bf2a5e0907b77ea6f7614057e6
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2019-09-19 02:27:47,356 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:27:47,358 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:27:47,358 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxCJpD3SgR6AmwuPNeUbPr1ID9lqqDr+f7/MZsXqnEmyD8WgNHuDumxSoC1wpJ7aO+17xR1Z65rloHCI3oN4GwheEK6af70GTdlbNoDnVdqKnnNnrXrCKDXWsm+YO0nyB3oJbIokmksfK5e4FycuLZ with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.7.69
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _00c7a5bf2a5e0907b77ea6f7614057e6
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _00c7a5bf2a5e0907b77ea6f7614057e6 did not already contain Conditions, one was added
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:32:47.354Z, to Assertion _00c7a5bf2a5e0907b77ea6f7614057e6
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _00c7a5bf2a5e0907b77ea6f7614057e6 already contained Conditions, nothing was done
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _00c7a5bf2a5e0907b77ea6f7614057e6 already contained Conditions, nothing was done
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sandbox.marchingorder.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:27:47,358 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _00c7a5bf2a5e0907b77ea6f7614057e6
2019-09-19 02:27:47,359 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sandbox.marchingorder.com/shibboleth to existing session 8c6c959359555a33861e5dc448aa1069eeb1c151915920be313f89cec757666b
2019-09-19 02:27:47,359 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sandbox.marchingorder.com/shibboleth in session 8c6c959359555a33861e5dc448aa1069eeb1c151915920be313f89cec757666b
2019-09-19 02:27:47,359 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:27:47,360 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sandbox.marchingorder.com/shibboleth and key AAdzZWNyZXQxCJpD3SgR6AmwuPNeUbPr1ID9lqqDr+f7/MZsXqnEmyD8WgNHuDumxSoC1wpJ7aO+17xR1Z65rloHCI3oN4GwheEK6af70GTdlbNoDnVdqKnnNnrXrCKDXWsm+YO0nyB3oJbIokmksfK5e4FycuLZ
2019-09-19 02:27:47,360 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:27:47,360 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:27:47,360 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:27:47,361 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e5e3ad96de085d201e27686bbde8873c"
    IssueInstant="2019-09-19T02:27:47.354Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_00c7a5bf2a5e0907b77ea6f7614057e6"
        IssueInstant="2019-09-19T02:27:47.354Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sandbox.marchingorder.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxCJpD3SgR6AmwuPNeUbPr1ID9lqqDr+f7/MZsXqnEmyD8WgNHuDumxSoC1wpJ7aO+17xR1Z65rloHCI3oN4GwheEK6af70GTdlbNoDnVdqKnnNnrXrCKDXWsm+YO0nyB3oJbIokmksfK5e4FycuLZ</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.7.69"
                    NotOnOrAfter="2019-09-19T02:32:47.358Z" Recipient="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:27:47.354Z" NotOnOrAfter="2019-09-19T02:32:47.354Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sandbox.marchingorder.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:27:47.350Z" SessionIndex="_d7134c8c73348d88f3a784b9fe29bc8d">
            <saml2:SubjectLocality Address="172.31.7.69"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:27:47,362 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:27:47,362 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:27:47,362 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e5e3ad96de085d201e27686bbde8873c"
2019-09-19 02:27:47,362 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e5e3ad96de085d201e27686bbde8873c and Element was [saml2p:Response: null]
2019-09-19 02:27:47,362 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e5e3ad96de085d201e27686bbde8873c"
2019-09-19 02:27:47,362 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e5e3ad96de085d201e27686bbde8873c and Element was [saml2p:Response: null]
2019-09-19 02:27:47,364 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:27:47,364 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;sandbox.marchingorder.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:27:47,364 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:27:47,364 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://testschool.sandbox.marchingorder.com/api/Graduates/ShibbolethLogin', encoded as 'https&#x3a;&#x2f;&#x2f;testschool.sandbox.marchingorder.com&#x2f;api&#x2f;Graduates&#x2f;ShibbolethLogin'
2019-09-19 02:27:47,366 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sandbox.marchingorder.com/Shibboleth.sso/SAML2/POST"
    ID="_e5e3ad96de085d201e27686bbde8873c"
    IssueInstant="2019-09-19T02:27:47.354Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_e5e3ad96de085d201e27686bbde8873c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>Iky9mOn/Ew7GF48MOYizfNBb/nMU1FikasLYDfSI9zgG+38P1q0U9zU3RX7c+sytJIl4tALTp5PDK3FoAS7dWQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>hmCl8Tlsvgx3dEYy9CN8+mQ8/MUKNRasOagdG4rgU59vqL3Gah8IvuaBkYMiAlyhmV/4Z+4lep2Btd/YwqTwdFsLGtZvU7/s36dh0tBcLtW9qL9uLJWF25Bzz4HK68ypE/pFdSFIusev3O0rdrUPZ1dMw1LywYiTTM06LN9Vu0+CuwVaJ2RhVxGOqi/+Xn7lk5+MKNPuCFOoVpeJc6pdXxbahEbnN/4OksWNDITrDDRYeKhkDVOZPvURGd219ce4VTV/RyYeG0qmeJDRXVkYMKG4JdO8ApaGRDeOpI16gteuq175vO+ppnks/+AzsYIaN+awpoJqubP+vULUu6yZ0Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b1b9ac27cd7f18b4c69a19432967ea51"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_7d2f5fb774b2e5f51a9d8801f43e2015"
                    Recipient="https://sandbox.marchingorder.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5DCCAkygAwIBAgIUJK/uQlfBIMl+kBZawLrnSKlMqf0wDQYJKoZIhvcNAQELBQAwETEPMA0G
A1UEAxMGeWg2Ynl6MB4XDTE5MDkwODE2MTkzM1oXDTI5MDkwNTE2MTkzM1owETEPMA0GA1UEAxMG
eWg2Ynl6MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsNcfn1Q1jEuVW7kg2C8o0c3O
Omts8aULc4b7kOFeJUcrTx9tuDSP29MRUu6Bx6dinn+hkv9MRjOw1LR/qfVgarUnvpqEsiIr5ZO0
JzX4ItujW5fsRH7aHnBsmxeCaO12m0XbQp5RYbejtfLMOtRnGQfGChSmaCCnZ4bOVXZwldtS3+e2
7ELDeQ+63brD77MvTx6eA1QSLBfrx5QTSAoIOhhQeFLTwoOqcgJb2hin8cUEty2FEbYfcQVPxxPu
Tviy9VxFWcN5Ghu6pdvul+JeY6UYkHMCs2e23Zicott3/5pJ6iAqhryPaarbfFWKci8rHxtur7ck
uLQ4U7NxCx6OIR7q+hBHBm9Z19IR+JV1iiHCzjLHV+X25WEcmNIqiudTMJnZ+jDOfVNIoZFUWapD
arROhYtBAU76LgWETqyQUTWZqtS91RqJIoMhPZoWZBUpt7Gke8xaI0za0KwWtqbnjQ9wkW3rNkVZ
RNytz/LX3IUh1++wxO/ADYchs9qGLvoVAgMBAAGjNDAyMBEGA1UdEQQKMAiCBnloNmJ5ejAdBgNV
HQ4EFgQUsW1pN0c4Y46CsvwXAQrvwRlqarUwDQYJKoZIhvcNAQELBQADggGBAGQ8f9QLQ/x1tUJC
44AbtHu9LRLI3vBr3ars8RAmR6lcpPvqWMxNQkHKa/5sqyLEmNiMgCQfoCFPByMKNbRL/zPyhcwy
fvZp0Bcpk6tdl+lckonifLK1OVSIcG+fI1zmAiHgWn4ZYY8nQ9BVLycvRuKMbb/EF0yGXuU3rB6K
u2mvmyw8vJ7IiUiGNIxr4hZr9SZtzaujBdeOXl2rikT40NGUR8l8zYZ1Jo9yFWiaN1mZNhGoBI+A
5MdHvXYOdJ2h+IWvxJwJ7YM1D29qe0dUzhnPzJeV5vjOp3FZvs0R8SptA0ZzXxADEDyLi067x8QA
c3o3IkjejpjPZyAlrJ80U2YfxOOpMkDYM5XS0pEwbYxx7s/v9Rtb/KWyIsXGZO3Q5XWVdU2Veel9
4BIvjSOdkdTB/eK+bZaBSZzNhm4nErzAhtzzcVsP8V7jNOnn3uoPI4CDjJUIhtngcMVipao9ipo3
eEixZNyXkxevqCKAj5kO8JQX29nzUulWyKPRDVkEMg==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>LijKzOd/Tn6Aa5/SIL94dduIi5j2P8QVTqBh5dODgt60Swnd4i73Uhau1BzaNcce5K3BbAWtiR4N4xhPL8xW2Dc7IGClHJ4iqybq3kHBV4Dtr593PkETac1AqRgmkJNfsT26w3bdcIkJempmqCPz3ZjXTorBfEQofAR0wh9taoDtyrPHC5B3o3mErFbl4mSSsbojcLdhD8C75TCluUg2jVDxuBg5mSnIl41D7tjXEl3eITUOe0UP1IqXbSt8hSt5j0KoIGP5vVVrcJnOX5CfB8Xc4Us9cJaLEr2FRh08RSmABf4NWNz+EwBHBxXH/jdCboT+EF6b1KqzjZsLQr9QVqIS8lXsyt6PMRaMH1oxNCgov32FuU/OjWfGu9FeOdDhg9uR+7DpBFjk8Py+faM54tlK7IPPposQsvBXr4jcFUAfVX1xrY8UNhPXSfFSGOZLfHC44IMQTkqSSC6dNPfdtwuMbODz8c1LIup22szIR9/D3NtUi1+NDZwErOPvLNss</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>pgVlFEouxct1r1d366A9jUjpeNH86bg0EltgQzkHsTpSDbMoZbvK6mAcHT+Ewys2WhCFJ4meDtGSOPq+bhqJnB8sEJRIHPfPLPhy3Wm+9ajADgSpJZdFFv8dDdm2zUdo2JkXspizSmUIv5qEQH+xWC5WZBxddF4Zf6QNuFmYKG4om+hAc6X7pz2+riJA8Evyt7g+Z3cMsTNONKPI1jRe4jZQP7/zU0SIijKQS+rCOb4Z9IxQtRv829JHeDbLt9o9pptpfBpcVGmcuEeFk6O2b1ZNGWoxWTrJHSHi1cZOTtD6VDXubsl+HHuPhFrZdBvY8KgeO9Zi9ukyAsqBgnPDJ4ecPhZU/UjCHa2DYuZb3DE+iymUWM0I9+vG5QngCKpoqXwkVRKmlBrUcc9/vQAxK0T/o60iylXQt/+WO0WC63N57tf3yQaoq6ZKAbG/usTNYm2k/Ub2w/5IowqvhKQi2I7ceTQnKcQqWfjb8DpXf2bYOLBLoozOV0iFmzPi/r3WYvm/7zy5IZzNYy3LSTFIBSshT4PIeoZsG366ADC7W5K+8dYxmyna1f9+kaiZ+bET0qr8cCkoQuWGzJOnGKcuEsrHpuhcv+dbgeBm38Mt2ps90KnGrQk5zbAL78zcSzcuyxKXMtHDpiBcZNwagMXUnkuET6UqS3U9GMgM7TarpdSoYW8J73arvNQwhm2LJPSIR/WX4mX9PpTB221qsgPvhq07SAAaOhI1wE7TyXAdNd8rSTefX7ypHJl1hChF2aK9DJGIFmv4GR9YJCmh+aSluibk0bJcIecsnyVPdh6pzpz8xXeZ5LIcDq6CkX2Qwc0BCn6D3rIGzbJPl34VsGkwkD6raThJOaVXy/bCd/RRvPDDT9dXN/i4EMlO5aNFtXckOxZgBf9uRhsDQ5cPLvRgYz2VeIrmLZ88+GSSvQuwWR2U7F5WOkTIIR0OVFpf0IsYtWcAqQ4Gedd1e7L9YgJJYHJS8alMp4EjFyXEbls6uZrHw7kNm/yOHnSknTS26hL+Dx1ht0kvqORRwiIpC3B9kTzJUQ9WtsCLCfidMn8gXrYIIt1/3kA1x7toaFtU1UI0Fl5Tasg8XUqoRpdd+fLh1IwZsdSjgAUeh/lEnroAV+uaJGXYpyVWWD+cuREcCRb23emK1iI+JDwEncq35vvoXjLH+EDx9XW8+6Yjl7KdzxoYnBukrigru1RHhe9obPVhBzOsJl+uw32o2exHprrELWEm/26PF6Lz2ITJhxsnR+zGy9JcXeYwC1DlHp8O6Dj0iXznVFIwRmX+I1elh6VkfjeDcPY/GV8fsEDaMaypUPUI226txMmBp3Yan9Ws5pJpAXtb8IzHBr8SEEPAIQVNYUf6d3mLpUs9WlT2xGftCTlkt2Dxg6HpJgyhxpyv3TwX9RVL4bcn+kYHBczSLLgxH6HVn1SXeYoSsbvjoaKBGqFMEupBPozE03/LXgrjNB0RnAU1B9CrHuu1MrFChTLWIbTSu7/bgfbSfWRdq+nYy+W0MMwIEf2ch/aSM4Dy7C2sAGe5569lHjjXmKM3Uny0k8iK3TMqzaXPL7zoJvNr8BTL5+uEP3IG/6wt99LMTDxgNaqvB2DsYU8heOaNpyCqHfDnl7N5lg5IRGmXtoWcIlRzRo+Mq85a4Zn5KGU6jevyAnFl6RyYDrKx6M46LQ2rVPUEGV6QIdkLrLvCmM063UyAV1SK0ndtRwqElO1tF/VwDD+rCISGkHuFL0fcSdkfJKmMxNiv5/om1I1o+ln4vqXsOcy7lBo7O6Dbb/9l+t3DFW5VzCqpZlyceaftgetzQ1U32YpNwp/VE3Mh9zG9l98vhTDoqi/o98aYNDI/BtnmXW2GOcttlGUshtST9xrcmKKvM+mJ2eZe9af5QcNSeLbLnxctpkURPI9WMN7n4zXWYNJ4EIXIKRxTkxMKK7rvlXRLFJ73/dogDvtd3DqqbssrACqrfx6NndUHtMyXm8SHVWshltO5m+M/WuQJQG2SIs4wRJE/0ZOI8/imPwj9sxA1Y+3XQM6n6Xb3xTih/JrfTsFC6jIiSeg77Udr8f0a7JC2ivR/YpVLhUR0ZB4MRyNmInpmGEvijpLtSHLEH7sEHiE6pzve3XjaWvDuJXJtHa2thFUE0bDKKxua8niiAsYRfJPCAELzvPM0UNM6YZ/O+qq2t7XR/95AE5nFttF1pm9h770xM78HgNbc/RKjT5DCseARPnzwzd8NZoC8L/lpYcTyKtJiX0FyjhDGcwyI70wMdFaq4hO7wvckTnMC2Upf460wJuVK3I9L6BNJx7kbigzag4l0RXqO1NyYjrm3Jf4/g2EbV7w8/Y7TVel3TBtd2ypZaXdFLMPY+y3upNHw07IQE7qFbnvtj4KLDEL9kYwr2j5cUo7OoLfCHqXjDWIh+TaWjx3jrJtYAA4kDqgNDNXGQhEWPOBraKW03mciIGMS7yu7RjO7iFOvLfGURxMyjDS/MOgw/EdFSbnWPKfWIVEIiZHCj2MIc71b1zViQWey1bpasXqN9KehgUGj33b/LUIUP6F2pLEG5+iKMhFniAUFOhO20O/isGvcR2l/Om3MBYdjte1XYlj5fbB2xmkwgiQz9c84C1orqTdgE10N55W4UduZKfuqR6i3x8+oi57+WFpfZb/BASAOAxcAelCwUaywIniIGmg5WnoBLk28ie1zuvK4lCJaQqAJj8/l31MZzZ7QxcbblNeOwUIpfm6KvYGPNcEDBJyGIpwKcAUMtaOkyCeKpnpAUxrObbF4fKaXXZMj+5PL075Y9TxB+wN1HNNK4iHqA9N3uy4/PjxuA23kul8PmvDbkK3sCcAakvCU55OTlbHENerU7kWJ5okQPcFPzSBq8nG7mkFDkfqmqgH7XxY+4+poyYfscN2oUk+DX5R1cUarKRzz6VoireeLloGgpPJTkEwpZGPtJa0D/nxzY251bJhcrla8iBHW7h1CvcCv/3OJJxLqctuLj3POKCSlRbrrdiT+g6s8y9I9ouWjKuFaSSfAU3o8xtOaLyblwJ89QjxiOv+hzMQgb0hX3jkCyvd0WjCV1+WG0SWjerjLSEG1THe62mziKfzwyZMWcgsV8a6ILWGXc9us5AAzyFePzctHBlVImM9WFURoCAopWjs2nwnRLsJaSE6v/DCcj46b7LftAqNT7d+CZyBwHfUz8h469iFoSS4CeVfqPlg/TkJ6t+vHx9xnormdrigVur30SOZD/JCyfNog9XK+D1iEGE1juwhoM3angviDzVWbOWkHdfJnc8Uk/JSfVbLVR+TNtXgDDMoljdQqk9s4G8NxzVMG2vQoJTb4h9M+IIMDOKdtzj2heds6eTUKJRbTRRlNZzdYUSRuwxlBq8+mBiGHe1wqjXs3otNBZoJpFfYRTxbJ7jmOXUanI+9aQWuSvMaYwVRK/yMAp6lXqgdMq53jQ7LgUQu1Rx8HVrllSH6Suf9CCPi2tlXFAJWvK/nlerW6xwkolfPfrf6MpzL3XlkB7zQAIUyYmrfRd7rsopDslJfsWEZr08AQfmpmCevrrVOFOkM73EwPb1SNsX1NnnaV/L8bJwIbOgIodabQq96JwN3/Sr/1GCbLfCnlksThrNWtusklZhgC4ZOqWNT62qVmjvk7/tK9EqzHx5wJrgDatGahV4z9j3v0tjavjikwMMg+z60kAocSBViYflCWkxTcP52+lzLcNmF6yVrnLDtLLwtf6chMaEpEWCiJzIQUku0trohU48jabx/ATpdOpH9L7vBLGVKTQRyynjY8EOjeKBzqcJOx902DKqH/B3iFzkcHPDzYWDU1AhtfQzJ+6LQfj/gGsMFioKoiE0wdKZj6QVYm0I0OmjSkfz8vLsSmShmfwsHPLJUqkGGofIEXuaCdmTCbJx6efovG/xFMn/xMbd2z6XntP6myfS49qBckAXQuKlGZBXbK2BiPgsrjNNc9DZfR77nF2XiRzVR9hPAOa7CFJamz34rJkOczyvU5cPC2+PrWw/SYHGwM+G7K8z8852E68dH1ZwDfcQYf13vP2tgnTm04sThpCqfks1HmGbdhSLgaZCtNyyeG/RZgQH1LclLnJDiNn6llizuDIEeyeUQcV3raLQzmvMD4aRo7mQDsPcqvjiIPZpdWPw1W9y0wrWxYcRT1SCIK8lD+cZIAkco/L7Cf54S3AeNLjrbwl4fxlKKDzqCDvhEwV/wxYM5zzSPlCVQuTu1GbhdBOA63DLV7EAGsrFp5wINMGMJmf6bjUQd+h1A/wJCCMs8FSHc/V0dHgPkBSPI0qiZLwj+CoMstDxr18l9xICSw/C0DrluHCT8oBJ6xnq0pLl51kmkq2BOG0ARU/y/jAmGyNrgUPPYrA3iUhk+W4pNntR7rqyR9wszbjD9tVyKXr/iTaw3hr7LrdpiITOXcGpC03izRFgHHxox0NQVcx60YAE/WgTsyyN3D1EcR4M0+qO341SNqoqipHR7KIefRFzUneAmLIkToXoExtSL+TwziPBTGyL99pbciQ5U81twPjkTQXXhMdtre+8OsBzCxp8Auup58BmRHplK4FRy9LCojqQ7nxAg2AF20zyGA0/2ZGGdCxcRlSX8tjYwpyd+H/LspV7QF9ibmYc1PRczJ60yRZIqNcqMJda5MsvUr/zuVGq9nK6cgzPQBDFKXLVG58LCTX47i3pKzsza1fUGEaoWdxTM1M0h7hVFxiOpCiKj6AEWu6uiYahkOLp1zKvfVHvNNYSbgxAqUCTMkKm9dj6u3NXWeZB9XmeQM0SqFVhzeAexfZyKvzb4=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:27:47,366 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:27:47,366 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022747Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_5ddf8435-4259-4304-ae14-464aae42d4e8|https://sandbox.marchingorder.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e5e3ad96de085d201e27686bbde8873c|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxCJpD3SgR6AmwuPNeUbPr1ID9lqqDr+f7/MZsXqnEmyD8WgNHuDumxSoC1wpJ7aO+17xR1Z65rloHCI3oN4GwheEK6af70GTdlbNoDnVdqKnnNnrXrCKDXWsm+YO0nyB3oJbIokmksfK5e4FycuLZ|_00c7a5bf2a5e0907b77ea6f7614057e6|
2019-09-19 02:28:22,495 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:28:22,495 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"
            ID="_2b695d751ac8980848a344b66027a8ea"
            IssueInstant="2019-09-19T02:28:22Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.208.225.169/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:28:22,501 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.208.225.169/shibboleth' from origin source
2019-09-19 02:28:22,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:28:22,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:28:22,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:28:22,501 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:28:22,501 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:28:22,501 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:28:22,501 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:28:22,501 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.208.225.169/shibboleth
2019-09-19 02:28:22,501 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:22,501 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_2b695d751ac8980848a344b66027a8ea', issue instant '2019-09-19T02:28:22.000Z', entityID 'http://10.208.225.169/shibboleth'
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.208.225.169/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:28:22,502 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.208.225.169/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:28:22,503 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:28:22,503 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:28:22,504 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:28:22,504 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:28:22,504 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:28:22,504 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:28:22,504 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:28:22,504 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.208.225.169/shibboleth
2019-09-19 02:28:22,504 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:28:22,504 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:28:22,504 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:28:22,504 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:28:22,507 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:28:22,507 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:28:22,507 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:28:22,507 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:28:22.507Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:28:22,507 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:28:22,508 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1083257657::identifier=morty, context=org.apache.velocity.VelocityContext@7e64f9d0]
2019-09-19 02:28:22,510 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1083257657::identifier=morty, context=org.apache.velocity.VelocityContext@7e64f9d0]
2019-09-19 02:28:22,511 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:28:22,511 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:28:22,512 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:28:22,512 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:28:22,512 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:28:22,512 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:28:22,512 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:28:22,512 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3410157169b46b8d06071ef9b825961ac2642a34ed6a43ba3d12ab14679283cc for principal morty
2019-09-19 02:28:22,512 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3410157169b46b8d06071ef9b825961ac2642a34ed6a43ba3d12ab14679283cc
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:28:22,513 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:28:22,514 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:28:22,515 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:28:22,516 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _cad79a9d043fd5c1d3921d77ca69e101
2019-09-19 02:28:22,516 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _cad79a9d043fd5c1d3921d77ca69e101 to Response _92e71e41aab601727a287c9acf84b0de
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _cad79a9d043fd5c1d3921d77ca69e101
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:28:22,516 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:28:22,518 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:28:22,518 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxlZnQSE31yhMziFJebCTSnGZ2TMfbgO9YmdASOZ0IYvGsKMG3G9AZIlIJ2mcfwhl0/qKiI3N+LfLlohBjp0kLdnCTV0nHp5OXpwJYbWh0Wdpe3qFgaIGrRHMkjp+CO2tMhGv+0w== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.7.69
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _2b695d751ac8980848a344b66027a8ea
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.208.225.169/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _cad79a9d043fd5c1d3921d77ca69e101
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _cad79a9d043fd5c1d3921d77ca69e101 did not already contain Conditions, one was added
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:33:22.514Z, to Assertion _cad79a9d043fd5c1d3921d77ca69e101
2019-09-19 02:28:22,518 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _cad79a9d043fd5c1d3921d77ca69e101 already contained Conditions, nothing was done
2019-09-19 02:28:22,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:28:22,519 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _cad79a9d043fd5c1d3921d77ca69e101 already contained Conditions, nothing was done
2019-09-19 02:28:22,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:28:22,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.208.225.169/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:28:22,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _cad79a9d043fd5c1d3921d77ca69e101
2019-09-19 02:28:22,520 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.208.225.169/shibboleth to existing session 3410157169b46b8d06071ef9b825961ac2642a34ed6a43ba3d12ab14679283cc
2019-09-19 02:28:22,520 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.208.225.169/shibboleth in session 3410157169b46b8d06071ef9b825961ac2642a34ed6a43ba3d12ab14679283cc
2019-09-19 02:28:22,520 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:28:22,520 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.208.225.169/shibboleth and key AAdzZWNyZXQxlZnQSE31yhMziFJebCTSnGZ2TMfbgO9YmdASOZ0IYvGsKMG3G9AZIlIJ2mcfwhl0/qKiI3N+LfLlohBjp0kLdnCTV0nHp5OXpwJYbWh0Wdpe3qFgaIGrRHMkjp+CO2tMhGv+0w==
2019-09-19 02:28:22,520 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:28:22,521 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:28:22,521 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:28:22,521 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:28:22,522 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.208.225.169/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:22,522 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.208.225.169/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:22,522 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_92e71e41aab601727a287c9acf84b0de"
2019-09-19 02:28:22,522 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _92e71e41aab601727a287c9acf84b0de and Element was [saml2p:Response: null]
2019-09-19 02:28:22,522 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_92e71e41aab601727a287c9acf84b0de"
2019-09-19 02:28:22,522 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _92e71e41aab601727a287c9acf84b0de and Element was [saml2p:Response: null]
2019-09-19 02:28:22,524 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:28:22,525 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"
            ID="_92e71e41aab601727a287c9acf84b0de"
            InResponseTo="_2b695d751ac8980848a344b66027a8ea"
            IssueInstant="2019-09-19T02:28:22.514Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_92e71e41aab601727a287c9acf84b0de">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>nF+u6LPWG0ALoBw9UcIN4FGK0KEeH6AziXgJrc8/XhTo8kdrcU2eETakWNyC77/fU7cMd2kffXj9NtEUjafkfw==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>TBx9ZI4fS6xI/rj7XSqcYH+8G/znCk8jTgXShlN4+JpfBIGzSqgaMvyM59Xh99bzH5eepA2z5z/euGzfKmn1GmqcuvdK1jOR8uq+MVOSUsvWyZIMRElbV4AYLp/9gKKPl7XHSJDm1dwGnUP5O/HpWUM+oGGb1ddYDgvkUCjNkwwBuPCnwjBVsJ6iiogjlW0X12l8hJNoq2UWy3WUVVPBWwzxrmgprFJ0nd2mjc2Oiy2Dtghx423lJPZaULm3cMCSEEVLHQYALnZzAkoPaBjIBaHz7dxoO6HNlVscwoTNmF59o764Mhu21j4V8lSGF6019PzgFrioHFqenikOEDOh3g==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_cad79a9d043fd5c1d3921d77ca69e101"
                IssueInstant="2019-09-19T02:28:22.514Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.208.225.169/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxlZnQSE31yhMziFJebCTSnGZ2TMfbgO9YmdASOZ0IYvGsKMG3G9AZIlIJ2mcfwhl0/qKiI3N+LfLlohBjp0kLdnCTV0nHp5OXpwJYbWh0Wdpe3qFgaIGrRHMkjp+CO2tMhGv+0w==</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.7.69"
                            InResponseTo="_2b695d751ac8980848a344b66027a8ea"
                            NotOnOrAfter="2019-09-19T02:33:22.518Z" Recipient="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:28:22.514Z" NotOnOrAfter="2019-09-19T02:33:22.514Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.208.225.169/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:28:22.511Z" SessionIndex="_39ed78488411c77ddba1ecf3a62448b9">
                    <saml2:SubjectLocality Address="172.31.7.69"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:28:22,525 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:28:22,525 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022822Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_2b695d751ac8980848a344b66027a8ea|http://10.208.225.169/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_92e71e41aab601727a287c9acf84b0de|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxlZnQSE31yhMziFJebCTSnGZ2TMfbgO9YmdASOZ0IYvGsKMG3G9AZIlIJ2mcfwhl0/qKiI3N+LfLlohBjp0kLdnCTV0nHp5OXpwJYbWh0Wdpe3qFgaIGrRHMkjp+CO2tMhGv+0w==|_cad79a9d043fd5c1d3921d77ca69e101|
2019-09-19 02:28:24,111 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:28:24,111 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"
            ID="_eeb1cd1201dbfa5ab3c184bca7166288"
            IssueInstant="2019-09-19T02:28:23Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.208.225.169/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:28:24,112 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:28:24,112 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:28:24,112 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:28:24,112 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:28:24,112 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:28:24,112 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:28:24,112 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:28:24,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.208.225.169/shibboleth
2019-09-19 02:28:24,113 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:24,113 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_eeb1cd1201dbfa5ab3c184bca7166288', issue instant '2019-09-19T02:28:23.000Z', entityID 'http://10.208.225.169/shibboleth'
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.208.225.169/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:28:24,113 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.208.225.169/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:28:24,114 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:28:24,114 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:28:24,115 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:28:24,115 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.208.225.169/shibboleth
2019-09-19 02:28:24,115 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:28:24,115 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:28:24,116 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:28:24,116 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:28:24,116 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:28:24.116Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:28:24,116 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:28:24,116 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:28:24,116 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:28:24,117 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2100585990::identifier=morty, context=org.apache.velocity.VelocityContext@256624aa]
2019-09-19 02:28:24,118 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2100585990::identifier=morty, context=org.apache.velocity.VelocityContext@256624aa]
2019-09-19 02:28:24,120 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:28:24,120 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:28:24,121 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:28:24,121 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:28:24,121 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:28:24,121 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:28:24,121 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:28:24,121 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b650745504f1649cc997a8a13097cd936fb8695d2004d04549d49cf3e07145da for principal morty
2019-09-19 02:28:24,121 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b650745504f1649cc997a8a13097cd936fb8695d2004d04549d49cf3e07145da
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:28:24,122 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:28:24,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:28:24,124 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:28:24,124 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:28:24,124 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _64bc7cf35f09fed225eee69ac1a8dc64
2019-09-19 02:28:24,124 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _64bc7cf35f09fed225eee69ac1a8dc64 to Response _1b3be866980432ab0b31248155f5d8ca
2019-09-19 02:28:24,124 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _64bc7cf35f09fed225eee69ac1a8dc64
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:28:24,125 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:28:24,126 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:28:24,126 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx+E5ELnhF9fV9tnEyj3ktDnzLbfiNDE8Y4qHkCxK+t2MRG4DxjL3GYgh1Wu3uGxOwp8/OW/TN2I8qOwJMGePcrz3ztuONdafnJDr5XZpvo2bEPqAqRHTzuMTSGQVFOWhfykjZ+Q== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.7.69
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _eeb1cd1201dbfa5ab3c184bca7166288
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.208.225.169/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:28:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _64bc7cf35f09fed225eee69ac1a8dc64
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _64bc7cf35f09fed225eee69ac1a8dc64 did not already contain Conditions, one was added
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:33:24.123Z, to Assertion _64bc7cf35f09fed225eee69ac1a8dc64
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _64bc7cf35f09fed225eee69ac1a8dc64 already contained Conditions, nothing was done
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _64bc7cf35f09fed225eee69ac1a8dc64 already contained Conditions, nothing was done
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.208.225.169/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:28:24,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _64bc7cf35f09fed225eee69ac1a8dc64
2019-09-19 02:28:24,128 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.208.225.169/shibboleth to existing session b650745504f1649cc997a8a13097cd936fb8695d2004d04549d49cf3e07145da
2019-09-19 02:28:24,128 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.208.225.169/shibboleth in session b650745504f1649cc997a8a13097cd936fb8695d2004d04549d49cf3e07145da
2019-09-19 02:28:24,128 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:28:24,128 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.208.225.169/shibboleth and key AAdzZWNyZXQx+E5ELnhF9fV9tnEyj3ktDnzLbfiNDE8Y4qHkCxK+t2MRG4DxjL3GYgh1Wu3uGxOwp8/OW/TN2I8qOwJMGePcrz3ztuONdafnJDr5XZpvo2bEPqAqRHTzuMTSGQVFOWhfykjZ+Q==
2019-09-19 02:28:24,129 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:28:24,129 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:28:24,129 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:28:24,129 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:28:24,130 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.208.225.169/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:24,131 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.208.225.169/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:24,131 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1b3be866980432ab0b31248155f5d8ca"
2019-09-19 02:28:24,131 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1b3be866980432ab0b31248155f5d8ca and Element was [saml2p:Response: null]
2019-09-19 02:28:24,131 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1b3be866980432ab0b31248155f5d8ca"
2019-09-19 02:28:24,131 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1b3be866980432ab0b31248155f5d8ca and Element was [saml2p:Response: null]
2019-09-19 02:28:24,133 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:28:24,134 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"
            ID="_1b3be866980432ab0b31248155f5d8ca"
            InResponseTo="_eeb1cd1201dbfa5ab3c184bca7166288"
            IssueInstant="2019-09-19T02:28:24.123Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_1b3be866980432ab0b31248155f5d8ca">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>71VVBsFb8gaogX7l+aWoTOcyrCZmnkL/hvatiQv2MexFycs+qz45Jc2CPl3+2vW5AzxjS401lJ9HHwa2WcG7sw==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>ibkLmqRlCofjMKzG782b6vEJkLRlURYU8UwnCeX12OT+5J4UhFg/rzVbL8b3MIeR54OhsLEqkvJENVRtic81yTcG1NBl1YOFv1JrWKPbiWPwDl0j4ixUT//OBjlSDfZNIeGm1uNeMueEn1BBgTCMpjPPTq2uoT/2pvN6TP4e34j4VZGsRtzprTs0BrEFUqM4CGvTh1Xr+HQJiY25/FnTd/TvECMDw6sJyy1H9ARNSzsLhzAum2ILTSUa9GdKr6CDX+bNrZ9tNJD1wAQqPrccqfivEB2GTvIBhLUQig+UPGviSLXaDRH0DWnK11Lf9xeMkiPHh7U/dAtNGuhxW3n8Kg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_64bc7cf35f09fed225eee69ac1a8dc64"
                IssueInstant="2019-09-19T02:28:24.123Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.208.225.169/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx+E5ELnhF9fV9tnEyj3ktDnzLbfiNDE8Y4qHkCxK+t2MRG4DxjL3GYgh1Wu3uGxOwp8/OW/TN2I8qOwJMGePcrz3ztuONdafnJDr5XZpvo2bEPqAqRHTzuMTSGQVFOWhfykjZ+Q==</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.7.69"
                            InResponseTo="_eeb1cd1201dbfa5ab3c184bca7166288"
                            NotOnOrAfter="2019-09-19T02:33:24.126Z" Recipient="http://10.208.225.169/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:28:24.123Z" NotOnOrAfter="2019-09-19T02:33:24.123Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.208.225.169/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:28:24.120Z" SessionIndex="_94deacfd9ac448036e37d2f8e281d0b1">
                    <saml2:SubjectLocality Address="172.31.7.69"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:28:24,134 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:28:24,134 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022824Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_eeb1cd1201dbfa5ab3c184bca7166288|http://10.208.225.169/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_1b3be866980432ab0b31248155f5d8ca|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQx+E5ELnhF9fV9tnEyj3ktDnzLbfiNDE8Y4qHkCxK+t2MRG4DxjL3GYgh1Wu3uGxOwp8/OW/TN2I8qOwJMGePcrz3ztuONdafnJDr5XZpvo2bEPqAqRHTzuMTSGQVFOWhfykjZ+Q==|_64bc7cf35f09fed225eee69ac1a8dc64|
2019-09-19 02:28:43,855 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:28:43,855 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"
            ID="_fb9007588195c03b1346ad4061a9647d"
            IssueInstant="2019-09-19T02:28:43Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.210.64.173/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:28:43,860 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.210.64.173/shibboleth' from origin source
2019-09-19 02:28:43,860 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:28:43,860 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:28:43,860 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:28:43,860 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:28:43,860 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:28:43,860 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:28:43,860 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:28:43,860 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.210.64.173/shibboleth
2019-09-19 02:28:43,861 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:43,861 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:43,861 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:28:43,861 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:28:43,861 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_fb9007588195c03b1346ad4061a9647d', issue instant '2019-09-19T02:28:43.000Z', entityID 'http://10.210.64.173/shibboleth'
2019-09-19 02:28:43,861 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.210.64.173/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:28:43,861 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:28:43,861 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:28:43,861 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.210.64.173/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:28:43,862 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:28:43,862 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:28:43,863 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:28:43,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:28:43,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:28:43,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:28:43,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:28:43,863 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.210.64.173/shibboleth
2019-09-19 02:28:43,863 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:28:43,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:28:43,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:28:43,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:28:43,866 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:28:43,866 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:28:43,866 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:28:43,866 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:28:43.866Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:28:43,866 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:28:43,867 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1220389136::identifier=morty, context=org.apache.velocity.VelocityContext@5a38bba6]
2019-09-19 02:28:43,868 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1220389136::identifier=morty, context=org.apache.velocity.VelocityContext@5a38bba6]
2019-09-19 02:28:43,870 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:28:43,870 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:28:43,871 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:28:43,871 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:28:43,871 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:28:43,871 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:28:43,871 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:28:43,871 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7f4fc805f4329f6eab650e391cbf139a555ac87e10771e6f5170b6c60a6ce0aa for principal morty
2019-09-19 02:28:43,871 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7f4fc805f4329f6eab650e391cbf139a555ac87e10771e6f5170b6c60a6ce0aa
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:28:43,872 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:28:43,873 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:28:43,874 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:28:43,875 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _fe4d8acf318e96d27052a172da714807
2019-09-19 02:28:43,875 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _fe4d8acf318e96d27052a172da714807 to Response _f564e4a4f8aff53b7c44a4f3109e51e6
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _fe4d8acf318e96d27052a172da714807
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:28:43,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:28:43,897 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:28:43,897 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxuMoHguYtQttk+gJwKQ1N/ACl2iPnRDCdiYbZFgCQ+nIRV+AzBYJNPosRVxVDS8xDKIllzUkH3OLQ1hbMis5UlHPoPmQj0YdqNCbvmu8/a3qSzx/xVgv4RX+9xmfCWWPKww== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _fb9007588195c03b1346ad4061a9647d
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.210.64.173/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:28:43,897 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _fe4d8acf318e96d27052a172da714807
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _fe4d8acf318e96d27052a172da714807 did not already contain Conditions, one was added
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:33:43.873Z, to Assertion _fe4d8acf318e96d27052a172da714807
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _fe4d8acf318e96d27052a172da714807 already contained Conditions, nothing was done
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _fe4d8acf318e96d27052a172da714807 already contained Conditions, nothing was done
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.210.64.173/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:28:43,898 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _fe4d8acf318e96d27052a172da714807
2019-09-19 02:28:43,900 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.210.64.173/shibboleth to existing session 7f4fc805f4329f6eab650e391cbf139a555ac87e10771e6f5170b6c60a6ce0aa
2019-09-19 02:28:43,900 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.210.64.173/shibboleth in session 7f4fc805f4329f6eab650e391cbf139a555ac87e10771e6f5170b6c60a6ce0aa
2019-09-19 02:28:43,900 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:28:43,900 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.210.64.173/shibboleth and key AAdzZWNyZXQxuMoHguYtQttk+gJwKQ1N/ACl2iPnRDCdiYbZFgCQ+nIRV+AzBYJNPosRVxVDS8xDKIllzUkH3OLQ1hbMis5UlHPoPmQj0YdqNCbvmu8/a3qSzx/xVgv4RX+9xmfCWWPKww==
2019-09-19 02:28:43,901 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:28:43,901 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:28:43,901 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:28:43,901 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:28:43,902 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.210.64.173/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:43,902 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.210.64.173/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:43,903 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f564e4a4f8aff53b7c44a4f3109e51e6"
2019-09-19 02:28:43,903 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f564e4a4f8aff53b7c44a4f3109e51e6 and Element was [saml2p:Response: null]
2019-09-19 02:28:43,903 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f564e4a4f8aff53b7c44a4f3109e51e6"
2019-09-19 02:28:43,903 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f564e4a4f8aff53b7c44a4f3109e51e6 and Element was [saml2p:Response: null]
2019-09-19 02:28:43,904 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:28:43,905 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"
            ID="_f564e4a4f8aff53b7c44a4f3109e51e6"
            InResponseTo="_fb9007588195c03b1346ad4061a9647d"
            IssueInstant="2019-09-19T02:28:43.873Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_f564e4a4f8aff53b7c44a4f3109e51e6">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>F4Um5V0yHP+8fz1+ncwoekZXvgiD29VfBE0CdLOtvA5geM38ud+u2oFrFH/lKfpjjQo2P0H0IVBCZRr1JQL81w==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>hNYQZik62E8HZrCKxoIfDlKgWhuseFYCYNIyLWVKHkTjfkHRazOu8YVKZyHCCc3b5otyxhKLcaJZ7EO14neIJLU1lTmZl6cN33ZavHXRs2IYEk9MFpThH71l+GJhSfQd/YHHkQlxufQnLt+ElDxqwslejUc58jozKEsdE+EwSXnyGrBHXZ6vJc7ArT7caf9WypSEBsL6JLM5WNyxD5woBTi8gyf4/oNBaXjFXfdMacpKg4QtijeAfQ0XDSD2c4azBHrTgQ/iQGRF6qT0AxaiJJg73TZv9UxUNqAQt7S2bNjHy/zJygJnA3odOtj2fFxVWuo+k4WNrPICNaEzitVXGA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_fe4d8acf318e96d27052a172da714807"
                IssueInstant="2019-09-19T02:28:43.873Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.210.64.173/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxuMoHguYtQttk+gJwKQ1N/ACl2iPnRDCdiYbZFgCQ+nIRV+AzBYJNPosRVxVDS8xDKIllzUkH3OLQ1hbMis5UlHPoPmQj0YdqNCbvmu8/a3qSzx/xVgv4RX+9xmfCWWPKww==</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.38.242"
                            InResponseTo="_fb9007588195c03b1346ad4061a9647d"
                            NotOnOrAfter="2019-09-19T02:33:43.897Z" Recipient="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:28:43.873Z" NotOnOrAfter="2019-09-19T02:33:43.873Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.210.64.173/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:28:43.870Z" SessionIndex="_02d336256898dc30f9625a15674a0102">
                    <saml2:SubjectLocality Address="172.31.38.242"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:28:43,905 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:28:43,905 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022843Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_fb9007588195c03b1346ad4061a9647d|http://10.210.64.173/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_f564e4a4f8aff53b7c44a4f3109e51e6|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxuMoHguYtQttk+gJwKQ1N/ACl2iPnRDCdiYbZFgCQ+nIRV+AzBYJNPosRVxVDS8xDKIllzUkH3OLQ1hbMis5UlHPoPmQj0YdqNCbvmu8/a3qSzx/xVgv4RX+9xmfCWWPKww==|_fe4d8acf318e96d27052a172da714807|
2019-09-19 02:28:46,335 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:28:46,335 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"
            ID="_a876d4e9b81dc2fea1daa61323242a72"
            IssueInstant="2019-09-19T02:28:45Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.210.64.173/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:28:46,336 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:28:46,336 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:28:46,336 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:28:46,336 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:28:46,336 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:28:46,336 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:28:46,336 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:28:46,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.210.64.173/shibboleth
2019-09-19 02:28:46,336 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:46,336 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_a876d4e9b81dc2fea1daa61323242a72', issue instant '2019-09-19T02:28:45.000Z', entityID 'http://10.210.64.173/shibboleth'
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.210.64.173/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:28:46,337 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.210.64.173/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:28:46,338 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:28:46,338 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:28:46,339 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.210.64.173/shibboleth
2019-09-19 02:28:46,339 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:28:46,339 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:28:46,340 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:28:46,340 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:28:46,340 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:28:46.340Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:28:46,340 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:28:46,340 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:28:46,340 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:28:46,341 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:28:46,341 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:28:46,341 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:28:46,341 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:28:46,341 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:28:46,341 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:28:46,341 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:28:46,342 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:28:46,342 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:28:46,342 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@473458775::identifier=morty, context=org.apache.velocity.VelocityContext@2d22e7ce]
2019-09-19 02:28:46,342 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@473458775::identifier=morty, context=org.apache.velocity.VelocityContext@2d22e7ce]
2019-09-19 02:28:46,343 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:28:46,343 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:28:46,343 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:28:46,344 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:28:46,344 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:28:46,344 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:28:46,344 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:28:46,344 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3e66bdbcc826108f5f39d4d7941095dbe317e9f2087cff0bf57a6d50e3f840b8 for principal morty
2019-09-19 02:28:46,344 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3e66bdbcc826108f5f39d4d7941095dbe317e9f2087cff0bf57a6d50e3f840b8
2019-09-19 02:28:46,344 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:28:46,346 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:28:46,348 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:28:46,348 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:28:46,350 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:28:46,350 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4597559fc9fe7d5b9dd1e12899e24f5e
2019-09-19 02:28:46,350 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4597559fc9fe7d5b9dd1e12899e24f5e to Response _a8422811fdbc3d890f2586f30ebce174
2019-09-19 02:28:46,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4597559fc9fe7d5b9dd1e12899e24f5e
2019-09-19 02:28:46,351 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:28:46,352 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:28:46,354 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:28:46,354 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx8gHKilXhrXXYNmsdEZ0lmF19e2A5hrKB+65biVawcql3I58sGIABtR7GEHZQyATiGgfLyJsomerkSbMnNh2BqPBbocpWPrdtcnvnEGAL1An8AZHeIOh7xNKAecIh820hXg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _a876d4e9b81dc2fea1daa61323242a72
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.210.64.173/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4597559fc9fe7d5b9dd1e12899e24f5e
2019-09-19 02:28:46,354 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4597559fc9fe7d5b9dd1e12899e24f5e did not already contain Conditions, one was added
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:33:46.348Z, to Assertion _4597559fc9fe7d5b9dd1e12899e24f5e
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4597559fc9fe7d5b9dd1e12899e24f5e already contained Conditions, nothing was done
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4597559fc9fe7d5b9dd1e12899e24f5e already contained Conditions, nothing was done
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.210.64.173/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:28:46,355 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4597559fc9fe7d5b9dd1e12899e24f5e
2019-09-19 02:28:46,356 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.210.64.173/shibboleth to existing session 3e66bdbcc826108f5f39d4d7941095dbe317e9f2087cff0bf57a6d50e3f840b8
2019-09-19 02:28:46,358 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.210.64.173/shibboleth in session 3e66bdbcc826108f5f39d4d7941095dbe317e9f2087cff0bf57a6d50e3f840b8
2019-09-19 02:28:46,358 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:28:46,358 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.210.64.173/shibboleth and key AAdzZWNyZXQx8gHKilXhrXXYNmsdEZ0lmF19e2A5hrKB+65biVawcql3I58sGIABtR7GEHZQyATiGgfLyJsomerkSbMnNh2BqPBbocpWPrdtcnvnEGAL1An8AZHeIOh7xNKAecIh820hXg==
2019-09-19 02:28:46,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:28:46,358 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:28:46,359 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:28:46,359 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:28:46,360 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.210.64.173/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:46,361 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.210.64.173/Shibboleth.sso/SAML2/ECP
2019-09-19 02:28:46,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a8422811fdbc3d890f2586f30ebce174"
2019-09-19 02:28:46,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a8422811fdbc3d890f2586f30ebce174 and Element was [saml2p:Response: null]
2019-09-19 02:28:46,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a8422811fdbc3d890f2586f30ebce174"
2019-09-19 02:28:46,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a8422811fdbc3d890f2586f30ebce174 and Element was [saml2p:Response: null]
2019-09-19 02:28:46,364 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:28:46,366 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"
            ID="_a8422811fdbc3d890f2586f30ebce174"
            InResponseTo="_a876d4e9b81dc2fea1daa61323242a72"
            IssueInstant="2019-09-19T02:28:46.348Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_a8422811fdbc3d890f2586f30ebce174">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>N13JcrWpOqwmIsYQOCo2W/w3bD4zv23CM38QrxtC28Pdm1+JBdMyQ/lslOG446WH3ZPNrKlXeOtGQPN7BRhlkg==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>BzVvzkzl4E2t1ysBg6dlC3eOs7D6fb3sOGsZmDfWFSicsT6zEFDJChFoc5B1IEeAUGmV+uH5tyhpcDdMYLiricinUDWpgkUfPfza2Wa/g5lZGoGdqN//FbO1vsqy5itkAuIb97WnxFsM5ivxOEU9jYZR/dkXObmULv9toVanw3c4A0xIWuYUrVuXYF4oJgnC4PWz92kYK7Oc5NyE7Qs7Z/zp3JOIFqna7mscWqc/36Ath68CyeVMRFMP1xMSj68nE+UufGQZhoWvOq2d8cf59kEN9eYeZ3TRwXvsiSHvcltG0S1Nt/NJC/uMJvBL7FSN9sv0FAbAoNWGAkxwvahktg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_4597559fc9fe7d5b9dd1e12899e24f5e"
                IssueInstant="2019-09-19T02:28:46.348Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.210.64.173/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx8gHKilXhrXXYNmsdEZ0lmF19e2A5hrKB+65biVawcql3I58sGIABtR7GEHZQyATiGgfLyJsomerkSbMnNh2BqPBbocpWPrdtcnvnEGAL1An8AZHeIOh7xNKAecIh820hXg==</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.38.242"
                            InResponseTo="_a876d4e9b81dc2fea1daa61323242a72"
                            NotOnOrAfter="2019-09-19T02:33:46.354Z" Recipient="http://10.210.64.173/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:28:46.348Z" NotOnOrAfter="2019-09-19T02:33:46.348Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.210.64.173/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:28:46.343Z" SessionIndex="_ba40ffcfcd0eda157e785a49ebf0f6e5">
                    <saml2:SubjectLocality Address="172.31.38.242"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:28:46,367 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:28:46,367 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022846Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_a876d4e9b81dc2fea1daa61323242a72|http://10.210.64.173/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_a8422811fdbc3d890f2586f30ebce174|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQx8gHKilXhrXXYNmsdEZ0lmF19e2A5hrKB+65biVawcql3I58sGIABtR7GEHZQyATiGgfLyJsomerkSbMnNh2BqPBbocpWPrdtcnvnEGAL1An8AZHeIOh7xNKAecIh820hXg==|_4597559fc9fe7d5b9dd1e12899e24f5e|
2019-09-19 02:29:27,849 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:29:27,850 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"
            ID="_1fdf431e5bfa0be6870370a39ee13de9"
            IssueInstant="2019-09-19T02:29:28Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.209.34.25/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:29:27,854 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.209.34.25/shibboleth' from origin source
2019-09-19 02:29:27,854 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:29:27,854 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:29:27,854 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:29:27,854 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:29:27,854 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:29:27,854 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:29:27,854 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:29:27,854 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.209.34.25/shibboleth
2019-09-19 02:29:27,855 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:29:27,855 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:29:27,855 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:29:27,855 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:29:27,855 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1fdf431e5bfa0be6870370a39ee13de9', issue instant '2019-09-19T02:29:28.000Z', entityID 'http://10.209.34.25/shibboleth'
2019-09-19 02:29:27,855 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.209.34.25/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:29:27,855 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:29:27,856 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.209.34.25/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:29:27,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:29:27,857 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:29:27,857 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:29:27,857 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:29:27,857 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:29:27,857 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:29:27,857 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:29:27,857 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:29:27,857 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:29:27,857 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.209.34.25/shibboleth
2019-09-19 02:29:27,857 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:29:27,857 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:29:27,857 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:29:27,857 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:29:27,860 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:29:27,860 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:29:27,860 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:29:27.861Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:29:27,861 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:29:27,862 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:29:27,862 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2081749718::identifier=morty, context=org.apache.velocity.VelocityContext@3f68699]
2019-09-19 02:29:27,863 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2081749718::identifier=morty, context=org.apache.velocity.VelocityContext@3f68699]
2019-09-19 02:29:27,864 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 43772d129cb430e2065e4e55c4cb71bb31b5262a47b1e1b844925dace4bf9d97 for principal morty
2019-09-19 02:29:27,864 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 43772d129cb430e2065e4e55c4cb71bb31b5262a47b1e1b844925dace4bf9d97
2019-09-19 02:29:27,865 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:29:27,866 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:29:27,867 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:29:27,868 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:29:27,868 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c353e87e3a0408bc3fc67921d5c08794
2019-09-19 02:29:27,868 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c353e87e3a0408bc3fc67921d5c08794 to Response _9a0a62fcb0f447b2ce45fbc1e9a069c1
2019-09-19 02:29:27,868 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c353e87e3a0408bc3fc67921d5c08794
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:29:27,869 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:29:27,870 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:29:27,870 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx04RMFAsu/KVUdJDtDTb7wiZyay5kI8fWdRQGCXKNMYjjiOrNXYsEhYbSTXnZLbYIEOsU6dgdEjXEBEDNA73Fvt8gQepyvoqooeNbUU+P1eWehy9oMIf0lIgKqv3d6bGYdH0= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _1fdf431e5bfa0be6870370a39ee13de9
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.209.34.25/Shibboleth.sso/SAML2/ECP
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c353e87e3a0408bc3fc67921d5c08794
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c353e87e3a0408bc3fc67921d5c08794 did not already contain Conditions, one was added
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:34:27.866Z, to Assertion _c353e87e3a0408bc3fc67921d5c08794
2019-09-19 02:29:27,870 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c353e87e3a0408bc3fc67921d5c08794 already contained Conditions, nothing was done
2019-09-19 02:29:27,871 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:29:27,871 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c353e87e3a0408bc3fc67921d5c08794 already contained Conditions, nothing was done
2019-09-19 02:29:27,871 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:29:27,871 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.209.34.25/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:29:27,871 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c353e87e3a0408bc3fc67921d5c08794
2019-09-19 02:29:27,872 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.209.34.25/shibboleth to existing session 43772d129cb430e2065e4e55c4cb71bb31b5262a47b1e1b844925dace4bf9d97
2019-09-19 02:29:27,872 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.209.34.25/shibboleth in session 43772d129cb430e2065e4e55c4cb71bb31b5262a47b1e1b844925dace4bf9d97
2019-09-19 02:29:27,872 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:29:27,872 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.209.34.25/shibboleth and key AAdzZWNyZXQx04RMFAsu/KVUdJDtDTb7wiZyay5kI8fWdRQGCXKNMYjjiOrNXYsEhYbSTXnZLbYIEOsU6dgdEjXEBEDNA73Fvt8gQepyvoqooeNbUU+P1eWehy9oMIf0lIgKqv3d6bGYdH0=
2019-09-19 02:29:27,872 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:29:27,873 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:29:27,873 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:29:27,873 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:29:27,874 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.209.34.25/Shibboleth.sso/SAML2/ECP
2019-09-19 02:29:27,874 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.209.34.25/Shibboleth.sso/SAML2/ECP
2019-09-19 02:29:27,874 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9a0a62fcb0f447b2ce45fbc1e9a069c1"
2019-09-19 02:29:27,874 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9a0a62fcb0f447b2ce45fbc1e9a069c1 and Element was [saml2p:Response: null]
2019-09-19 02:29:27,874 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9a0a62fcb0f447b2ce45fbc1e9a069c1"
2019-09-19 02:29:27,874 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9a0a62fcb0f447b2ce45fbc1e9a069c1 and Element was [saml2p:Response: null]
2019-09-19 02:29:27,876 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:29:27,877 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"
            ID="_9a0a62fcb0f447b2ce45fbc1e9a069c1"
            InResponseTo="_1fdf431e5bfa0be6870370a39ee13de9"
            IssueInstant="2019-09-19T02:29:27.866Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_9a0a62fcb0f447b2ce45fbc1e9a069c1">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>O92vrseZkNw9ZmQGdb2TiTkxaCoTc+SprgPD0L3dUfSKVxTQHmBtg6EP4MUpYWEp9iT0cAFP5w+qYE1cISkkTg==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>pBVHO/FPWjMhroM1YJNtAyThA/XNFnCYFMaGzMkHOjHtgLzqs7nqjmaQgOwXWhmPavVEEs30uieHBhmgrP7I0zwGs+9aHwqQtoP0u5fuy5t4VdeM5Vp6ww1OV+IXzzLv0Hl9OB+/5o8sLQbyu14av7hn33h1V2r4+BEBfCA+dVP15LCtqYFV6ZIjkYqUaNblNmwt3ps/EweLOPISPup7IOHG0mZEbUVKGNPzt3Vsy0YF3IL5zqkehmBspAPHdvMEij40RgNPCsTHoXlJJxq+EHTvf9a6Scna8KpK7pYNQgaPcCzXitQGNaGkCru7oxb5d6R4e+wHrWms3WifQfVG/g==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_c353e87e3a0408bc3fc67921d5c08794"
                IssueInstant="2019-09-19T02:29:27.866Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.209.34.25/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx04RMFAsu/KVUdJDtDTb7wiZyay5kI8fWdRQGCXKNMYjjiOrNXYsEhYbSTXnZLbYIEOsU6dgdEjXEBEDNA73Fvt8gQepyvoqooeNbUU+P1eWehy9oMIf0lIgKqv3d6bGYdH0=</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.38.242"
                            InResponseTo="_1fdf431e5bfa0be6870370a39ee13de9"
                            NotOnOrAfter="2019-09-19T02:34:27.870Z" Recipient="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:29:27.866Z" NotOnOrAfter="2019-09-19T02:34:27.866Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.209.34.25/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:29:27.864Z" SessionIndex="_62bd864df9e27dc097cdbbdf95e96155">
                    <saml2:SubjectLocality Address="172.31.38.242"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:29:27,877 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:29:27,877 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022927Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_1fdf431e5bfa0be6870370a39ee13de9|http://10.209.34.25/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_9a0a62fcb0f447b2ce45fbc1e9a069c1|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQx04RMFAsu/KVUdJDtDTb7wiZyay5kI8fWdRQGCXKNMYjjiOrNXYsEhYbSTXnZLbYIEOsU6dgdEjXEBEDNA73Fvt8gQepyvoqooeNbUU+P1eWehy9oMIf0lIgKqv3d6bGYdH0=|_c353e87e3a0408bc3fc67921d5c08794|
2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:29:30,402 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
    <S:Body>
        <samlp:AuthnRequest
            AssertionConsumerServiceURL="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"
            ID="_916ea9ab1a2d70dc1306a663134eea65"
            IssueInstant="2019-09-19T02:29:31Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://10.209.34.25/shibboleth</saml:Issuer>
            <samlp:NameIDPolicy AllowCreate="1"/>
        </samlp:AuthnRequest>
    </S:Body>
</S:Envelope>

2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:29:30,402 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:29:30,403 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.209.34.25/shibboleth
2019-09-19 02:29:30,403 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:29:30,403 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:29:30,403 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:29:30,403 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2019-09-19 02:29:30,403 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_916ea9ab1a2d70dc1306a663134eea65', issue instant '2019-09-19T02:29:31.000Z', entityID 'http://10.209.34.25/shibboleth'
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.209.34.25/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message was not signed, cannot extract ChannelBindings from it
2019-09-19 02:29:30,404 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2019-09-19 02:29:30,404 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2019-09-19 02:29:30,404 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:29:30,404 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:29:30,404 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign' not permitted by input criteria
2019-09-19 02:29:30,404 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' not permitted by input criteria
2019-09-19 02:29:30,404 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.209.34.25/Shibboleth.sso/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:29:30,405 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:29:30,405 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:29:30,405 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:29:30,405 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:29:30,405 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.209.34.25/shibboleth
2019-09-19 02:29:30,405 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2019-09-19 02:29:30,405 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2019-09-19 02:29:30,406 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:29:30,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: false
2019-09-19 02:29:30,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Assertion encryption is not enabled, skipping session key generation
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:29:30.407Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:29:30,407 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'morty'
2019-09-19 02:29:30,408 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:29:30,408 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@12987893::identifier=morty, context=org.apache.velocity.VelocityContext@99a7fb7]
2019-09-19 02:29:30,409 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@12987893::identifier=morty, context=org.apache.velocity.VelocityContext@99a7fb7]
2019-09-19 02:29:30,411 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session a2ea351ac00e13a9e5f3955651b3abef04832082d7588d60ea008127e528e3fb for principal morty
2019-09-19 02:29:30,411 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session a2ea351ac00e13a9e5f3955651b3abef04832082d7588d60ea008127e528e3fb
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:29:30,412 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:29:30,413 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:29:30,414 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:29:30,415 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd
2019-09-19 02:29:30,415 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd to Response _e05441c89b3288169d2ee05442a4bc33
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2019-09-19 02:29:30,415 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2019-09-19 02:29:30,416 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:29:30,416 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:29:30,416 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:29:30,416 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:29:30,416 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:29:30,416 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:29:30,416 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:30,416 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxQOVFEqNaJnDMx7hMNTCu17pIiasDzbImAp+ZFOVk5CBlyqWpLbOAZP3iDyiGBeAuQ6lmXnSc2mbm+8Mc9WNCnNuw6yCYBBIPD0Nu1tR3B7ppEdXNw0kx3Hx8uKj1R2U6F4U= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _916ea9ab1a2d70dc1306a663134eea65
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.209.34.25/Shibboleth.sso/SAML2/ECP
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd did not already contain Conditions, one was added
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:34:30.413Z, to Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd already contained Conditions, nothing was done
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd already contained Conditions, nothing was done
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.209.34.25/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:29:30,417 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0f6f9bd5fa4bceacd0d8f770660dadcd
2019-09-19 02:29:30,418 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.209.34.25/shibboleth to existing session a2ea351ac00e13a9e5f3955651b3abef04832082d7588d60ea008127e528e3fb
2019-09-19 02:29:30,418 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.209.34.25/shibboleth in session a2ea351ac00e13a9e5f3955651b3abef04832082d7588d60ea008127e528e3fb
2019-09-19 02:29:30,418 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:29:30,419 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.209.34.25/shibboleth and key AAdzZWNyZXQxQOVFEqNaJnDMx7hMNTCu17pIiasDzbImAp+ZFOVk5CBlyqWpLbOAZP3iDyiGBeAuQ6lmXnSc2mbm+8Mc9WNCnNuw6yCYBBIPD0Nu1tR3B7ppEdXNw0kx3Hx8uKj1R2U6F4U=
2019-09-19 02:29:30,419 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:29:30,419 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:29:30,419 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:29:30,420 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2019-09-19 02:29:30,421 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.209.34.25/Shibboleth.sso/SAML2/ECP
2019-09-19 02:29:30,421 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.209.34.25/Shibboleth.sso/SAML2/ECP
2019-09-19 02:29:30,421 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e05441c89b3288169d2ee05442a4bc33"
2019-09-19 02:29:30,421 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e05441c89b3288169d2ee05442a4bc33 and Element was [saml2p:Response: null]
2019-09-19 02:29:30,421 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e05441c89b3288169d2ee05442a4bc33"
2019-09-19 02:29:30,421 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e05441c89b3288169d2ee05442a4bc33 and Element was [saml2p:Response: null]
2019-09-19 02:29:30,423 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2019-09-19 02:29:30,424 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"
            ID="_e05441c89b3288169d2ee05442a4bc33"
            InResponseTo="_916ea9ab1a2d70dc1306a663134eea65"
            IssueInstant="2019-09-19T02:29:30.413Z" Version="2.0"
            xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                    <ds:Reference URI="#_e05441c89b3288169d2ee05442a4bc33">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                        <ds:DigestValue>tdX3s57nAqTtCjqeLv+zFQAVN4CnROddWwiflMr/SNFiqN04ej061LcK1S1hIZzG5WFNDCekntkso8AlPaEzUg==</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>pCxyvLVKiy+Eibksy0Gwwp0noh6bjQ3DedDk9QwMxiGqnJnQdTNJTGXF/Ek8uwux8hUKZTYkhnF25ItZsQ+eDZAhBLdxtZmWTBxFz1gZnLrj2+yDVwaASSEDT/BBJxN3pAfF7ozP1oT6feNcRcp0JxVwsvwxoEMI/3LcgWeNDboNckHIRA0EEaEzQNhiRZ8sG16T4P//Sl4dueZejTjNR1mMYeTuZxO+DdozH1RoXEcpqJ+DaY1DpyMjorbY4yNhOUKWjhBpxM3gMP3JlRTQJ+r/+qtLX8JZ8txRrH2ahsU7rqFt44PxBmeUYWVOLXrmOTrms0wXiQXvyAtrs7pg+A==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status>
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:Assertion ID="_0f6f9bd5fa4bceacd0d8f770660dadcd"
                IssueInstant="2019-09-19T02:29:30.413Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
                <saml2:Subject>
                    <saml2:NameID
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                        NameQualifier="https://samltest.id/saml/idp"
                        SPNameQualifier="http://10.209.34.25/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxQOVFEqNaJnDMx7hMNTCu17pIiasDzbImAp+ZFOVk5CBlyqWpLbOAZP3iDyiGBeAuQ6lmXnSc2mbm+8Mc9WNCnNuw6yCYBBIPD0Nu1tR3B7ppEdXNw0kx3Hx8uKj1R2U6F4U=</saml2:NameID>
                    <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                        <saml2:SubjectConfirmationData
                            Address="172.31.38.242"
                            InResponseTo="_916ea9ab1a2d70dc1306a663134eea65"
                            NotOnOrAfter="2019-09-19T02:34:30.417Z" Recipient="http://10.209.34.25/Shibboleth.sso/SAML2/ECP"/>
                    </saml2:SubjectConfirmation>
                </saml2:Subject>
                <saml2:Conditions NotBefore="2019-09-19T02:29:30.413Z" NotOnOrAfter="2019-09-19T02:34:30.413Z">
                    <saml2:AudienceRestriction>
                        <saml2:Audience>http://10.209.34.25/shibboleth</saml2:Audience>
                    </saml2:AudienceRestriction>
                </saml2:Conditions>
                <saml2:AuthnStatement
                    AuthnInstant="2019-09-19T02:29:30.411Z" SessionIndex="_314453e228ce54b01ac7c97d3cd96334">
                    <saml2:SubjectLocality Address="172.31.38.242"/>
                    <saml2:AuthnContext>
                        <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
                    </saml2:AuthnContext>
                </saml2:AuthnStatement>
                <saml2:AttributeStatement>
                    <saml2:Attribute
                        Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="uid"
                        Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>morty</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="telephoneNumber"
                        Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="role"
                        Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue
                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="mail"
                        Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="sn"
                        Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="displayName"
                        Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
                    </saml2:Attribute>
                    <saml2:Attribute FriendlyName="givenName"
                        Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                        <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
                    </saml2:Attribute>
                </saml2:AttributeStatement>
            </saml2:Assertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2019-09-19 02:29:30,424 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:29:30,424 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022930Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_916ea9ab1a2d70dc1306a663134eea65|http://10.209.34.25/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_e05441c89b3288169d2ee05442a4bc33|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxQOVFEqNaJnDMx7hMNTCu17pIiasDzbImAp+ZFOVk5CBlyqWpLbOAZP3iDyiGBeAuQ6lmXnSc2mbm+8Mc9WNCnNuw6yCYBBIPD0Nu1tR3B7ppEdXNw0kx3Hx8uKj1R2U6F4U=|_0f6f9bd5fa4bceacd0d8f770660dadcd|
2019-09-19 02:29:45,845 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:ee440df8a60de8ed5974bed222c405d51c4cdba1237369b90401297c7c8bac9f
2019-09-19 02:29:45,845 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:29:45,845 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:29:45,845 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_261f7a2bfab653f5a950bd8e6f9ac2fd"
    IssueInstant="2019-09-19T02:29:45Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://hftpdev.i-sites.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:29:45,850 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://hftpdev.i-sites.com/shibboleth' from origin source
2019-09-19 02:29:45,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:29:45,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:29:45,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:29:45,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:29:45,850 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:29:45,850 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:29:45,850 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:29:45,850 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:29:45,850 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_261f7a2bfab653f5a950bd8e6f9ac2fd', issue instant '2019-09-19T02:29:45.000Z', entityID 'https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://hftpdev.i-sites.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:29:45,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:29:45,852 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:29:45,852 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:29:45,852 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:29:45,852 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:29:45,852 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:29:45,853 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:29:45,853 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:29:45,853 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:29:45,853 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:29:45,853 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:29:45,853 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:29:45,853 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:29:45,853 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:29:45,853 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:29:45,853 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:29:45,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:29:45,856 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:29:45.856Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:29:45,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:29:45,856 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:29:45,856 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905
2019-09-19 02:29:45,856 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905 to 2019-09-19T03:29:45.856Z
2019-09-19 02:29:45,856 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.38.242 but session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905 already bound to 172.31.7.69
2019-09-19 02:29:45,858 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:29:45,858 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:29:45,858 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:45,858 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:29:45,858 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:29:45,858 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:29:45,858 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:29:45,898 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hftpdev.i-sites.com'
2019-09-19 02:29:45,898 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:29:45,898 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:29:47,754 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:421cbdfeddeb081a1e444add0d674e786e7c6d2d97ac7c862409aefc7ee322a3
2019-09-19 02:29:47,754 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:29:47,754 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:29:47,754 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_18672ad671ce37740b5c0f2912309c83"
    IssueInstant="2019-09-19T02:29:47Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://hftpdev.i-sites.com/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:29:47,755 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:29:47,755 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:29:47,755 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:29:47,755 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:29:47,755 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:29:47,755 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:29:47,755 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:29:47,755 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:29:47,755 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_18672ad671ce37740b5c0f2912309c83', issue instant '2019-09-19T02:29:47.000Z', entityID 'https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://hftpdev.i-sites.com/shibboleth' does not require AuthnRequests to be signed
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:29:47,756 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:29:47,756 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://hftpdev.i-sites.com/shibboleth
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2019-09-19 02:29:47,757 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2019-09-19 02:29:47,757 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:29:47,764 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:29:47,765 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:29:47.765Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:29:47,765 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:29:47,765 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905 to 2019-09-19T03:29:47.766Z
2019-09-19 02:29:47,766 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.38.242 but session d67c88b66a9983483df2aed62dd3251ec4659d71c92eca31f9e129def48cf905 already bound to 172.31.7.69
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:29:47,766 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:29:47,806 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hftpdev.i-sites.com'
2019-09-19 02:29:47,806 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:29:47,806 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:29:57,096 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'sheldon'
2019-09-19 02:29:57,096 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user sheldon
2019-09-19 02:29:57,096 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@703570365::identifier=sheldon, context=org.apache.velocity.VelocityContext@23b9dea6]
2019-09-19 02:29:57,098 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=sheldon,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@703570365::identifier=sheldon, context=org.apache.velocity.VelocityContext@23b9dea6]
2019-09-19 02:29:57,098 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'sheldon' succeeded
2019-09-19 02:29:57,098 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:29:57,099 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:29:57,099 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'sheldon'
2019-09-19 02:29:57,099 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'sheldon'
2019-09-19 02:29:57,099 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:29:57,099 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal sheldon
2019-09-19 02:29:57,099 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d03134cbd1a10582b40ec4893adcba21be9c83a5b1b7d3fd5adfa5d1668095fa for principal sheldon
2019-09-19 02:29:57,099 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d03134cbd1a10582b40ec4893adcba21be9c83a5b1b7d3fd5adfa5d1668095fa
2019-09-19 02:29:57,100 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:29:57,101 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@66963d8b'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon:https://hftpdev.i-sites.com/shibboleth'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@682b0eb' with context 'intercept/attribute-release' and key 'sheldon'
2019-09-19 02:29:57,102 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon' value '[{"id":"*"}]' expiration '1600381579067' as '{*=Consent{id=*, value=null, isApproved=true}}'
2019-09-19 02:29:57,103 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:29:57,103 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2019-09-19 02:29:57,103 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2019-09-19 02:29:57,104 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2019-09-19 02:29:57,104 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2045e1f68c04cdaf680adcded9e0263d
2019-09-19 02:29:57,104 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2045e1f68c04cdaf680adcded9e0263d to Response _002421600230ebe0910b8f70245517f9
2019-09-19 02:29:57,104 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2045e1f68c04cdaf680adcded9e0263d
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2019-09-19 02:29:57,105 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2019-09-19 02:29:57,106 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2019-09-19 02:29:57,106 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxyBIiw0ZTm1c7vQkqkoZ1bHjNWqCQ22uRhA5QFHgpxEDcXPAe270w2jLGM6iW4/gblWHsAuKnLn+WrHO35k/FYytircMYnLiDNV8KN/24Ud+L1RPSTXe6txjE8b74zU7DhzKE8GxdPdVnIqxW with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.38.242
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _18672ad671ce37740b5c0f2912309c83
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2045e1f68c04cdaf680adcded9e0263d
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2045e1f68c04cdaf680adcded9e0263d did not already contain Conditions, one was added
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2019-09-19T02:34:57.103Z, to Assertion _2045e1f68c04cdaf680adcded9e0263d
2019-09-19 02:29:57,106 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2045e1f68c04cdaf680adcded9e0263d already contained Conditions, nothing was done
2019-09-19 02:29:57,107 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2019-09-19 02:29:57,107 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2045e1f68c04cdaf680adcded9e0263d already contained Conditions, nothing was done
2019-09-19 02:29:57,107 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2019-09-19 02:29:57,107 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://hftpdev.i-sites.com/shibboleth as an Audience of the AudienceRestriction
2019-09-19 02:29:57,107 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2045e1f68c04cdaf680adcded9e0263d
2019-09-19 02:29:57,108 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://hftpdev.i-sites.com/shibboleth to existing session d03134cbd1a10582b40ec4893adcba21be9c83a5b1b7d3fd5adfa5d1668095fa
2019-09-19 02:29:57,108 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://hftpdev.i-sites.com/shibboleth in session d03134cbd1a10582b40ec4893adcba21be9c83a5b1b7d3fd5adfa5d1668095fa
2019-09-19 02:29:57,108 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2019-09-19 02:29:57,108 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://hftpdev.i-sites.com/shibboleth and key AAdzZWNyZXQxyBIiw0ZTm1c7vQkqkoZ1bHjNWqCQ22uRhA5QFHgpxEDcXPAe270w2jLGM6iW4/gblWHsAuKnLn+WrHO35k/FYytircMYnLiDNV8KN/24Ud+L1RPSTXe6txjE8b74zU7DhzKE8GxdPdVnIqxW
2019-09-19 02:29:57,108 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2019-09-19 02:29:57,108 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2019-09-19 02:29:57,108 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2019-09-19 02:29:57,109 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_002421600230ebe0910b8f70245517f9"
    InResponseTo="_18672ad671ce37740b5c0f2912309c83"
    IssueInstant="2019-09-19T02:29:57.103Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2045e1f68c04cdaf680adcded9e0263d"
        IssueInstant="2019-09-19T02:29:57.103Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://hftpdev.i-sites.com/shibboleth" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxyBIiw0ZTm1c7vQkqkoZ1bHjNWqCQ22uRhA5QFHgpxEDcXPAe270w2jLGM6iW4/gblWHsAuKnLn+WrHO35k/FYytircMYnLiDNV8KN/24Ud+L1RPSTXe6txjE8b74zU7DhzKE8GxdPdVnIqxW</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.38.242"
                    InResponseTo="_18672ad671ce37740b5c0f2912309c83"
                    NotOnOrAfter="2019-09-19T02:34:57.106Z" Recipient="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2019-09-19T02:29:57.103Z" NotOnOrAfter="2019-09-19T02:34:57.103Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://hftpdev.i-sites.com/shibboleth</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2019-09-19T02:29:57.098Z" SessionIndex="_f1fdbe43c7baaab6d435f4f6b28a3ad2">
            <saml2:SubjectLocality Address="172.31.38.242"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2019-09-19 02:29:57,110 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:29:57,110 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST
2019-09-19 02:29:57,110 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_002421600230ebe0910b8f70245517f9"
2019-09-19 02:29:57,110 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _002421600230ebe0910b8f70245517f9 and Element was [saml2p:Response: null]
2019-09-19 02:29:57,111 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_002421600230ebe0910b8f70245517f9"
2019-09-19 02:29:57,111 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _002421600230ebe0910b8f70245517f9 and Element was [saml2p:Response: null]
2019-09-19 02:29:57,112 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2019-09-19 02:29:57,112 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;hftpdev.i-sites.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2019-09-19 02:29:57,112 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2019-09-19 02:29:57,113 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:421cbdfeddeb081a1e444add0d674e786e7c6d2d97ac7c862409aefc7ee322a3', encoded as 'ss&#x3a;mem&#x3a;421cbdfeddeb081a1e444add0d674e786e7c6d2d97ac7c862409aefc7ee322a3'
2019-09-19 02:29:57,114 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://hftpdev.i-sites.com/Shibboleth.sso/SAML2/POST"
    ID="_002421600230ebe0910b8f70245517f9"
    InResponseTo="_18672ad671ce37740b5c0f2912309c83"
    IssueInstant="2019-09-19T02:29:57.103Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_002421600230ebe0910b8f70245517f9">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>dJn8E8pNKXi/vx7OLp06zZnwaoDS4eHwFeVhe8AnPUrpYQa8W8JmAaQ3Ym0BnrLAL5mJY8sG5q36xPby3vl+VQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>FlbGrTd5cDFAXugGxIsRy7FwPd5ELdz5gspWUsvJDxvZ8Iias0+NR3GHMn+jp9IYph5HlwBbllKXyG9nVm3/11hsNtJWOC2k8BzeSvdOm/qzAP00j7K6JdLICVFLVJUS+rmgmT6nFtzTrAtLJ6u/CqT2asqFZn54wl4v8ebY2Ks/9h41LnHhIe2ca8uUE4H7m5VQoLhMy8nQzXRHam61g45htjriVuqKJj+sVzllAPQexVs1pNDL/0UceA1wWY0IpAJ+XDSKLOgRpjTj4/nqw65ZPiGDVc9FpjXVN48gKZU4BX/HphxczIEJOnBQyD0Kj/ZSFJQBxAzpAJXOTbYnOQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_902ab51598e753bcf41d5cd6b090ffd1"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_384eedc56f89fa00c3caf9436cf57bf4"
                    Recipient="https://hftpdev.i-sites.com/shibboleth" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEFzCCAn+gAwIBAgIUONhwAfMtaDakwKXsZzLTK0SDL24wDQYJKoZIhvcNAQELBQAwIjEgMB4G
A1UEAxMXd2ViMDUuaW50ZXJhY3RpdmUubG9jYWwwHhcNMTkwOTEzMTc1MzAzWhcNMjkwOTEwMTc1
MzAzWjAiMSAwHgYDVQQDExd3ZWIwNS5pbnRlcmFjdGl2ZS5sb2NhbDCCAaIwDQYJKoZIhvcNAQEB
BQADggGPADCCAYoCggGBANWEcM567UJnGwt3tHO/zzVLFJoZYpZhT6jYfADd9LvBOJg/wVDJFYsw
fP9u0oxkqmYwtoG2+Y2SNRCbgFt8DFqk0XQ6bj1YzANluSjzw7vwGxDPVAJ3FNFh5mlogB3xB7fI
iTYreDXUGkoOaOgf5Fsy9jYgwpJ6/rZQQ9XdpmKlSKuK/jpn73c58G/gS46MVMcri+xQ4Cu1F9Pg
DdJKfGGVcPNp4iYCZw3Yvj5T1wKQoEAPFEegZiwED0sKxVHHfQHkxHM8AqU5Z3594Z4KPdeBkCyP
VFynSURN583PMfSesllDEKdg1quqNSH3bks+fHzEbxEKY1eaFllKx6oxVC9dgV7XVNA4H2gkpSD8
iBxvJAODL/RjZ8gukVPdweq0gmEFdHwfTJYKGkCrCtoFkZiDjKrbksFrMYrtRfLxWhOLeoFRt4v/
yljpLN28tFouecfjNGTqqQ6Z4hn61nLmHshM4sIj185vw1T7zWaSFS9QEeld65BSllRrysKQV37i
DwIDAQABo0UwQzAiBgNVHREEGzAZghd3ZWIwNS5pbnRlcmFjdGl2ZS5sb2NhbDAdBgNVHQ4EFgQU
9GWe5JCxUOuyX6EaT9eELFp4cKowDQYJKoZIhvcNAQELBQADggGBAGQaYlX7R2Z0xx9Lp5UUjAXa
npjFeDoI7vA49sCoJaYqJ+OeljUPiyamIiAuC5Q4AxaeDTlKka8YtP5hh9ZQO+VRssyedLWmzD5L
CVr6dTgxV/oq1IPpnbShhg1gYuKPrwkjKThM6dNlzy1nDfMCucnIN3oyjNErpaDLE+o3GgtTWpm7
C/LWxecdKYoTHjNMUqSB+Es0iTPGI4kmg9oNW2CS7KyIzWjYjZrq9OiVv25tFww9mAPDNx4bgZZW
1iA13lTzNvF9OGf6LszjXqqNbt78PH5JoRJD/GwfwllCNDmzYarfH8UmwmUNb+IoRwhGnphevPan
0Cfc9P2i3+C0HzIz+wTzlFJCYzTRmOHLHfzakKwSaP0At/WfvDoIRvWJXotEXoKB6Me2Qw9wCc5K
sbqVP+kteLkwOe10YjiXceWpIUfuo2lMHZXPShLxwgEFDHVk2gpJEFe0I4Ox59+0ezrN/gxuwBu+
MOt2DU3gfe0jgZNiizq3sUBpyQ+GxUjPuw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>qzUoCLdCXlMJ0P+Ybyz9zS4LDbwBbQrZwUmyndacdY4LuKmn26hzqeN3ry9Gl9dP+yxtwhmjJ05Ys5eslX+qR/koLTqvEmujscrPZqGeqQNx+/ZfGqYt0shRFqnfL7SzeCZbNgiJdUoSV082xU2zK9+TqcVwoAzhj+dPVrc2wNZQ4GdwenIEnDbJv9ca5HNbcjhlUPQABFkG0jRr7j8vQeEomZBU7jY2pACye/Bgpl/YXteVECBl4+WJWp/JgFhiAXiT5nFb2UraEFtE6FjZohp7cwlag2cdoZZoaMZngyvG9ZUmeHY3S9KMTEyYHmyGKD9UlkMvmxfhEfsnAv/OhlTNU9nRnZOunl7LY5w2q0R1HMjTMBMISU6Lj1koCHFsSY7etI1j2sohsA/W/KoyEprPbkRr772mxrbRdRbwQvweDMJ8Ebbgorfap7WABvyZriprlX9fp2tWI55LX5ppLpoDcFIbG3K2iurvbHykUvE7IS/I5imBEo49x4pLaVGU</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ms0s/06XaHpkojYp34jT8e8TmA6IKdOufeFLh4smp75pa9VT6+A9LSslmKNLQU/mf2fKOxUD3eqbCeDOHY/VUXI/M3Cqws6O1RT/aOdHna2u55kyJmUejySEeb4R/Bk+u3+sbTRljmqC6VU/eHtSQyk9xRv9ZxPdfk4/mK6wqv7Rcy20Wy1GcF2SwqPNFzSGZffPPolEAovuv6RIGNTpk1VRU/LD8GBPiLY6lbb19LW125StMsA4WTnhqqrGHiEYUtOD0c5koIM8zpJzUgnUVoq1esl+cITj4D67iHf/e2qhVYteuMVjbheavGr8Bd68NJfteAo43VCcWvCce9H6ZYnJI/xKlBhWvQDQHleoEJ1T2ApQATfIrlkcK+3Ykk6dZgkxwIl9+rQmOva19v0tdkdERB3pX3FJL4FF0uJQuKI5qVR+aecYW6AwJzCENNgTHnBzMJ575wHOq4NukfqqpTOkm/ae+M8ML6vnMrF/bvDfz1rSa+fz+KihzD7dt3uluIrIsbrBi81FzNygsd35LEErWpObhi3nNwHA1rdPYfDJ60U6abXMATsKPhpFCENZIoUiTx51JpLEZio/OChrAmtEb1sBJ+59b0vRSYslDosUClc8Jdbl4k47o9/2vP/TWiZUS8V6mAOC/JYo7UytPUlaQrGwFG9XZU1OawQDHvoxdmpdoFWSg4OdRGw2hFjeCtffqi0eeKXMwiSof2YodMGMTBhxWJ5ReMxl0WUbpjhsGjEK6NucCPqgZuXFsktPOfAyYEoWY8EdsY6fGHVFb2imI+654Pf0qPVT9WDPqa7hrOytlmA9/GhK74z7nYJsA/IhbK/Z0kM6kAJEh7WLV0niZXkmC66CIrv3Si+GjV1XWphbHDkuDYDbD6echdO4N9yF8lIJzIEo+2TEO1vdFcuJRp+d0wEK/Va4/LaDBPbPURCkxGzgwEy5rMZS5oE3747s423APfS0VcxJPG2o1fEZ9nKXMH1evRFWhkZUBJqgxBy/JxB7MmxYpUQYb+GpkciQxcmyi9xtvg2cPjQ5HFToI58y63rt5Y6v31hXMiIpxnOFNJjAgSwQ9ch90to5Ey0nw5XPhLmjgP7nBjmlsQA5rE/M1h4PP+xz73/A/tPNCXhr+J1Vsh6wU4Lb9PDo4FEzSu9E5omm4bz2Z/sH3Uz3hP77XPw6yjvv2n8luMzj9LDgXueCRggPQr9aSZ5+kDCGRHWivqaUirok7wyM8MKoYJHUfjTieT5oY883dgMwcEEFMuBrAkTB1igwuxwmqhWpTMnzILj3AjPoXVmmzcubbu1ES7fZfz4kzMxhEIkrIqS/IdQvsnMUAoglttGO3GwGhLYCf1Ta62CWIghufWlpjrJ0BrQ0aQLuij93PV6Ul+PolVsZpSQXo6JnQoatIxFefUD7+hbRgUlUXWGJSDGNfGM5+2VOZnODSDRdzxtZqdPZ5iTkGGXMLopwWoVuTZj233RGR/kwsN4T3412gycaKttzJLljI9QvgUs4GM6+1nBJ9APg1SrYLE8zfJdUPc89/x7GfCMvU6TLxPHfpR263UnbqaOTxrxocsL+b7+MNHuV9gzX1wyUMOoU46cioPPO07zm59EVjFW+pog0EcFYdWrO3GnELp512iUJ0jnNpGMAI+YDa5kK6W2A2QsxGIa+USK75iKHXj/CDh7EnHRwlSdB3b6cNx/O2l3+MrcBYiym90CLsTuaijaEVXqOd9htRp5LfQwiaUdq9Kz0PLG5bjectp5tL98KFbNzyySXbWdCj3bAH4GrHrLPooLhbBqilREWPgULsA4+sox6odylgumm8DGyIOA1s3OKcwLDke9/C3GvIm2bkq0d4sMicp6LFBXnXQtfg8iokAjEkV3pGRevyl1Yq1VaNhMbBI+1dzf8/GJ0KbpPovLO54kltsa3zO1vXh4SAcLx0j9lBKC+fFjgJzfHgnDcaQRgjyW9qVy8ok2or2S0y3g0V2dClugvfpwD1cT9A/hZPYQsPJnPcRg+Er01weKq1yR+diex+Xu1f93wxXW97iNaLKx6GPg8VB19RZmJJTaEqCUU1AGpF0Anee5P2KzaB3V16FA5xn96/bKzVrZewZU25XulGG6suLn8o4r3aYbfuj4tKhVlytDQq6Tk0YTCwdJJPnTS5zLtuPbKWdPSFBBORhA67khqh4IZeuyBFmq3+lBMv85RMnZ3sgev1FaE8U4GYI2G1YPG2USxFFVJmJNjkyKcudN+rmm7gWMiI0Q53USidavTbRaMZaLgZOFI/mpbyp1ANdZ+u4KvPZdi76jjpZnWoWXF3fj4wZa4m+jt3vtgml+I9Xh5uj+38UhnqBuyF5944/hHzu7C1RSzCNo2tUqxg/OSz5IjbioGlCZFpTuX8VnHdL9ga/lYLtEYPBnjzXIPVQf7Eyr2DiUR77mXWsYsX6FpJJawj0DA//9PKPwW+0hbo0c+G+D2nldKBF7WdX9iwu3PwBdy8DA79mo1p0vEYXSdTu6BqSRmLtrL5BVA7/6U/Mvc5GbY6J9m6urEXlFMYE/Ydh2SViJV2DcZIn0s8xowsjPPt8+1kicDWkmW9uc6Uc7fwQrzQgN3Jmz7yB/R6Ntwnave56ngDkJMAJKvfFgX2DtSwpyJwtGWYTJqBRq1Exz1HkLKmNOI8j8YlWohd6SCNxIFb86vcUEQTkNrOa9mKbnOkL3Sz2gXL6UEk7vSmY0mO9jjaIXhcvpu+1QdGDGxwVhjntZ4r+B9clunXyTZP8fZjTJn+8cPqfH1oL6ctTTLpFa0TCt0QZWLbviEYLs7wU6aWaDX1ESzsVuHRldfA1/UF5dryp2QMMjJpeZ3xA6ujSXI6LAJk4uLpEH/69C9sNqyqfL7OqZxiGAEsTZ9PX8+2JOAm8Ywxco04R7kHuSGv/DOlVSbbF0bC8nZYNEEWYpli1Ly2oOFXt/6PlSYerNXRnvzHMqTOsOLbEIiVEd+MKR9zdrpOoD3D+V4m+eZGZyhr03LN7tZ9U3yS8PNoq6fKs8wCdN507uKawQbdekI0RmM2CHsgfoJnCo3F8AqA0W/XwF7q7Nqu6/G+RVbwf6PecisYESVVK+RhKUKV8z9J3t6eRWOc9tjCggbkjJUXsInmihDQ6r2yG9oo9t0Em4iN28851WyEDTCeW0QxCjpOHsrsvT/I6mR2ooT/m4VqDlp2a/+eeNwD3Pr6CphSxZpTuogkkxXM+MWEuU6l4JFl5SlwZTqE3UvBUUCnIzQK0MONkNryhV5tYZX122GyJHsuTyHCUqGnkjSBdnqSWLprwgXrhkcXxaKWPQZoFCTpzXPinuTRcT/fXtZvAQlbRiW970KI0oHGf9q11n9iIv8Z7ppa9p17uqqBDFjSvDmzCk+IWOPU7aZkqbdfgmRkQiqiW9QMGiJgI9FZjK5ZCkeyVdeLbyUibLubykWOCFJkZk2vmoNR+gK0yWKDU6NfqYnlrA4OcMyS5LRWFsyGA4vQMeRJ4iPpbvITQUCjGmX72Jnh1SrJXMDG9RsRaaG0F4NUjksUbzq8RUf1k7gP8KwlTbj2yqK4g9FcwUZcfwQA5yhR50WgWjbNFbnzh4FoxwVoCUsi8Cq/CSRhkofhQU0hyAdS7tu6bZxcs78jXO9lK5kvQ7KWLEro1WFVu6Du03CuKf7mxpKo3Dm+ZsmAzc78+MCTONKleuRudVncWw/PnMnbbkoEbGJbuW2uTib83r/n4NctoJx0tASG426bJO0LEeFl+5YKtXX6HfV1yZ02+YOldm6Awr4CGmxjYsniBh5bOVbK/SqBEIVJ9kteCgFkuVuykBJdg7zntaGNV9UYq2KdOmORFOm3OpIxrO+PXb+df8lBlGEGii/l7y1aN21TL1xRec4LZj2+y6gkdxo91SeQOqenUQ4Y2GIpJWWIFhbQf1qCHrJWUbUcOpaimQLwe1cok4E3ZHYWwfP9Tuek9UC0EIKMg9guzZGzydQNNHA9Rt6HC+GX74ztNjvbbn5EbI6a6TvCh6Toa/RivHZbhDcdQEMQoAk24V/yQGlfnHbHHme/Lo9yI/7rzmktmVi1PW4cqyuK1Vd+0J8vC+fC3v4Eal2HpHRSmRM5wVakQuGghCi2v55FDDjof67hhH87xv42eFSHFPZbpD+YAQcPuVhkDbYWKgY7GEmlYwdk1liKNVJCIQLKnVdSVkWNUy0OfsKqDxnrLtx/W0MjxCYJyuf+F4H6f+WmMzimqeZ/5w53EymeMMVFai2W9Ly0t+FbUWiR/ldQ5NBPHcgHqMrR579AixQOfiOWjnzobZ1MPHAG7Al4W9DIy3A+6Bb+I7y5PnglAEpQcxi5rl7MfMQSyW2ivzfV9r/b3HzDfWwepc+wV9Oz12W9028KngUjQFS5n1s0EPnB3bxYcpMuZYPMi8miLUE6GmwjdkiQINGnq1Aky4J9i/cZJh5p3U0aveowH1IzXYVXjf4Z31Iw+z9irMoWYj09l4Ki6OgqPw5UYMlR16mo1SToYl8WZY3D3C8PBFlouwYE7kGSnbp30QXvkXtP2l2nlx4leopCAROxLMSXbscy8HRb2CaZF07xmDDuM1bet47iikmkAUWf4elUDdGVcBLed/2Ee4WzOXt9hWXhDogMCriG+2I5sZ3tEniZEW+N+qQOxgQ6wnSwV3xFQE/USQuyS/KzlsuJXrk+qzl7nVRIanF0q/wJJP9qq2lbDhSQFELQgr8dWUf1+Bhu+wBtD09Cx2Fa/1ul2x9lbrFN89avJi2of5LiTT4AtCheJ+VXyNoq1/ES5vIoDr6JZtrCn4gx72rUW01vBdNJOmV1YAsSCDhQ9NkRaMM3Vw=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2019-09-19 02:29:57,114 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2019-09-19 02:29:57,114 - INFO [Shibboleth-Audit.SSO:?] - 20190919T022957Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_18672ad671ce37740b5c0f2912309c83|https://hftpdev.i-sites.com/shibboleth|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_002421600230ebe0910b8f70245517f9|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|AAdzZWNyZXQxyBIiw0ZTm1c7vQkqkoZ1bHjNWqCQ22uRhA5QFHgpxEDcXPAe270w2jLGM6iW4/gblWHsAuKnLn+WrHO35k/FYytircMYnLiDNV8KN/24Ud+L1RPSTXe6txjE8b74zU7DhzKE8GxdPdVnIqxW|_2045e1f68c04cdaf680adcded9e0263d|
2019-09-19 02:38:15,292 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:2329c6a4d30850bdb2eb4315962967127bb469ceaf845e7973be2a01e237ae08
2019-09-19 02:38:15,292 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2019-09-19 02:38:15,292 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2019-09-19 02:38:15,292 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://104.40.238.223/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_3159d4bf89af5e997505e17bbaba0788"
    IssueInstant="2019-09-19T02:38:15Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://testomachinos.westeurope.cloudapp.azure.com</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2019-09-19 02:38:15,297 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://testomachinos.westeurope.cloudapp.azure.com' from origin source
2019-09-19 02:38:15,297 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:38:15,297 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 0 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:38:15,297 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Candidates iteration was empty, nothing to filter via predicates
2019-09-19 02:38:15,297 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for http://testomachinos.westeurope.cloudapp.azure.com in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2019-09-19 02:38:15,297 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2019-09-19 02:38:15,297 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://testomachinos.westeurope.cloudapp.azure.com
2019-09-19 02:38:15,297 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID http://testomachinos.westeurope.cloudapp.azure.com)
2019-09-19 02:38:15,298 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2019-09-19 02:38:15,298 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2019-09-19 02:43:20,219 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2019-09-19 02:43:20,219 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2019-09-19 02:43:20,219 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2019-09-19 02:43:20,219 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost.com:8080/saml/sp/SSO/alias/sso-associate"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQ4be0078-1223-42b5-9c25-04afd9ddff64"
    IsPassive="false" IssueInstant="2019-09-19T02:43:18.467Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ca:homedepot:auth:sso:associate</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQ4be0078-1223-42b5-9c25-04afd9ddff64">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>asLqX/k3CSff4nym8m7Q0tGIdSl1hqYfTvuQgRQvQt0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
nVqToLJUr5WyJSpK05YfXDYLWR90AM74cB6ITSqo/sBzg3r4PT6JsRL+0cCRPjlr6vDzKe0MvohK
plY6TJuEkR+E41GjDcUNkoSwEe/xbVwvr2Q8HuJEEPVX4eLQ4BcLRHpyMlAUE7XjNJd9HtKPDj/B
/LaCn+o6UJ1wMZPugI2iMsZwAhxeH1KL2fBipwkJv+OhMwgBW03/X25gY4DNccjtKBB5YiQQHU+E
25611PqsAYW3f7TQyiPvs/HUfMXhVsT7UfBPlfFlFqdA2gCc7LzsLPIa/P31KRemfSHclaklE7Iy
3CVMxyLzQ64u+tC3GqwMXZT3EOTYTJzG/MiJEg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDljCCAn4CCQDBMt006KgZVjANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCQ0ExEDAOBgNV
BAgMB09udGFyaW8xEDAOBgNVBAcMB1Rvcm9udG8xEDAOBgNVBAoMB2NvbXBhbnkxCzAJBgNVBAsM
AklUMRYwFAYDVQQDDA1sb2NhbGhvc3QuY29tMSIwIAYJKoZIhvcNAQkBFhNlbWFpbEBsb2NhbGhv
c3QuY29tMB4XDTE5MDkxNDAyNDQ1MloXDTIwMDkxMzAyNDQ1MlowgYwxCzAJBgNVBAYTAkNBMRAw
DgYDVQQIDAdPbnRhcmlvMRAwDgYDVQQHDAdUb3JvbnRvMRAwDgYDVQQKDAdjb21wYW55MQswCQYD
VQQLDAJJVDEWMBQGA1UEAwwNbG9jYWxob3N0LmNvbTEiMCAGCSqGSIb3DQEJARYTZW1haWxAbG9j
YWxob3N0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzDiifuVAjAnFTxesPh
IPQS86goXr+hK7+7gu+q5zvlw57oUhGTz8SZG2s5NjNCFIc/y8Q1jha7JJmrLaZQOiZp+w9rDLZ1
ILRLJG1gniMBGjAJWnDWQgc4PdIH9kcGRRUyTGzQKEdLqur1lYTac0mtXNp8CWtUL+y/9L8l77AF
wZPjiAjsu+La2STQYKZ+nGOg/a/Y+8Sck69GTgQrpNLhWDqXS9pLsDVf/W5eQ/GDkSXV7sZU3u9A
3gCdgBbbTdDHMsr/z8GY+svsUmyQ1YUPhOuchElBOPCQAF1+BZr189GRlLKxb6nmj43rLPFzZFr0
HJePgHvIxIaVAfeJEGcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAWcm5Kom9RwU+GJR+iBu74qxG
C+TZYf/YBdAHf3P6dKM0hauaTxCuTO/bgmQKc/x3dGZEhjgov93f+mcDEvi4j+AmbvMXS+L4s3Bj
dmlSKUG+ZjXnQOVmj2hCRfDlahhX9xP8JhVwchF2YeSoX7Yz0knWFEVkRgpzFOyXnf6x9HA/pE75
QYyoO1dHCPzlocgBEJnqCgzELzIz963ok2LMqOcfZr5WgpLMI/IGNKBOFbUyRJjS71tkFFP5g2F1
1Wryp8CVBhgfzFc8sOUPlXXCH76Up7BukHTYvuTheXWOJMVknI5OrZdXN+XqgmQT/ohih3jedMYp
ej/kNI/Iz3nCBA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" SPNameQualifier="sso-associate"/>
</saml2p:AuthnRequest>

2019-09-19 02:43:20,224 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'ca:homedepot:auth:sso:associate' from origin source
2019-09-19 02:43:20,224 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:43:20,224 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:43:20,224 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:43:20,224 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:43:20,224 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2019-09-19 02:43:20,224 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2019-09-19 02:43:20,224 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2019-09-19 02:43:20,224 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer ca:homedepot:auth:sso:associate
2019-09-19 02:43:20,225 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ4be0078-1223-42b5-9c25-04afd9ddff64', issue instant '2019-09-19T02:43:18.467Z', entityID 'ca:homedepot:auth:sso:associate'
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: ca:homedepot:auth:sso:associate, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'ca:homedepot:auth:sso:associate' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2019-09-19 02:43:20,225 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:43:20,225 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2019-09-19 02:43:20,225 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2019-09-19 02:43:20,225 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 23829225539562106213014301243136041322282988309009629279671692767873527207106584569321402730087158735920646049799503627116539537460404897658568743128624945094667341403795258008484236975206751892292087484478959653919708361901490135901133771388720714171418031251092948541534737194855640573850633457913502644827905892037369652523746279304726983406106249326604483780215280811125663741291992488631627682952696870519409262777963202278034175849414250621536710205906469560046682159959454526094436102676443116228928628411505004702620922939540309272548245989155051563888715123190234569707636418619677273315040341865652464193639
  public exponent: 65537
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ4be0078-1223-42b5-9c25-04afd9ddff64"
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ4be0078-1223-42b5-9c25-04afd9ddff64 and Element was [saml2p:AuthnRequest: null]
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ4be0078-1223-42b5-9c25-04afd9ddff64"
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ4be0078-1223-42b5-9c25-04afd9ddff64 and Element was [saml2p:AuthnRequest: null]
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQ4be0078-1223-42b5-9c25-04afd9ddff64"
2019-09-19 02:43:20,226 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2019-09-19 02:43:20,226 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2019-09-19 02:43:20,226 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID ca:homedepot:auth:sso:associate
2019-09-19 02:43:20,226 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2019-09-19 02:43:20,226 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2019-09-19 02:43:20,226 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2019-09-19 02:43:20,226 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2019-09-19 02:43:20,226 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:43:20,226 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2019-09-19 02:43:20,227 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost.com:8080/saml/sp/SSO/alias/sso-associate using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2019-09-19 02:43:20,227 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:43:20,227 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2019-09-19 02:43:20,227 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: ca:homedepot:auth:sso:associate
2019-09-19 02:43:20,227 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2019-09-19 02:43:20,227 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2019-09-19 02:43:20,227 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2019-09-19 02:43:20,227 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2019-09-19 02:43:20,230 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2019-09-19 02:43:20,231 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2019-09-19T02:43:20.231Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2019-09-19 02:43:20,231 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2019-09-19 02:43:20,231 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2019-09-19 02:43:20,231 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID f18247dff133007a7ad579850dd756027b7929b05244784b7109dd67651d4050
2019-09-19 02:43:20,231 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session f18247dff133007a7ad579850dd756027b7929b05244784b7109dd67651d4050 to 2019-09-19T03:43:20.231Z
2019-09-19 02:43:20,231 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.19.108 but session f18247dff133007a7ad579850dd756027b7929b05244784b7109dd67651d4050 already bound to 172.31.38.242
2019-09-19 02:43:20,232 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2019-09-19 02:43:20,232 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2019-09-19 02:43:20,232 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:43:20,232 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2019-09-19 02:43:20,232 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2019-09-19 02:43:20,232 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2019-09-19 02:43:20,232 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2019-09-19 02:43:20,346 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'ca:homedepot:auth:sso:associate'
2019-09-19 02:43:20,346 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2019-09-19 02:43:20,346 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2019-09-19 02:43:26,574 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2019-09-19 02:43:26,574 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2019-09-19 02:43:26,574 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@323809128::identifier=morty, context=org.apache.velocity.VelocityContext@45cf2fbe]
2019-09-19 02:43:26,575 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@323809128::identifier=morty, context=org.apache.velocity.VelocityContext@45cf2fbe]
2019-09-19 02:43:26,576 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2bd7adef09545546f182f9ed94613d0bb8f9e90d803bd2622d8ec9d571239551 for principal morty
2019-09-19 02:43:26,576 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2bd7adef09545546f182f9ed94613d0bb8f9e90d803bd2622d8ec9d571239551
2019-09-19 02:43:26,577 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2019-09-19 02:43:26,583 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2019-09-19 02:43:26,584 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2019-09-19 02:43:26,584 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2019-09-19 02:43:26,584 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5a0247ae'
2019-09-19 02:43:26,584 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:43:26,584 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:ca:homedepot:auth:sso:associate'
2019-09-19 02:43:26,584 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@60f008a6' with context 'intercept/attribute-release' and key 'morty:ca:homedepot:auth:sso:associate'
2019-09-19 02:43:26,585 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:ca:homedepot:auth:sso:associate' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1600354996347' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2019-09-19 02:43:26,585 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2019-09-19 02:43:26,585 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2019-09-19 02:43:26,585 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribu