2021-06-19 13:00:04,047 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-06-19 13:00:04,048 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-06-19 13:00:04,048 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1260188824::identifier=morty, context=org.apache.velocity.VelocityContext@8cfefa1]
2021-06-19 13:00:04,050 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1260188824::identifier=morty, context=org.apache.velocity.VelocityContext@8cfefa1]
2021-06-19 13:00:04,053 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-06-19 13:00:04,053 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-06-19 13:00:04,053 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-06-19 13:00:04,053 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-06-19 13:00:04,053 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-06-19 13:00:04,053 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-06-19 13:00:04,053 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-06-19 13:00:04,054 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 4bc7aa389c025d34420d4d8d90aace90e992051ae1da26960e7923f801d933ad for principal morty
2021-06-19 13:00:04,054 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 4bc7aa389c025d34420d4d8d90aace90e992051ae1da26960e7923f801d933ad
2021-06-19 13:00:04,054 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-06-19 13:00:04,056 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@54158ce'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-06-19 13:00:04,057 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-06-19 13:00:04,058 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-06-19 13:00:04,058 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-06-19 13:00:04,199 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'cas:apereo:pac4j:saml:01d7a92ec43b5d54'
2021-06-19 13:00:04,199 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-06-19 13:00:04,199 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-06-19 13:00:04,199 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-06-19 13:00:04,199 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-06-19 13:00:04,199 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-06-19 13:00:07,434 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-06-19 13:00:07,434 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-06-19 13:00:07,434 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210619T130007Z|cas:apereo:pac4j:saml:01d7a92ec43b5d54|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1655643607435}'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54]' as '["morty:cas:apereo:pac4j:saml:01d7a92ec43b5d54"]'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@54158ce'
2021-06-19 13:00:07,435 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:00:07,435 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-06-19 13:00:07,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-06-19 13:00:07,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-06-19 13:00:07,436 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _3db0a88477bfee71de44b0edf5d1ab67
2021-06-19 13:00:07,436 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _3db0a88477bfee71de44b0edf5d1ab67 to Response _2a63784434bb42811d60ec764192fd6d
2021-06-19 13:00:07,436 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _3db0a88477bfee71de44b0edf5d1ab67
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-06-19 13:00:07,437 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-06-19 13:00:07,438 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-06-19 13:00:07,438 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-06-19 13:00:07,438 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxQVa0CqJN90QJkG0flC8F6SaMrO+5ZwCmzk3gDHaZDzVE3YaR7bg38gwZuUYbiyPIAUTiLvqnnQdUXYGr0rW5RZL2rISkATnlLXeZYQdNTlzptGwCBkt4QsDGwjbqxRfTbHVO3Q3Qurs+RQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 13.82.212.249
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _8c9c4497aa5c4fd5b01caf3ad30dadc46032685
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/cas/login?client_name=SAML2Client
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-06-19 13:00:07,438 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _3db0a88477bfee71de44b0edf5d1ab67
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _3db0a88477bfee71de44b0edf5d1ab67 did not already contain Conditions, one was added
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-06-19T13:05:07.435Z, to Assertion _3db0a88477bfee71de44b0edf5d1ab67
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _3db0a88477bfee71de44b0edf5d1ab67 already contained Conditions, nothing was done
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _3db0a88477bfee71de44b0edf5d1ab67 already contained Conditions, nothing was done
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding cas:apereo:pac4j:saml:01d7a92ec43b5d54 as an Audience of the AudienceRestriction
2021-06-19 13:00:07,439 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _3db0a88477bfee71de44b0edf5d1ab67
2021-06-19 13:00:07,440 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party cas:apereo:pac4j:saml:01d7a92ec43b5d54 to existing session 4bc7aa389c025d34420d4d8d90aace90e992051ae1da26960e7923f801d933ad
2021-06-19 13:00:07,440 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service cas:apereo:pac4j:saml:01d7a92ec43b5d54 in session 4bc7aa389c025d34420d4d8d90aace90e992051ae1da26960e7923f801d933ad
2021-06-19 13:00:07,440 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-06-19 13:00:07,440 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID cas:apereo:pac4j:saml:01d7a92ec43b5d54 and key AAdzZWNyZXQxQVa0CqJN90QJkG0flC8F6SaMrO+5ZwCmzk3gDHaZDzVE3YaR7bg38gwZuUYbiyPIAUTiLvqnnQdUXYGr0rW5RZL2rISkATnlLXeZYQdNTlzptGwCBkt4QsDGwjbqxRfTbHVO3Q3Qurs+RQ==
2021-06-19 13:00:07,440 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-06-19 13:00:07,440 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-06-19 13:00:07,440 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-06-19 13:00:07,441 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_2a63784434bb42811d60ec764192fd6d"
    InResponseTo="_8c9c4497aa5c4fd5b01caf3ad30dadc46032685"
    IssueInstant="2021-06-19T13:00:07.435Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_3db0a88477bfee71de44b0edf5d1ab67"
        IssueInstant="2021-06-19T13:00:07.435Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="cas:apereo:pac4j:saml:01d7a92ec43b5d54" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxQVa0CqJN90QJkG0flC8F6SaMrO+5ZwCmzk3gDHaZDzVE3YaR7bg38gwZuUYbiyPIAUTiLvqnnQdUXYGr0rW5RZL2rISkATnlLXeZYQdNTlzptGwCBkt4QsDGwjbqxRfTbHVO3Q3Qurs+RQ==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="13.82.212.249"
                    InResponseTo="_8c9c4497aa5c4fd5b01caf3ad30dadc46032685"
                    NotOnOrAfter="2021-06-19T13:05:07.438Z" Recipient="https://localhost:8443/cas/login?client_name=SAML2Client"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-06-19T13:00:07.435Z" NotOnOrAfter="2021-06-19T13:05:07.435Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>cas:apereo:pac4j:saml:01d7a92ec43b5d54</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-06-19T13:00:04.053Z" SessionIndex="_df1d5fbcc48776b8ea25799ab774d119">
            <saml2:SubjectLocality Address="13.82.212.249"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-06-19 13:00:07,443 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/cas/login?client_name=SAML2Client
2021-06-19 13:00:07,443 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/cas/login?client_name=SAML2Client
2021-06-19 13:00:07,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2a63784434bb42811d60ec764192fd6d"
2021-06-19 13:00:07,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2a63784434bb42811d60ec764192fd6d and Element was [saml2p:Response: null]
2021-06-19 13:00:07,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2a63784434bb42811d60ec764192fd6d"
2021-06-19 13:00:07,443 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2a63784434bb42811d60ec764192fd6d and Element was [saml2p:Response: null]
2021-06-19 13:00:07,445 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-06-19 13:00:07,445 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/cas/login?client_name=SAML2Client' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SAML2Client'
2021-06-19 13:00:07,445 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-06-19 13:00:07,445 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-1-ApIzg87K7RqWlsNDt46CdAON-1Rt2ATw', encoded as 'TST-1-ApIzg87K7RqWlsNDt46CdAON-1Rt2ATw'
2021-06-19 13:00:07,446 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/cas/login?client_name=SAML2Client"
    ID="_2a63784434bb42811d60ec764192fd6d"
    InResponseTo="_8c9c4497aa5c4fd5b01caf3ad30dadc46032685"
    IssueInstant="2021-06-19T13:00:07.435Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_2a63784434bb42811d60ec764192fd6d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>AgQxsWYT62c4hRMgSxc7ALoHSQXH9SpMSoagtgawmug=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>iSjkKmTtvMsyXCkFhTGWNDUHNDGXnewfj1Lvu1/XE6OZdHDEmQYVLrPubWjnWacRhDZ7hrd7QLgtwC73i6cKAb6KR+E/8AZHhx/f3lt87f7Ns3RAfmBffOVHp8JVgu4jmjNEP2YeMSmtDaiofmkwPWrJIdGMqE+2XADAYSNXRpo5/DM/zCN6BR+oPY/YkYKGqbT6dAIawkrEn5ei3GWsnEQCxxEkU+aXCBHxfWjdB7T57qPFMlEnPDBk53nlq7wVs2/oewZk88PFa1LKN/6RjJnPnuZwhpEteZ1H/5gNKq41Sfu23QtC2ukHJffLRHLZ4IJbHXE1D+PWcBC03AbcGA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_3ad8dc898a0a4d54a4c1afd7ab6b26f1"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_96874ed8ae5b5f88140f4e41c84a888d"
                    Recipient="cas:apereo:pac4j:saml:01d7a92ec43b5d54" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICpTCCAY2gAwIBAgIBATANBgkqhkiG9w0BAQUFADAWMRQwEgYDVQQDDAtmdi1hejE1NC05MjAe
Fw0yMTA2MTkxMjU5MzhaFw00MTA2MTQxMjU5MzhaMBYxFDASBgNVBAMMC2Z2LWF6MTU0LTkyMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVp0A/Hs70f7vywtu4IFZvnUvzZxvZHyhkHf
mSBZBqqYiXsd/Uys/pGgIMa/W4lFVzASmJBsEKNk+GeF202SlOIJtj8oEGHk2dxOlj29HgUjV/r/
SkegZhlJG0E353VJRrhOoPau3GQWS3CZuYuJmgk+x9tp6F78OB6uANdOPd92SKsXRxeXwZ594382
LzYvry1vJHupg6NdsvuzRb3qfaJ4YboTYCzFK70k+YnTHVsHc+1kwtwGnR1AmIzUlpc14xEBGl9H
455rEXaHMnrtBtS67p7WL1QIE1CokPE2sIyeryn0IL02yKtxqEs80isQwBqRc7muJlH3eamyMU1M
iQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBrA6mFrSticCYmuoZ5tpOKh4b2BQcS1IL2r5BIYtwF
xglN7ygkS5tCoXLAVEGJDutZS/qFoLIiXHZJI0U7vUCfhzjd3U145GrElEhSRSoTuZFYWtZ2Mr4g
fhcvSKrb2mKJpnXRDFb7OELgcW7alz0dK9BZd6buxLr7UBKiF66sHnNyqZkj/0aULlw+2kE1C2F3
K9N7yUmjd1fiSYo71zofD0k6AoX4oEkAmhFo2jchBBpSZEbt0m1r9L/x3rp75ThCBLkz9czmHtSx
syUmpocJYw7bWfgwyfFaU4ej0VrmovlkiJuF3QU0ARr4x8PY7wBOK6EEhjfDZRnfpVL/kpd8</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>M5kbnxMkEBcFkPMrMgOgxWOjwSQ8RRHK+3tkYhsiEZiP+1jASVqQQ735QZU/5xtZqnU61aU+ymn1it3/zEvAVn2boGYuwS/jxF7ZMYPpeYUw6U2XxFBaqftbh9jUfmBvPleHZbSaTnK1TXCwfQ6w5C5iK8hegLyzlWfyQLbkxK469joj1taU+oPGBjNh8nboVVFSTOQ9P/du4PQ+U2RzrMCORV5okREPSd3e6evmoT04tQ9g0y8iDiIYYNiT6+BJeKzD4EdF3f6AQ6niFeNeH0yMfbNCuuq5TFbtNCbeYsqeO76X8Mi7TOpTGfGXxhL6fb2RiBhitfhqszPgZH8FTA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>keHM+ciDQbAlKhYVQL4+rH7YtiHMpeKBNoWDeaDUTnoQMlEia28qKXVY8zv5vb54HCx1+bwnCzRBYAlN7oUMHO/r8N/9nKicsmKzU+iRG0qjJ1UO8XI4Rxq4vF1pStvF1auqv5rQ1gQpiNfXloKZnCunkm3pwmpJizacklkKhxKq1seY/v9Orl+mAV7EPWO+xzXxxnMe45Dat36ZGXIlQZspJLuwqujhBA7hNnZjqE+XaBk4pHt6G84WfHuHbUgSJ5gZ/5QEYYOcmov1yuVOB+pQc9s/F7CKGC5k/3pzet2AcfIj7bPZHProWxi3g/fInzg5bqKKtSOhsftj2vYinkrSPOLS8fvwXS6c4iIwYe4U3jLh/uTGfhxHVQt3ONmqAO1j04L3zpg0rQEpsQF/sZqi20DGD6Ekj+QQO7ROyHbOq0fSiMjGnN2N6n1A3upKT1MbWIpJ3GwN2y9TsBSfXm89Mp4OUKhT6pq93ef3+d/eDnt19HhTy6aSd9RWQcnn15Q2MLurolMTcRAlcCLZPcMb3lpmSxRdO+oIaWri6sW6h93i6v+kG7u2mN3j62R5ffS0Cqc187EGcnOZxRfTJeYNXjl9eDPLPqMXHL2odySnRK1he5hTe+mDD/F/Z4IModqo3JWwtWweDaVY6LUZzTIcboXGdiXJYZfMJyovPnVS4kdiC4EE3XgpnI0v6eAUO+UNp1SmAH0+SLBDBAkdPt/mcwab0jg3JzSgW1pFDBYIpvuh8SqXAf8bGVkVsQ+5ePBxgNJvSG572aIjHxa3TsfT2qPp1RSOHmKpIPlDADtUsr7BMXWtSVYN8FIg30emSzIIejdapcaYVk+6Jb7prZSNcCy48eHFzna2SVrQC631HTnVexJdsCbF17NTMCYYRmoJenNkw1QA1CrYPJsnQznNQWzF4YY7szpu+PbZJw9j1tb4GDJ3Bc5J2Nt6fr/9/Lj8Pbwr+IX8RdONbCmS7WLAhXtaZWAkSR2WSUiqgGtzHjjdPdd7QXY3gNFQbw+wT2ESQjgn5/iQQnyn/8jFxileAp/U1xmI37mCrZvz1HcbATCOoNZR6+M2JR5h78+qQnvkzLA4bNe+MeakWVxpu5TOTc4P5Wpxj1ko42ueSAspSm1VyGOb0zIIIcTh3C9QBhIJQWu562XMMgJ94sp5qQx1buwSH3aLRNcT8x823x4L2FUQlyJKXHO8BJNsJp5jXrNzKviFjdop625QWfwoBfYFYFUlq4uNKfPUat+jEuBaonfOHbJnihpsv3vQ2BBjsSe1n1py9eSipJExeeQICgdZbrbmfb8Gu5+h+WQuf66H0s/Qp7opxI9sNJ16P92aENTQ4haPwQ5xKJjMp3n9jZmQgsWIS3tAf8Krh7OqxNAUuITnSncRyF15Gb3LdBh7gtoHg7qfyJQkFDcnJerJzg+VHYv+dkxQmBm/1aB6LhZzKlHKQO01Cx5xoPioWov0dxUAJ/ku3Puia7vtDRONXgbupYSqv/a29CmaiDwHbzbc9Opk4r79CZ6oHjUZIGsExDvS7dC2xSdcYDZxnTZXtfCaaVC5bS2V1b4yK4UkHVPwq4/IH7ZMsCRF3+vGozm1Eh1SyL1w4TbzNfzXtFlt4aBNsudEjb7IaqNuX63NG2KuB9v4rsJ4IKYQGTVpxcveom0WG0tDEitZafLXpiJflcYoUeKLsODXMQfwxHKKoEKAmXQ7skCqFItskaZpx2GRyHQW3BAKc+ESbrWqHpnHnNbYbM0d59DsjgaBPitXc1h3wafX0fLLd91TgMVhj9plfLnHHlcSDVBluFCZFnHfUDkBLs9yJ+yNiCjn/AzkMy381GGkEMy5V+ZHckRx27CR41XlznVZek5Uv2verNAI/t6znfExGiyCfXeXYvCSpa+kE+9b7t+OrSwKuNcli+J8/hrei6QRh2/bJ9z1wy94dUwTYl8RVyiykNnKNhjx4Og+tBhwxB8JnPtfV+zQWxsSCA8hgeNwKiBOxzgHwVUIYkUiWvFHN6wpdDSWvfQaB1N4hMoaVoK7jegsmbvNs51F/HVfsKQSeiLp8H2GB2eK6jD5UFX53IJjsm50BrpBlzSUD5xPe1CGWupUXR1TrDjkY8hnAm0aK5C8bm5zlw9UAonf0VIV1coN8eRAuZgqwhjw6uT1YmJ1dXBbGrX3Vh16p1vTGdvp5fSaxMegzV6shazx7OmSVWy2OUj6ldavNZiup40GPiQIdNBlRWmGrY8vbHEulldOTcwlsWauBFrxCiiOiT/Py0wX4D49QtAQwy3nWLoEe1pKYm/2MEIaAdOaWA7vlwuG6lcmiRQwBSW5ST7wpGdksRbk4JaVUNXsTZc7D3/bsllC3jNGALCvXWMslb7uqZy4ydZjVAKwmPg6pnqruG1kdj/8BiYsgnQtmKQvMnnd591JB8yA6/7DZOQbG2++5VEdnj8OrH6u/SUPAPtWkRIjOmohpQAouBfL8PzCPeHpNPpsdffjcVUbp5AG0Pg14jIPwW4PRvA754ToM3SmUdxXPUMPGq00cmDd9q9b8rCs1iNObQbD1oSAbOcVG5a/4dCInuriAqrowfYUMK4CrXi/8lsQpQWogu8f9wpGwcyAUl6IPkxYjA1nCHjrx6L1Up/jBH9RZpJoD426rmTbs0IzBOw+nCA1ddUn829h1Wp8NLPHmVBt2AuJ6ItAHjz45hNlpob1V9/xsnaKMN7i89KQOIC0Q7/s3zqdiYJkKUmb1MuhEnKuX9wMQKSY4OtTSQaE1hKDf1mEfOrU1ZLHh/gkTN1n16WEvS23qT5w4ls6f39BEoXIS+NtjNjso5/Umztws7DZHuuE2qcIFmOgY2DIaw+heljelth4RRhWIzY3VSnUHK54z6XREjdQWPoLzUzQozHz5ic0yfaX75bHTU1QBXROFZQfRR/LCy7sODQuRosBf82tChpCIEiWz1jl0psF1SCg/zGDxiGShl4K59kFXGlavS/iNWZ4ESz4tjLN8MDcEaX0jfsblaDtv07DVTZoqCv4LXGWTD/vOiVT1kJxxpQ0wmPrO4++2R5i3uqRu86FNf9xvod9R4yqLOW+LuzgBiGqbAFgAIJBhNU7l6XduCm2I9nvsxvADZ/Ig3ys3Sla4m8UZuzPyRS/kpPZfiptgKrItouxUz20Cr/UqD5xMBjIL3q7lE+N9bbh/2khpU4u2YgAgaNpmbEPxxE7orMXIwOR5j881QTKgqQ3s2c7SA/NiQ07oz6VexlwFKIg3GUz2B8BO/jEWpn9opMHiUU4TmFenu96EmPlpNqmjvZ6/+nlvIoUaQ/q4tUPUQ2eMwhCu2qDJ5R4h0yJFnSMSS/y5B3paw5E5azAZ7MCsu2kFlqkJwlflHqukJcNonT471FDonP9tbbmoR2rvt6byGVNVO12+VIPSzqww43sM03XDjC2EiOQbsH0Q29lpaPw0oi19sWdOF8sDxwckKtDCb+tw8RF5GVVQWNGW8kfU4JJ4hLwxbt6BIg/4+TkB/COdFrtOISeX/v7rxGK1T2s93vqpiHjB49zyC0bj9EXsi7btnJBeLAS8Qhzm45x4m9nj2rX+k1ZQ9vQirGwXWyyLPoOY1HV97nsNlYfzunhxDs4CPyblqsGypRTCtHOnEYSiKzgKHAMtfqL7qRriHtvXRU024yK+4scay+xzb3p7yWcyD/ZwXo0DrGku2AeMrE1zvKPOsTV2PKhz2BZE2hg/88iovQ+UkNpyvg+f3LlykeYvU/M59YlZOncB7gKt2r4hNlDg8DNWqdAoZDvuBFgvYxFab3F6/0cEn/nJ2mt3kw2+6EXAxxwn9hsIdaFzRcwUEHVgQG4w7dhFT7Wxb6hqmcectobtiDafBPA1HYi6g+rMOOilXzLaZk+LLCtVzc3/1Xo2VGLCk3aw3BrIzrIwnBCtJzIjvdeM71eXtIG0+9hzuMF8U75RdC8W4AUYzWbexkzjPWs3LxQdY1eDLMpQT5M8uUkWtSzYxPoGxFRwGD604FayglGAhi0NGlomEdcUK83+PYRwKrLUklKDiTlKJCx0pFaujDvarV4EW47F4eIo+UgRbKDBDouz3/rvR5gdIS43lKCjuWcztdWwmVIBrbcnuBh7A91IkuJwcYyS9us1ACMxVJ9PU77rFERPTL90aTI/egu7t8DfUUxS7HGs/40LRynOVMTd2AZwuToVS83/4ZouIB4IhsSjwQ36v9K+OTKUFY6toyXqacNAqx86VoX8xg2Ha2uFBvTHuLJ0mVliZ4EHp2Z5ayrXWDEWZLJ/K/PbNqLLNnVs30LiVs2I/4nADa2RLO0Gz+WPysoWYUY08Nk71HH+J1T/XJ3n10VTpbunQNIf9MDz2j7FIa2trhkYHoTaTEzuq4UnLiHpqUvW5Yrj0Jdeh0sd+DCmZTs04QrkqRmwbEYgF9dWVlr3n0/Getm6ezVLJbNYAGxm1pzVCZ3tRiTsoVeml23P2nAGSGXhDAXoP7D7NAJcxvh2fCux69WqxTlqVcFiWYiFarTpnOO+4ko3iggldyn1ce6pUv6ZvLZQSS6YegSukuZiNH8uifGPeLEojdELPQVq1G4oM15108G13xpn4fLO7W8Scj1idgiU+fcowvbkmL/lVjwuTb14kJSsInAXOgS5Z6cfXm9pvz8S83kcQLGj0L0aYrXbI3pLu9hEEGBLAHEAeeLWL7b3kGnookAEGqlQaPaoZCYpyAWnCZLdCNckYtxUPv8tltDSjZfL2zB9BtE82UkWc+RlIK2JU3i2SLOumZM047MnpU/UEYDMT9TKWkZm8uGXfWeVVixci34HpFmwtFiSSHho9oxXkVDbbtH9a7KRPDSJBz+zhEX40cblyW0f2eeqb7ArurAE80m41ZcBnxUdYSTBTE0KxGq3h2e7oFakj8+TUNW18FAq9sqNmml0CXjgXwQNw9LdzW6qYBoElIxpycPCFSeE0SvZfJKEAxBO8u3pmQAYZD4kZYjlViSOi19Fp/YCLypbF+H15U4PzCjIzvPTlqZAFrETOmBgtAXROlOPbA6GbXlE1ZikIMSc1Cn4yES3jz+26dn6MhecO5wmUlfJuhyXhIHpe4tbEZ835WfIzY8nvNMZLfy7OEqdYfEG2w5iqZdHnm4slypOtKHsibAJKbTHK7CB5LdYmuAGiHUyB5aGFHruwYTuipktyy7CPSL9LkaGsQZYrdSvIccyPjFAIwHWV5eSg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-06-19 13:00:07,446 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-06-19 13:00:07,446 - INFO [Shibboleth-Audit.SSO:?] - 20210619T130007Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8c9c4497aa5c4fd5b01caf3ad30dadc46032685|cas:apereo:pac4j:saml:01d7a92ec43b5d54|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2a63784434bb42811d60ec764192fd6d|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxQVa0CqJN90QJkG0flC8F6SaMrO+5ZwCmzk3gDHaZDzVE3YaR7bg38gwZuUYbiyPIAUTiLvqnnQdUXYGr0rW5RZL2rISkATnlLXeZYQdNTlzptGwCBkt4QsDGwjbqxRfTbHVO3Q3Qurs+RQ==|_3db0a88477bfee71de44b0edf5d1ab67|
2021-06-19 13:04:52,069 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-06-19 13:04:52,069 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo" IsPassive="false"
            IssueInstant="2021-06-19T13:04:51.306Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>KIMyJbzBGS/bHIpWvPcnnba1DoA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>i/gAqCkVS1Y2cyVYo2itHrTwzUODiNqC8D8uwALYKv2j69+srXTPa80/2qAdpcYXsiM+uETAxImebpnVn5oPoSUy2X1KwF3zq/Q7T/agKcI+9TbJzuGV+xriWMGPSWKQ+2kxR351apGmoBnsLQX2U4LDkXXjX2sjnsTjSR0iKMw=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-06-19 13:04:52,078 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2021-06-19 13:04:52,078 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-06-19 13:04:52,078 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-06-19 13:04:52,078 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-06-19 13:04:52,078 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-06-19 13:04:52,078 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-06-19 13:04:52,078 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-06-19 13:04:52,078 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-06-19 13:04:52,078 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:52,079 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-06-19 13:04:52,079 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-06-19 13:04:52,079 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-06-19 13:04:52,079 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-06-19 13:04:52,079 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-06-19 13:04:52,079 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-06-19 13:04:52,079 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo', issue instant '2021-06-19T13:04:51.306Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-06-19 13:04:52,088 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-06-19 13:04:52,088 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-06-19 13:04:52,088 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-06-19 13:04:52,088 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-06-19 13:04:52,088 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo"
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _g9nv3zsb3uak9deo453s85ny6oo9anenk4uo and Element was [saml2p:AuthnRequest: null]
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo"
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _g9nv3zsb3uak9deo453s85ny6oo9anenk4uo and Element was [saml2p:AuthnRequest: null]
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo"
2021-06-19 13:04:52,089 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-06-19 13:04:52,089 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-06-19 13:04:52,090 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-06-19 13:04:52,090 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-06-19 13:04:52,090 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-06-19 13:04:52,090 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-06-19 13:04:52,091 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-06-19 13:04:52,091 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-06-19 13:04:52,091 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-06-19 13:04:52,091 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-06-19 13:04:52,091 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-06-19 13:04:52,091 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:52,091 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-06-19 13:04:52,091 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-06-19 13:04:52,091 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-06-19 13:04:52,091 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-06-19 13:04:52,096 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-06-19 13:04:52,096 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-06-19 13:04:52,096 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-06-19 13:04:52,097 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-06-19T13:04:52.097Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-06-19 13:04:52,097 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-06-19 13:04:52,097 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-06-19 13:04:52,097 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-06-19 13:04:52,098 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@579844333::identifier=rick, context=org.apache.velocity.VelocityContext@2528984f]
2021-06-19 13:04:52,112 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@579844333::identifier=rick, context=org.apache.velocity.VelocityContext@2528984f]
2021-06-19 13:04:52,115 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-06-19 13:04:52,115 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-06-19 13:04:52,116 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-06-19 13:04:52,116 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-06-19 13:04:52,116 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-06-19 13:04:52,116 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-06-19 13:04:52,116 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-06-19 13:04:52,116 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 87d94ad0a9bdf0efe0946351067925803b8d1357b14b2602febd3c8466b0b7f2 for principal rick
2021-06-19 13:04:52,116 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 87d94ad0a9bdf0efe0946351067925803b8d1357b14b2602febd3c8466b0b7f2
2021-06-19 13:04:52,117 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-06-19 13:04:52,130 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-06-19 13:04:52,131 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-06-19 13:04:52,132 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-06-19 13:04:52,133 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-06-19 13:04:52,133 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c994ea542d2a2ce61e1da74327575f3d
2021-06-19 13:04:52,133 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c994ea542d2a2ce61e1da74327575f3d to Response _d0f1517049718f3958944a0de74b3e88
2021-06-19 13:04:52,133 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c994ea542d2a2ce61e1da74327575f3d
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-06-19 13:04:52,134 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxaBoiEsr7ojvC3Aw3y+lQw7P3W9K/GI4R7f7AdzO8lqdrGEoFojWOvnxdTMul68vC/Lfa2KZUK98hSg7a9ATxsCqz/tes+nOA3gp/GUTktNOczxrDuugHY6Anfc1kSr1qv/Htp22HV4Edlp75 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _g9nv3zsb3uak9deo453s85ny6oo9anenk4uo
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c994ea542d2a2ce61e1da74327575f3d
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c994ea542d2a2ce61e1da74327575f3d did not already contain Conditions, one was added
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-06-19T13:09:52.131Z, to Assertion _c994ea542d2a2ce61e1da74327575f3d
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c994ea542d2a2ce61e1da74327575f3d already contained Conditions, nothing was done
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c994ea542d2a2ce61e1da74327575f3d already contained Conditions, nothing was done
2021-06-19 13:04:52,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-06-19 13:04:52,137 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-06-19 13:04:52,137 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c994ea542d2a2ce61e1da74327575f3d
2021-06-19 13:04:52,137 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _c994ea542d2a2ce61e1da74327575f3d did not already contain Advice, one was added
2021-06-19 13:04:52,138 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 87d94ad0a9bdf0efe0946351067925803b8d1357b14b2602febd3c8466b0b7f2
2021-06-19 13:04:52,138 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 87d94ad0a9bdf0efe0946351067925803b8d1357b14b2602febd3c8466b0b7f2
2021-06-19 13:04:52,138 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-06-19 13:04:52,139 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxaBoiEsr7ojvC3Aw3y+lQw7P3W9K/GI4R7f7AdzO8lqdrGEoFojWOvnxdTMul68vC/Lfa2KZUK98hSg7a9ATxsCqz/tes+nOA3gp/GUTktNOczxrDuugHY6Anfc1kSr1qv/Htp22HV4Edlp75
2021-06-19 13:04:52,139 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-06-19 13:04:52,139 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-06-19 13:04:52,140 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c994ea542d2a2ce61e1da74327575f3d"
2021-06-19 13:04:52,140 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c994ea542d2a2ce61e1da74327575f3d and Element was [saml2:Assertion: null]
2021-06-19 13:04:52,140 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c994ea542d2a2ce61e1da74327575f3d"
2021-06-19 13:04:52,140 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c994ea542d2a2ce61e1da74327575f3d and Element was [saml2:Assertion: null]
2021-06-19 13:04:52,155 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_d0f1517049718f3958944a0de74b3e88"
    InResponseTo="_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo"
    IssueInstant="2021-06-19T13:04:52.131Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c994ea542d2a2ce61e1da74327575f3d"
        IssueInstant="2021-06-19T13:04:52.131Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_c994ea542d2a2ce61e1da74327575f3d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>oC0I5Dao+ucVPEMRr13I9KA9uWWrrBCJPYdwyDo0yv0=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>axqFvbLju6NKc9Voli7kyKYK1BLEdCT/673CSHcvLxJzJtBBNBQywkAdj8ZHBlT/v4nHyITY6gpWf7rg8OfF2/uHfBeos5xsv3eDH8+bfOHW+Y2I0S71Rts7BKmYpQ+A82aukhQnosO14MBDXT6c0f99Dz4jEqghEGbKvT6yrMG9LdfFGG5YWbzeN2PoVh7K7Ly67o8CAUTxZLS9KowED4NJkj/aCk1EXCGSUylspN3YU7FOwvVKEilB9DEzRa2vLmffLxBYxsU54U1tfXWOpuqxp3P4TAMaOgkUTghYa6pA6zkfUY5MZ0o8BVeoYMAOD+b96PJMU/J3PnO7KtvHHA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxaBoiEsr7ojvC3Aw3y+lQw7P3W9K/GI4R7f7AdzO8lqdrGEoFojWOvnxdTMul68vC/Lfa2KZUK98hSg7a9ATxsCqz/tes+nOA3gp/GUTktNOczxrDuugHY6Anfc1kSr1qv/Htp22HV4Edlp75</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo"
                    NotOnOrAfter="2021-06-19T13:09:52.136Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-06-19T13:04:52.131Z" NotOnOrAfter="2021-06-19T13:09:52.131Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">St6aY1EWSUkWyhzmiiGkv3fd5l1517jEVvTk7BOhi/E=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-06-19T13:04:52.115Z" SessionIndex="_495cb8565d42ac1c73f21f6909a51009">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-06-19 13:04:52,158 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-06-19 13:04:52,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-06-19 13:04:52,158 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d0f1517049718f3958944a0de74b3e88"
2021-06-19 13:04:52,158 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d0f1517049718f3958944a0de74b3e88 and Element was [saml2p:Response: null]
2021-06-19 13:04:52,158 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d0f1517049718f3958944a0de74b3e88"
2021-06-19 13:04:52,158 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d0f1517049718f3958944a0de74b3e88 and Element was [saml2p:Response: null]
2021-06-19 13:04:52,161 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-06-19 13:04:52,162 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">St6aY1EWSUkWyhzmiiGkv3fd5l1517jEVvTk7BOhi/E=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_d0f1517049718f3958944a0de74b3e88"
            InResponseTo="_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo"
            IssueInstant="2021-06-19T13:04:52.131Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_d0f1517049718f3958944a0de74b3e88">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>xkUM2WLXmrnhI0kbAHPdqPu5NomBD9i9MV4PDkKbJ4o=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>YRtJQ77G38rh/QnExC1cfVUzl5qELT0gxJqEDvuSvts1IP1YT3hin9gNqbqbUJWSrVVL0fwdFb87phSDEbt2ijjkedE1bvyVa2nuqwlyyGQ5lGzuKPV7tZs41YVzI9jwFRZYdpOnWwA6TZRO249mO52eiYXqeqKWUYBBMKcMK8JKi49I8tWfGqXRZSq+4NZEEcsGShzH9xfLJYBxvZyQUvWVMT4+Dr1lRvLVV40wqd9GoyddtPAvyeIMGosAoADYAUS7pxH8ZcLNBAtVP0KCtqIRRRfAfFgAvqs/ygrV2zxqhoaflnzE6VZsRWHEQBS4Bkkdy/riU9piq59dwPgSEQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_770d011ef9011ae39bf356a4600bbbb5"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_dc2662d5718499ff8811df0dc593fd36"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>GnJQ2iuGlGSbDkCa9lUbuzaXOJTiqEy8vqaQWSYYltsung5S+X4d/pmttzluLNiZzVmdE38JuGSllHIcE4q68eow569/9klVPnItu7FhWxqaam6kmFY4RQgsA0ETtoSqpfvbBvpMwKzqCp7gUH1UneuIeqwSPeBzQY+kcvi8zUA=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Rj+YpM4L3RZfouidoBU/VP0wUQjpa44lm8yMuPuiUYTZCtam0pBufpKphBONBeI8pfg3EQWTGW64zHqaPJiDLyZGCv/qOCajZ1EDdh3IV/qXN/Dk8rsIcUgRdy6DTgT92gq9/UBiLSDE0+qRsXN3TV0JiwBfG3noOnbyzgkLAdg1mgXZ/H/PPVjWcrJW0A5vFfqYe/irgOkouclIED2eHlHS6YDipGd3ueHGpiCTesQ8ESujFRAYtRNxSZ050Zcf5gA6yBq0I/B7qyjSYl6tANSCqrfoU1tFedf5ATASelEUTQCsiONYh2Q2CBmdSJuuun7zt4opgkT7ufoAl2nvWu/EE2dGy7dvKqmucR5HzDaE85rNnAlJO6ZcvvuDLjVhQtL0aovDsZYmgiVIcU1MXm6xTWfqMpMlMH4XbYqW3n8fz3W7YtW6FBNDCX93CgGsRcGl6SuaLlZwjPMR76iZtksyjNAiVqgIA9Bmax9tahoZajs8o1S1Fj/aUvQW/+j5ECfpCIWcuSCPu0UR8cDjkNyOmkpJlXqz8aRk/IAEauFtUo1MuWlTpvLriwvQET/2aOvMyRgkCSTmx0iY6ozV/oFkB3+Kck/MnFqAl76HdZmDiy7dbl6yBI//XsjyRQ8M2shXemws70Odt+0kIxJcQG33MZFOk2PlKNSWGtGAqQzeo2GABtNlS2H0c+wKJrzmnwJ9l9eANaGPERQBha0hDk8ikNd1hy3gZczZuzJEdjiDo1sy5kEQqzyz0xYg5ttPbMqN6qgxQxJshenqitnN4km6Csng/BlfDhjqjzeVudee/M/QXqmOh5AesjiH3hnLRma52EgaJChCFys06SS/V2HGCqOEkB/FqmacPwfCGh3zDBDKf8MhhE9fi3+Ds+8tVYKPiiIJlE1fUjYtsD040frTcygXd2aPTnyECuxij5Ycmz+9dMfvku/fJhmkJCbq3vP9zKIsb3z51y6C2nuSj8QdTe2h9wh6gAv+PT+phyaws6ZZC4++AET7kYShkitX1EujiQiXH1bVEWiqGCwN+/JXLVs1wTmYo31EEiTpSR2orylDVbwN/TVXTfNSTHWIrN2SptUfZo9b0Lmi3Z5RARdJTh+ZKvNE1i957ky6yJqhebIi2goqLXmeiYkmJPx9524M52JHJjsJoyYXsIY0OR14h6GC/5/iiX71U6HdHXy4tqtlE4isqCesDmoWCvZngIy3SKBmJ6LfcS8jQA/Ba9tIuwAD5ztCTW4j72qjq0c4BhHUvp0HQ26DjVIhq+rH0YeuH0KSSfSHpO2Vji4HpwjeHIM4ckLaDJ2Or27g2v3Y4zlsPA6YIRKIhrc2OeCQ9BPvfs96VxzeNifkFup8F7E25PhAIdVUvRw5fcyrqYHGf60ZghTcDVA98UPz4rAKLNuNU0O8qF4GOavrngTbCN99oLqEMYwHBjJ8xreZmrerwYFYF1gkpk1PljiKlyUBdktgbNrFuESzW8+PMriGZTJGQuUii3MxJBv6RtJy4p4JlCQKWRWlAfaFyb1PbJOH8BwfHzVniGvWBvD2WQTEFar46sHNn8eX6wRUVbUxcsqnrXykbnY8zMzi6qHlUPe/GCEH0k4rkmuc4p8KFTuxzMvykS8usdpCSZthLW9ppdHs+ZqYcKmvJMqGpTpgJ+Prq5ROfGLL4zzL7mJHd3phGQNfMoTlOJsgdkxvWAPJWun9B5NUJy/aScIxYU2n/y8Zd8pwyl9e5I3UUvzsArMcoapPt9yvYSNOILcryc8+8bQf7umTgd3oIJFM4CGMekoXIfXvyyCnZZGHURbZBdQUoRB69G9nVTo5EpXTiY+YPQG3y5qLPjlnn3V0tfaWotsuNCs1CAcTgQ+RliTdFoYXSIh3XDhAPqWOE5LUWojlBLi7+JVKGeij02rV3gg3TUY9t1T1caT5gg2fXl9Z0vJLRgvPv0ZxSymQ1b1kOag8j2sBIHlcyDP9aprXMRmS9IzFqectPLtpYI2BIxn1fDzsXYyADg4XnHSgxwyExWHR8m92EBqEh/isdecGdZRQnCXqopoI5PHhAMZD3RSqL3RkozJR3KNiZPo9IBX78RUFB+v5OBVD6FrRk2sV0duwcRpZ/SJU+Vvh7aTFtblyxy1ds790JcmaKud205X0Pnf8/kgsVBysV9gpvQWifAmz5HTy5NArJlIbOgA/xf5d47KGVcHqk/+HcduAeMbBQlKgDfZKh7CTcC28/9wW6N83V2faHnPoH5+Js/vIK8T6A9FfRDx8MvmeqOYf39TZfKgEh3P4MyaV2TIgp92Wt4ng9IWLecLorzPn1LiQ1h/UzQ57POyV7ZtTvS5RuCcWCo2Raq5qTGGSAca0PIspQ/OIO88GhQWu4Q1P0Nve4TCe+/IwQLvWLFWQhCKHqVmjXN1wX7AxkvJf2GJl2ZqCpO+S/FWFH9/7LQONr21vp1AiRmqwzx1WM881SPU5bz7Yg1xOuyIq7d3BJpLzT9W8fXK0bH2hzc4IjHU8fogz1/hISb4XSfghb+S9ql74UGDUhNQkjEM3bHxF8RHHBMTH5nHF4naQ5xJNOXKUAJ/E8mBm0ltfYUneQy9J2RLQV+dNKkOJWDAcSBs3ssBWEoWIFu45Fqu7ENzG5ZcOkI+Y+TTFEGppxWDlV/Asxp0Rhhc0Nkw4/5ucvtqbYUCgTBKN4xUiITlZfbbc/MGPItG2JWIBbL47cMXL8K/ZJ1839G0G0fD1lyesJUkbuxdndbHGVtBGoDj18nTNFp7eKVYuC0QZx0GfWDpzg1y51xZr2KpndMV+o03ASxH6ys0pkJsjnqLcbEIGPO2Q8LcQFGBdgk7DyUSTLc58oWagOsKnRFQP9LKlq57gJJpNBRmj/95bCt96t/eJ7vYQKFs5XBFnlS6uDLrk1LnRcNfKeu7tdV9z9lojHkqktTlbOC9QnKdiRPIOjqwSivENqxhTGd2fQyOtDtc+qLc4kUhnxP6Ki2TGBhaQ9pkjPtWrHDh5QUEJKJLwEGtObOIJrPdednfs3ZQFo2RPb804pYa2mbXT7+NbeekJShQjTcG97pjxzGguC1onR7GTxJgxUFCrWY519Hq8CaPiTcTCNKcx1n3/nRvFbZ70o13qNd1bEaXQzmkH2RuQVz/KSHIp7Mh45HFF/p4RqaAj0bhw7AFG/xt27R3tCeGzOGaStuLXSEA9W1gWYjPcalQAxXxFsQc0CvDBT2T+lfDfFXlgS3SHddE7vUJ9EfAsmI+W6/rR4dKvVGOHGl5n8saRP5eJUdNdzkj5dl+gyR9CoDWiw0xtT5HWA07e574AdYZXzGTc8G07K0aPN40DXkwqsI2JHaRGvgXlL6VH8XuDobfv2AxXgJf8xeYQTyBShgBFzZZr0x8oCWGzT5ERDjjPHBUBwOMmmgc3BpZCiUcAp2foTd4gu106+15o0kT6JveSwEEv4VLyrxL2KyzzOVqtriNY69qWAYQ0S7Br4PiEK5bSQz4yazbvYVQ8RUeE3EaF9P1tosnXZlcC4kQQulK8vOiPRAM5v5P3930cOHXiqqha/qIo1kTmUBX9dfQBP3HFE2kv85gf58lu0ri2FCFQrBExMJl3dDNOqhG8G1s38VjFsZL2xZuFjGftdEFZnYqsk01cj5h5XSaGuolK41Pe88R4h03XGyv1ByfUC7odVXb5Hv7I/oFROoRb3ytOIG5U0AIP+IvVA03wjV68t9CzqtN6JYatgLIPOIPDCfbKy8kK+45rTBCs0tUNsrNWpkMmIvrAuyG/xs6WGgDgK3UMtciGGTr2W0iMeYDhXtazwHDGaufrYI4oYUud+FM/QsFy9Gwx/5htfZLfg4zVoo3nQsetTEY9T5xX4QVYoc+uuE+XahgJsBuhBYDFSMOoQ73N2tM5R6qFMRSnrWMZF8xbAziWY/PnUwT43l/Nxrxbg6PCvRH/BHpHRU6fOZDWahIBH8p5pI06i/JX3bzhy+e3nR/aNlpJBpdAjEHEMrOND7AYsxoxP1mxhqIh6I0Rv1QVlHH/sabBCt1pNqT2Z0SgtqrOPtd+WFNriMJBQK3siMcOWF7g7zZtY3v6sVT8ugkLkPaDpN84jUQCGVAz6v/CiQkEV8lYzujpX63xVc/FnVGzd+RK9iP76X0WwdiNCsLkn+KToDVLXPd4pwf8xFBmFI1sG9dv3NnNwFpdPieuTOtE8eD3I3RiSDhU1nsssN4pPAPf9hMj8ub1pB9o+a9+iqhXptnrmp1hICsbxXP15O/0HQLiMur6+qSeBmZ7p6Pdz6NMiY54cHzzLGt+oJCalnM8Hk2iMZ+beUCh0UquPc0VeXHRIaMfUtBM1mvd4HVWxetW5AnqC/sz8mVMNmca8a9At0wcEZT4O6aYyBqPRvVUrY5B4gDfedDdMoDGq3k486d+yjnMYlqm31QlitusVVUYUqYOVLpJ9C1tUC04nDpnhRIEJu9GYTwA9Id6pbxd8ElTvf2RfKwfNCMrnzkDlCGG5wi+cUpDwtVEOQUbXCX/vI+fL0mS3Z6LAnm5ixGuRKoTmB85maWvIe891UNOfqxiSrQhP1qzRhSXhreNfeC+D2yJxuhMBTaWyjZAaQ97li02fwiEcU3/r6c35A4i+lREPz6BsZvgd5PEQINOxCs/8bmorLXdwiNQcMZ0YR73X832pYy60vzdyjAvDCPvFesqMVi+XjLu4QZsYArlHNmGzXs9WFffxwJwCK2KHX6lTmfm3uSDskxpq1QIKn93UHmGpefVKYKdQ/Yi3UXXkEX2Q6FWYNn096FkYOntaaKlij0xGL4dYuBDS1Z/fCgHisa9R2XhwqO33ZN76IWfuoufzejJ9U6+VZ50/q/TYW7EqNXgmRTuC2vNwWOiiE1Bag590Dq02uYxHyxiWaVV4tr82NjoOhd14I7q+MzZKf0Hel1dyLHSFCEP2YJTzqtRBFMSnyHHm1On+pHk+7oaRlzrpnSRTW6TppfDmIYMyz3Mm8oQeViRsWtl0wCLvgQwFeQOuRGLulA4xOWMf0gfz0U9rtj+mTyGZ3teh5wZYCsQDQdhpp0yAMZ2aaCoL+JOnH1oOD0QMOE2aa+ihqERAznA9gzNZ+bn5zC+NTEzenA7wVGCde/2f2jaouLZtuD4ODuEUVORXSCANxOZw01GsenN8AhuACp+ASm3YQiLSClGGRO+oWskaDwpWqZutOGJ+TcMtcuTVaTPpXHx4XrcwOS/tPboALBk4NxEWqOSA6l2CfLU5oK1Khi7dfjkzAB3Luvog2wrQ+u1yoW8yCyIu0CuBGsIETK14N0e+8Ac1ocUcdoW5WuoV1ANm/py01K3jU8GnvCobaiEzVeMbTtcc42lIefOpWiQk93LnBdLoEtg66TGXrd0hLrE8pvtN3K1ZRFkXw3LBBBMBBs8ZPAIUBufZh5zyOEtusN8dY0xrmShY8HHBA7RH03m09NYiwaffeJVxNNRu1L00v+Hu1LOhjfpmnnwOX3L1qPrqIQ4TOMyTwn3TOhgZnC8NXchbMjIa7g6ZXvsXnEvRE+7fmJJzdO2+jBxq7rhD39sBRnwiUEltFeCCXzml21ibCUnwBAZWNEnv80WB5hIo1N3DjqC5I4bhu+wP0f3agpwo3km57fgyNYMzZiMFdjpfoIW0JmfiXcz1kolaLMPGS3P0L5PMzwUwf5EUeDGhA/QDyZEJBc/1/G8v8MXGEoO5Jdssv4UfMISYy8dG1UzEhVI112xNiNmJYIh/CqMLQRFLTbwgYm7Z7ZxhATdZHXy9KsKXNAJ+smKfOedQ6M02St8pwprDW6K7jjgy85OtS1VKFu3Rfn1S7QMmjt1bozLhQeM8C/XzFaEuU8S5gyiakvMd+TgC80aKTXZ76dCBL/9uI5fAnKT1I2IdlJfzCWLfcQFetAUI0FoWa/xiAExHVQ9B19yjNMX3ksayiMVAmyDmtTY6QdnP+a/6bC5qJQcu8xn6r5kbEGbHnrkTM6txyAxj3SndiPxyvhNEpdeBmxp3+GHr6nKa916OZo1l8GRjO3iN9PUm6MNJ1bEE5DNuyMdwyhW+g7+i54iU9Hq+XvNZ5Ypay8BkNGHfbknxs0Awl+ZuV6wHMsSKCojR2TqNPolUreYpDBzMeaS28o+bu8vbgoGbbuzBngiDUCOSBoOqz4cXTjMqrqr5wnOWYR81LSJy+UuPw3j+uJ0OT5uFWnJh2gFC33CkSJrnwcgqxWMWSdf+rzGR9BndSuWBg++9bwt/jKRVMbfWfk8db+Yr7cFKC4kl5PptvJYncI6gZgIGTLyoE1FsXd27iqWacnk0eGZFzlwK4B9j6esAsIeGm85PAG0zj/rEeBWceKdeLhOvixvoerc+a0YOYh2IyNDFfR0QWvc5a0f5Bbya7ViXgzq6o5Rpt45H9I3oRbdEskWBL70EYNmMciIEuLc0hMO/MflPqk6kFGF0tutgwenm4NCLvLSs1/Fd9gIrQZWmyujcVVLYvfisBZH59jWoFWXLsAmcibiWbo+y3VFG3uUT2blMH3d4sS15HXqAC6K03c86pr8PX+rbSaZ80OBghmY351B5nsNSEUwsPlTZ80WkuW4veftYHRr/g3TaemyUBISDZVUOrJVnKWt4ylMkI6ib0VtAISLuIIey0LbuvbpzZslds2z77zcPhjkU0DGUkN2bA0o7DkVuMvqvh/0hY5mf1mjlFKt3MdAvLTNcPM8/eaA/qBL5EyVwbdAtzZGjj9RZOWUpCY0zkR43Z9cmLwQZ+TxXNLv72hrxLH1azRl2XVytsfKoC7e7IIaUFh+gljmZLT0CMVoviV987zMGhG9iGTore9EMtyx9oyN689yDg54JgBoxzcw78OJ9vV8XPMiArjwKct4SIxww4nZUUzTi555T5UPfHq3M48oIqxgPbmo0zruwvgUsBHt+JEumciT7ATHwFkFHE+lUx3uQDkVMixG4LA1pDcbsukocyBz1Q+D9oMtB7MMBt2Dyc0u1h77fP+iAXBOXahPu5KR5Emj/zxdRek8SaNmw8S1EGIa+iZKLQqz+7MoU170UWHKJ7i0RIwq5jBzJnsCQGI3v7E4VOZK5BjlpuwHk7I+v6eCVdiokpS0xU+zmxigEomTVmWYDvt6FEF5JqElyAHv8dMueu6V6gIRBRqgefe/KJiUtE2siaZBNpoPGw/SgUtkur/S/U03bByUqxGPAKk3pClNV3e8ZXFopvPs3oY14n9YDuKHPdE/TZhg+U8yktxHYseroSF+luZe/ierjRN8hEU3mfI++aJu+PSQRdROQKkdg5ooBMhNvWGwpNbPiw/R4v2uE8cLw5NnVDQQGXVLHUpbjmmgUafnX06kpXQkjhT168K4HcjYHy83rSCND1ExIsrBLnvJFLz+f02hqtE+8fneVq07HizYVk30ZBER/qtzYl921/gFWa/dSo7w3IKdT9QXOgW1BdhTDyBvVwXOzF9qfjcb9JXRMt4sCZyvT/Hx857RFGtpzuDGGXkezCj40GUE9MWgQuWtTQfQabCv83208jtsmv8Sh+C6D7qK1Qia14vJNp1VwHfqJWOefxFRV6Ch4t5SvRco7sSWh2f6fxLcQhRPbDWNnnmczV02T0KaIrvI+UWWdGiLTo0iGDlur8CsPt2nJAuDEM5otsk9/Y7d6BxGNCy6mxQLLVp2j+DkSLIs+ffT5MBsPpPXtqlqYou8vvf7AkMgP2gmtDuV9T6Pbp79IPxYzoIdIiobLkpCfXjT5xWo/QZ8RpjGYbpgXRZ4vjCi+2zggHKLN3kznhSQFhMriQjRu35lQU8roMwOKvc9w8dQ946ByC96XjSl3LzFu4mssmGk6rktpXwtiIWXgHK+mAwHBoWeZizz9JI7fvYOSOcemRR33MuP30jvJYMXvjh1ipfBM7NRl+WcF/W5otIyvQCSLhg9fNY/844GbfBOy1Rweeiru9kM+PTkNt52v+rbEBwO6LkplL+ceDVfLZMzZF1g7/PKV0Ly4aETl67+IjaW4RrU1qT9n85ANJ/DGwbsCAkJnv62V7e/I8Ojiy2chxUzM2ebt+Q/9yCc8CU7yEbepfmv6TIKeiv8ybgsq5bVNiniLUEJ8Zq3AwuFawq0voDPds8U/+AsMmdOyBfIJV0/C8ie36hQmrJS8wc03bgDnTcGHWR977VdZmsj7zZBlGkHB+qQ4Q2sQrjoBsl69U59Yzwoh2HHWdfV1tY1ynKEFFqqvui6ZdtOSy/8HEfQpGiUZ26U9EI5naXA9RysSc/C/PyT1aXE6yLdakJnxOle4QUbrQ/5OfqRK+46aecG6myGZUX5c6zDC8nwRM1GkUz58NRWmooeHhMRyv3TNsd0nokpcUCy4gz/xsXq6T3BL7mqagRPkwDJa2379RSg8BdDr7CivzexJFxDzWksjjLXZtg9ZpGpocW8N4QVkK0Tz8nlxIVlNE/8UzQsumdECyCgjV9rSSjcJy5sphBY3cQvLaOWS41FEijb58z1H4ZqSrXt7CzNOOJ/HHDiTxXGmpwa25J/NVWsfGBjz/pRwNhqVDkN/B0MPFqKR2XrI8XTFRmW6Bm2S1JkfGgf3c0lxM8/qKci7+a3o0HUVeg3zpAvPZQ5ZYBwSNkOGyYvymvfHYKl8Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-06-19 13:04:52,162 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-06-19 13:04:52,174 - INFO [Shibboleth-Audit.SSO:?] - 20210619T130452Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_g9nv3zsb3uak9deo453s85ny6oo9anenk4uo|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_d0f1517049718f3958944a0de74b3e88|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxaBoiEsr7ojvC3Aw3y+lQw7P3W9K/GI4R7f7AdzO8lqdrGEoFojWOvnxdTMul68vC/Lfa2KZUK98hSg7a9ATxsCqz/tes+nOA3gp/GUTktNOczxrDuugHY6Anfc1kSr1qv/Htp22HV4Edlp75|_c994ea542d2a2ce61e1da74327575f3d|
2021-06-19 13:04:53,920 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-06-19 13:04:53,920 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx" IsPassive="false"
            IssueInstant="2021-06-19T13:04:53.228Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>Sgt3OZeIl1LwsE4L2YqZtne/kDg=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>FFvJdaYY2rN6+KNNAIxG92FXLZcTrOIDpWMuSRrRl0npghU6UoFUGd2q6H1gFSkKDMDNmfWQmTGyvXKjxY2y9rpnftulGFig3+YNf7le3xXezYNNjGj1y2Wn96Aoa3GQwoMKyLGeQqdwZ660TAXUXlRa7vxNvAwlQSjeCO1XR7s=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-06-19 13:04:53,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-06-19 13:04:53,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-06-19 13:04:53,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-06-19 13:04:53,921 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-06-19 13:04:53,921 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-06-19 13:04:53,921 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-06-19 13:04:53,921 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-06-19 13:04:53,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:53,921 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-06-19 13:04:53,922 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-06-19 13:04:53,922 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-06-19 13:04:53,922 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-06-19 13:04:53,922 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-06-19 13:04:53,922 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-06-19 13:04:53,923 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx', issue instant '2021-06-19T13:04:53.228Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:53,924 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-06-19 13:04:53,924 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-06-19 13:04:53,924 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-06-19 13:04:53,924 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-06-19 13:04:53,924 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-06-19 13:04:53,924 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-06-19 13:04:53,924 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-06-19 13:04:53,925 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-06-19 13:04:53,925 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-06-19 13:04:53,925 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-06-19 13:04:53,925 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx"
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx and Element was [saml2p:AuthnRequest: null]
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx"
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx and Element was [saml2p:AuthnRequest: null]
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx"
2021-06-19 13:04:53,925 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-06-19 13:04:53,925 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-06-19 13:04:53,925 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:53,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-06-19 13:04:53,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-06-19 13:04:53,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-06-19 13:04:53,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-06-19 13:04:53,927 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-06-19 13:04:53,927 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-06-19 13:04:53,927 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-06-19 13:04:53,928 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-06-19 13:04:53,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-06-19 13:04:53,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-06-19 13:04:53,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-06-19 13:04:53,928 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-06-19 13:04:53,928 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-06-19 13:04:53,929 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-06-19 13:04:53,929 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-06-19 13:04:53,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-06-19 13:04:53,931 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-06-19 13:04:53,931 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:53,931 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-06-19 13:04:53,932 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-06-19 13:04:53,932 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-06-19 13:04:53,932 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-06-19 13:04:53,933 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-06-19 13:04:53,933 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-06-19 13:04:53,933 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-06-19T13:04:53.934Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-06-19 13:04:53,934 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-06-19 13:04:53,935 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-06-19 13:04:53,935 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-06-19 13:04:53,935 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2060869068::identifier=rick, context=org.apache.velocity.VelocityContext@703354b1]
2021-06-19 13:04:53,938 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2060869068::identifier=rick, context=org.apache.velocity.VelocityContext@703354b1]
2021-06-19 13:04:53,940 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-06-19 13:04:53,940 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-06-19 13:04:53,941 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-06-19 13:04:53,941 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-06-19 13:04:53,941 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-06-19 13:04:53,941 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-06-19 13:04:53,941 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-06-19 13:04:53,941 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session bcda005dc42ae5fe2f070979b2f7558a606bd381341a2f5c35dda565f588c1ee for principal rick
2021-06-19 13:04:53,941 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session bcda005dc42ae5fe2f070979b2f7558a606bd381341a2f5c35dda565f588c1ee
2021-06-19 13:04:53,945 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-06-19 13:04:53,946 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-06-19 13:04:53,947 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-06-19 13:04:53,950 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-06-19 13:04:53,951 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-06-19 13:04:53,952 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-06-19 13:04:53,952 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2082b24fc7ecdf8f36b0a2e5279da232
2021-06-19 13:04:53,952 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2082b24fc7ecdf8f36b0a2e5279da232 to Response _9952dcbcc58d693eb016840d0f4a0d58
2021-06-19 13:04:53,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2082b24fc7ecdf8f36b0a2e5279da232
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-06-19 13:04:53,954 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxoolASuxyqhr4HvF4m41qqsaj9uEze8uXkaIbfSWz/K0v/yjvnkKhytQbOpoO46L0gUTHUeRN0K70lWDKSvSMIq/iF5ET/hQtddautkGiN8cLPnMZBBixj1TrKizxr4FsubUV99QjCTfvO2xi with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-06-19 13:04:53,957 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-06-19 13:04:53,958 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-06-19 13:04:53,958 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2082b24fc7ecdf8f36b0a2e5279da232
2021-06-19 13:04:53,958 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2082b24fc7ecdf8f36b0a2e5279da232 did not already contain Conditions, one was added
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-06-19T13:09:53.950Z, to Assertion _2082b24fc7ecdf8f36b0a2e5279da232
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2082b24fc7ecdf8f36b0a2e5279da232 already contained Conditions, nothing was done
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2082b24fc7ecdf8f36b0a2e5279da232 already contained Conditions, nothing was done
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-06-19 13:04:53,960 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2082b24fc7ecdf8f36b0a2e5279da232
2021-06-19 13:04:53,961 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _2082b24fc7ecdf8f36b0a2e5279da232 did not already contain Advice, one was added
2021-06-19 13:04:53,961 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session bcda005dc42ae5fe2f070979b2f7558a606bd381341a2f5c35dda565f588c1ee
2021-06-19 13:04:53,961 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session bcda005dc42ae5fe2f070979b2f7558a606bd381341a2f5c35dda565f588c1ee
2021-06-19 13:04:53,961 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-06-19 13:04:53,962 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxoolASuxyqhr4HvF4m41qqsaj9uEze8uXkaIbfSWz/K0v/yjvnkKhytQbOpoO46L0gUTHUeRN0K70lWDKSvSMIq/iF5ET/hQtddautkGiN8cLPnMZBBixj1TrKizxr4FsubUV99QjCTfvO2xi
2021-06-19 13:04:53,962 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-06-19 13:04:53,963 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-06-19 13:04:53,964 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2082b24fc7ecdf8f36b0a2e5279da232"
2021-06-19 13:04:53,964 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2082b24fc7ecdf8f36b0a2e5279da232 and Element was [saml2:Assertion: null]
2021-06-19 13:04:53,964 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2082b24fc7ecdf8f36b0a2e5279da232"
2021-06-19 13:04:53,964 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2082b24fc7ecdf8f36b0a2e5279da232 and Element was [saml2:Assertion: null]
2021-06-19 13:04:53,967 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_9952dcbcc58d693eb016840d0f4a0d58"
    InResponseTo="_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx"
    IssueInstant="2021-06-19T13:04:53.950Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2082b24fc7ecdf8f36b0a2e5279da232"
        IssueInstant="2021-06-19T13:04:53.950Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2082b24fc7ecdf8f36b0a2e5279da232">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>/zY6V0tzFSqpAROWacaQikwVgt9OP60zxkz2tdIbOOs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>N+Us8gOXQWbkh2fKomV/mQEh0RdgntERHJ3XhvAV4JQLjvJQ6kg1d5AhFRYse5T8zMC219PUJ581EKEz6fjnToXJW5q0YwOraYLXJWFCV6TkeepZ7huolm0zydv7oXHsVAb6SSe+W0ihzxihEiKdCFaFP/jvfrvkGhYWkLtJBRYvvERUHg5Z57SP4p1yXurOKjJFoDwj+0H2aaDlyQaNyaJ+WWTIaX6GVc03r3C8Em+q5DfyIn0FW4+3i8Zve2Zfb/ThLAa+Lsm51nUckMtGjAB3xp1nSzZVaTNc8JMv6Vrdl02TXJG/utXe/wJbH+o+QfsjWwDGX5+/scq/YCH2Lw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxoolASuxyqhr4HvF4m41qqsaj9uEze8uXkaIbfSWz/K0v/yjvnkKhytQbOpoO46L0gUTHUeRN0K70lWDKSvSMIq/iF5ET/hQtddautkGiN8cLPnMZBBixj1TrKizxr4FsubUV99QjCTfvO2xi</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx"
                    NotOnOrAfter="2021-06-19T13:09:53.957Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-06-19T13:04:53.950Z" NotOnOrAfter="2021-06-19T13:09:53.950Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">L6GT2X3JaotCyxkdpmrf+eF2+1SL9YjJgFR/wrGULAE=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-06-19T13:04:53.940Z" SessionIndex="_4a7f56655f27b6e7e19e03cd07e99d92">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-06-19 13:04:53,968 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-06-19 13:04:53,968 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-06-19 13:04:53,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9952dcbcc58d693eb016840d0f4a0d58"
2021-06-19 13:04:53,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9952dcbcc58d693eb016840d0f4a0d58 and Element was [saml2p:Response: null]
2021-06-19 13:04:53,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9952dcbcc58d693eb016840d0f4a0d58"
2021-06-19 13:04:53,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9952dcbcc58d693eb016840d0f4a0d58 and Element was [saml2p:Response: null]
2021-06-19 13:04:53,972 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-06-19 13:04:53,973 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">L6GT2X3JaotCyxkdpmrf+eF2+1SL9YjJgFR/wrGULAE=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_9952dcbcc58d693eb016840d0f4a0d58"
            InResponseTo="_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx"
            IssueInstant="2021-06-19T13:04:53.950Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_9952dcbcc58d693eb016840d0f4a0d58">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>2rdPKHPJ2o6xhIKXXEMjxz6DxVKHXuCs33HYUQPuojs=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>syQdmD3dzUAdPxHi31rV9l4uJqCWLbOJoBpXQ7p5fmaO5W4eImGA6wtlurlJ8VFyFF9aWAYp7Nx0R3HS+RG0s4bXE6m5LH4Oq9siGdwwM2o2TT61jXQ03VZzb78xFbLIDkhbYMGHe3LjNXvzahfoSYPf9F/C8FpM2c1dZuNj6jiFKC/cdeKeQyEDO+kDs0VB6rcC5a0G5BzrNk4inutUZs0vtcr20yQCDesmJu/U1zZ5zhhOwkqIqQCKn3fYy4W09Cv/FqfCS0b/WXRh2yxLMeO3BHTiqaAAJowC6D3JTwnA3uzwn85+sZPKvMaUD616kXJ8WOksr6oFxcLTCK+2vA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_6c08a1ff244f62d17752c225f6c8caba"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_888013734695eac07ba9631bed42c5cd"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>GBpbn1zSRbs0O/hkOgFkwm9zBtVKSYN0A9wy3VFGh8YoE91ntmrjVYU8tX9dd1fvvI8kWRdLQQm64q2mmBM+nOinfT1nJHynpuwD2w2Re503ch0RegEIP+frgtztdF1ZdlCRRLkRpjyvvrSAktePgiYK8vdq59Pm0Qj0ano+lCQ=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>6p0sm8Y5rzTp3/kDtNIgYhUZEccc97+e67gRJfmrLF4GsNs+tteUuqiDxbX2RRqRXLrqxn5GMdPPZbRXZkKwp2oTXSeVT+ERfhKhPYM5Y6hF8BzRcWCut6m9xtmo6QL749NraeWiwZTv38sE36ND/EbcCy0t8I3YJmwhZjSL5wPukZiMMBF6V+RU9OIzucpfLV+E1pdMRe2XAjPa1G6YNnFScsqianB4/Sp4BaWs/K9hkGGGMUgpXJcHYPylGj8fd+c8EA0pTW//lcmpCjImlh2ynw9xO7G9AxgFDi/gOCUiE6FW/+JbqD0kB2ewGq9IsBTWi6ZWx9Q6lFa2WzxY7UGQFMyEvVddNcFyFalwpEqktKeYtV6hDbR96ONvqQDJTTqe7TaHgtulg+8f0OuNVVcPn7fSokCGtCX/xwuqrHPB0IRLqbOM21rXvsAQAoke3Mmuy1jwZjxEfwestTqH+L0YWSyIwHgdMFOByDd7CaH480ymSob2ONO0E/W+/AcJPFc5glPSBLMyP9xQKSV28Bo8Py0AnASmSi5Lvnnv906x4YRXqzA+uoSFba9rVWUvcFhjF3lbVWTtrQo44fOU5Ra/x2amJQKysLuMmJVJIb9l0LK/Ger8etSDLWUjPlpwCOLONW2clYOWAAnXP5XDr1kkZaA2dMZU9esY+Ynq8qADDG52aKRxPjyPdfRFPa8HVz9/Qcwz1ZkUktpvlRJrRv75vB24o73zt2CPIqHH+wqIF6t2ZPM4sRoS6o0VQwvQkT9a846WQU64gAH0dA5/0VxpfGFPvTU77v+11TE+KM84Ebq0MiouCu2ze9Gk0ebPAtfwTpwP2klJyzE8uxsFfMDP7y+KA2fuzn8zd4BL9lkdTMYBH3tCM8OiJoUaJa06VE+2x8X02LKr8aKb1ejRYwYO6X3XjEdYt/6REabzRlD44f2PnpYApWbgFlkYJjp5eOvof87pSyC7Gw/WfGz4PWyvAEnr+y9Ve4Hgn3oJBzhmIlTZnx9tZ4VF2V+m97MyXAijHSDA0j7FRynEsxKTtWSnc9YdRJVpK7OmBiW7mZaVn6ayye6bszQYt8fg4Y/OAcPOTWAk27Wdo+yDqMD3BmEfACFIV2o6URI56Baz/2dC0apDu01NCNiAhNDM3A6hiPeaUwvO89yYuarLrFfXDHPaX0QXPopI7uO6KmX/NMrHKgXTOT/36CGPBwqukymE4T+i4KEG/QCFjEdc+SGjt3V5K+XQIQBc3ArIaM1Ma4OHyyAmjikaZWrjRvzwtaCMqdNhGBYBEuzhAHbVrqboini5keStuLyGNbUkYZO7q1MXtxgiouZxja8z7IDHq/9ClIFPOaBhf9bTKR58+975j4Rapsndj3cl6dUDr9GZuU9MeRB7XD4DIZxGqBt5JcD4lF4G3DFrYVFPG/fXCgvvfX8wGaQnnCPOGWbSERUDftvHqFiNCnRCkB0Ib3/z0nsjYDUPgYwJdEMdjzF2HOme8rHuBtLMa4iwHYUV+tNuTp5FKr4Pkc2f0HX6asT1XaD8AxAfWcLNtYGZIQAxW/okZ1ndbO8vgq39jGZn1rc4L8rIz8Ww57mFsXiUsJIIY4MQiUyDuQlwXKqYNYRFU59gsspJipqhm0em5b9BOY5O7SKcMp79Tw8AN4bK7MplKzd+4MrtrEB5Pm+ZeHhxonv6K8ARz5oOXaBomWaL6mVpqpXrhxfb4Wy7XfDDjAmsty9GUcvaV6xc+ougC3bNROdRsTLveiWplpRCO3EFIrMAAxzXPbtORzeoRVI2R+TU9R31KceSxC/UCWoD2+moQaqjx3RrQNJW1nnpIsXIX/MsKnH8O0cJ3S2uLn0UT1KpNVtJQuppQNHw9TPwCd4YRN6kfC1R07TP/HLDQx9LBMuw9lkfeUCJ8q874qeFOyigTlbn+gOBGHLZe4dGOEHjkSFG6Dch8DE0Xj2W3HN6Rfz0yx7BGvDjM5nZEpBOWHLbs7sLgXSY3uairFDs/2AGzMBUjwGHYlF318Cq9dklZVkOZFYdOztg1GObPL+U1u67d9Agd2AnnexjJZlMiAKGTv8mn4WFiZ8abalWqJ4aXyUdwTBzLnHKzby/nfT2+OKm3bnuPXYeA4cvo0f+HTak1zYj7gxRC9AXx8HXX2mbGrbm18FPEmiAq5oMDlkEeKJhTX6XpjYHRIm/g/YWeJqzUMMtVPsoWiz097rTY/23mE5uDdPM75KzsrynlBKoO+QIeZNHEbQgw7e8NHEO8XNBJwbl++Ymzo18IcUY0r/+jF0g0pvsgm9zFyUOr2+ytOKm2nX/FbuZw0B6HSGhWfDL0QRVX0hiZ6KzDIWxWFtBlnoEHi/VPXVXG5idhJne4OMBmxQdnSGMixqXDGDvWa3QvitD3oiXijeTq/h4/XG6AiALsw4JoNayxpYL/9JAHQs/+uUBNiUSphf0wgByKHSeAY6oEHBnV7Bg5kwXErLQdFWhE1mdJqZK+yjTIGVYue6mFZ9Iegn5HnQProNXktLrW2/PC0RJUskT1IiN/oJBV8Tjs9Y84DARIpIJ8OQutP+KDFpRjb1nrU3km5i0OD2XcxJSC6/WSRZBOtay5CAejitKrINEhghOP9NbFJNMkic+t2NG5J7xVmzSTGh90e0wcpwhs03vT2IuK3ibpqW8ruy679vdMn16Mg2U8TF+jgnj0IBaZqElEGV9aPip584vQnlc2g8F0VUQtl5dmCmEO7mJK99NiGpWrjNzkQP10CpmrjxSXdpClmg4Ou4gK7doKezysl7WlULfdF7kCZmmbNPuh+lq+0dboCdiaMmmR/1P1s9ueCy0h/QJLbMC2Z4fch9360ydEPgTOh1LRUSeHHlAHHeJBluNj7TF4BsHDau1sEYuUSAZzMhZy8NRsAMFNTX+DirJlF/pzJYI8aYICfQjXIo4v3tr2J+uN4Ut9uIKM0WQL8ygdjZD/tg+uBnxE+y/wuEUKmDhZQSh13oZ/xlsgYAss9u2twhrLp34RJwK22WflrqNeGU4LplxRogRIjZH6l3Y0VfLCsMsn0bzUhwFMabp0KSyH9WG7AICBVaVjpSNK9LgBDwhFxa+bO0fvYd95R8HyVldogjyS22DoGv6Ce4zNmiobw2sIdmuyA0VptaLQ5V7LDxUruB1g+dTbtCbGLNdLfKvX2029bZBvOVa4dlA0CVfvpTEp6x62TavCH+PZPrkgd9oFgqPoapWSScd752V+oQHG3yQu3jBeMDk5c+eBCAUjLoqbnMuQi4Tb0O4kJhfoLHJmZusP5vFE4aGzeCsVOtM+Mwiku2kZiCAraHypqnoRmWnJr6O28oyYjvkwEQ7/lCxLWqpu1dkherkWnc5nnAmrTvD1o+HdUp8hhTV2OO+N3B90NDlVkNjRBay8ANhHiKjnRxm6fPjhWQ9caOlqoTgFjmzIVokaXBwp0BDjdgfw4zISen1Am5FEHuIgUjm2Q9Mx5R/l3H326qlRqq0+/Bb/MmXnh/fvGlHJ8enC2Xng++6XJCvXnrD07KOlyQUuaCOGsmuWe2TvvgwrhjRYyq+b5MfzibPP6+wiqTCQF6kP5+UTm4yMwrp28kR5ctgnAGFuqtg9jwOnVzu8FvU5tO6Gi46k7Q3yFASbr2qfxKbDA+/nC1efrQG/nnIG8Ip8ao0Ur5+iEWAtgu+SZ7pGMX3HQO0YLGKEsMWttNe48hiYPe6DUjEnPy9vLwlLLx7lUrUatvJWosKPARqdk/oPANz96FuO3Ac8WT/y1akDdd5kk9ouahxX7ABkKb0dL5Cfc2YCfBl8syWkGdro3IQtCW9ULJFs6ds0wt7+B+FzwLmFiJfJmL1kfLuqIoKbhHvJpU+CQsjAcIChQQXbmLW98JFoDb4L2eqHeGafI9UW727i4LWPDwHKS2EoICMfhtg6Xd7Un/cXRJkdgXYTpaU8ki7VeYY+GAcgzNFCAXTieJ1HmzxnKpz9WPTyxBXB1tPYG6MNYs9+dX3dZb3YnYcfAu7d92XWyQOv9WSN0FKq1mwJvWnDFdC5lPSw7h6CctxsCX6OkRaskMiBcq09fHnRFMMfyYBT7AXN6j3lPbdq01PvvjJx++mmXmrOxDFHtpBH7ifAQgvDxtiJdZmsIF4eLbmrCibD1DwqEq4hPDK20/nn7YIvkaVgiXqbPCXlUkEZJxmIwpm5V0Y4n9KaG/o1RJOrebeU+gnNmF33liMT5xgD2dM7Teu1JeJAOc/VIqRg1v7PttGG4fjwrmQnOskKO9N+FEVn7CyhTyERxVVA4af2ZqaWnw8vukvSS2IoZHR/ne6U3O3loN5hkgaI+iKhJQdY7TQg3OUVC9HqT0w6SOoSbINKfrxYRC+L77Z6KNTACQbSLxup95b9CTYTobHfVpDsaaVQiL6SiPPHTbKXQFYq/Jy2lvzjKDO+dpthkKgBRJqhPAAeX+wixdMLz156OoqdZ+MKWG3X8UeAVlOzS4eo+o7I7QI76kglH0+BBO/1hJouAU2oPFRX8BiOLuHOV2lYwJw8BeEG9ft6uG1bdJOEiwoTTJueJN56D0W2f/U+jaLfFqm+uWwru7x5gpbUb1iVCE2hQJJ1sigKDDTYUI5uBwZGPSwvftVWFLbQFKwbvbcOhWsbZEnGtLRvfGxjnBn1ZCNYV4vwJBnr+TJz6uKCLGgyQxCEYQmEsjxVMT+g1CYprJ2pLhdo1c3P2DPkYtcPj0gUSKdaqwWkOcXtVJDlbLwKSfesS+ldjSW4tjsQGdXyiteHK5QaoSzLFkAHs1ENR5WOVosC1rTTTNNFSItmTJkhgx/TvLEsoAl9X3nIgaS28rEzHOSiFLZDbJvPGATmXvcE3efmqcCJKmb99XxmlFiN3tPX3EMDLDd0qIuSSaY8JrirbQb32rfETSKljA4iA3Kz1O+WQ+PwvTnQlR/pL8/ksvy+0gjjkipJq2FagKWecCCa+xLpEmHgNtqj/si+nuTUhIb+lPByON2KA1QHVIifPHuq/iD4wxV5GnfT/xEgDt9owa/PKbCRRZSop4RWShl1dn13QZ7h6wF1/ayhkC9tCTGSAe8+hizWqDzRHwzwZuzjFebovMRq8TAIRN/Oe9FlF1HaZewOzN/zRFoJ1yRnV9+NYN1OJmRZqSUJx9Eg2V6qFAIU2jxCV3N11Ysh8QxukLAleUN82krmXm0pHabWxnQ4p2RDeoe8UOYvQgUqTS307TDQ/kuLgJ67Si6s3T3/ONZulFtBmFItinFNdQ7h31GM5pZuOyvmXaEz7AE5rdDYCNz7axYAGEWyyv5oAWsVtZJ1TYXL6a1K510GBh/tJZUp2GCAX37klWo/CqkwoSHa5mgiR9oq5mVGw7ka2QDj0ipOhYYcbcutWoMARFdHwsWh0JEIGZ4JhHf3eULAG+6tCDtV45S8E9QwbUpiGnnfavm814Z3NH+VgTPFlAgSghN98+3n/m6LprmhF3mGpgMqbZ4vdHuA58LEpLVKQT1hjk2zqrs6SVkjwkvUTyo/VyrkNDHJueF/AMpr5NhuX7LClNS7ROGtL+UMO4KXckQCGekAZExhNsdWVA51X2UZ9F7FuTQo0JVKIDdU99DaMw9kSTzyuN8v41fn7amguzi30FHV+7xbWQOsdLb5TDjKVh0lM7rQF9V+ZS54dvqZRORBW9WHNVLYwavkXkOspApQRVTRoJhrloMHU59rdQT70AWEfhBzeNppO8cjHgwjM21zeFYMZ+w+wKz251Tj3noYxwkWDt8VkXy2WdRIbceUQYKsoY90YyZQzLG+in4Rg5UwlfVrJu4mmvOZSag/6w2Bjy9ijdz/p0dDlKnXnxZvSDP26uBlLFsvAhNxuHdVRPvKWpSrw6/iGNx+yL5xcqQJdaZByiXZhJ1dXFRaTHZaY9qXUI2K795CggTp7nXwWfSPYIyp6Te4JR7oXcjqHRCXe2zFtDos+KxnnsCBjJEkp+83/bRFgcwMOZOfdAjfdiXJqZfzY+kQVt8P/SxRMg98h0CEVV5A6XEx+dPYgjYLPqmLrYOJOKU5eUtC6HOasjGUqDRe1O4h0sfLPJy+u09/pW4/mv2uXSPVLBHRqdBKDfAKV3eptbHgL/cQTXHEhHfQm0DqSXDcqekkuKQ4qPgMAdB4mC4DWXo9NKuAZGECgEzJEIyAiUuANEGK5hOsSRbM8OuWP8CYYS/KYM2ibtNKpBMsfCuZwnSzQxQQLS3NS8d2cnzdUFIVG7az7S0DGFhBeQ4RvTa7IGFvihtii6pji/xEDcjxZsJQlwuQI7+4ZMpcy0rP5T7LSVw7SauSW/exV5wiEm7gjirLD2si3PFHdayysMBVSldeQcbc2TapvVMUWNX2FzMMvqV/+hjK3AhfQUP+zmukMoraKevam6s9phVxoYesHcdmkEZOBgb9O/IEDM4VAkTXr4n/Ix8oEw0x6UkyE91lHKA5D4rHyA+dOifbScVcscJH7gxdlFwtRmovvAWmzpO/4yR+zz1s0U2/ojCoJyi+w97ze1/A/7a3TPUO1gZofZ/+EzRjT3vhaU89Dhhfq5QUnX8RF5/oSRYio9+bOSPi7+eOy2XdofCytPLxlA739KcAe8rOawxWg/IdSdH31wgqBjwwndfpmN3G6fJQvGDwL6X5eoKnLC81f3sXpyBGvvuX0oODIWw89TKjL/vk4TDo4McOCVWZbY4rJr2U5EvHvnHcuboEDOF2yqoncThbl3Ffj0ws+Hw97s9uqJcETG/lQZBGi0JBgt++aOS3L2jtTirkJJ0OWlVcZFDIyLuzJnRvnnbjbGK0Xypz+p7NojiNZUqvNgcoLVAFk80OfXFLY1cWWDN1V6xgNXPB+kVPrg6OclXksU4dltviEuEX1ZfsIP4wYiR1NChfSnOoI5JvRWG9d6nTxjQ2O5I0kS+0yR+3WqbD6/jh5PYPMBnJ0E2sBSeYDz76pLg7PHdqOXrDxMFtTJ2YleyMzjOECJE6UxlTB4WmkFqluE9+P0WMx2Lho0d0Fn4Liv/edqfMSbuRUWxqSC/RVyd/2rIZ7O6ZV48N3Yk+dLjbrWM+08ouM1btE06WQKXarDU9ACJmUQ+YJw9JnQPFY2ZAIgogsiFmTWoU3JCh3MZjz6u+7rRh8ehz6fdNxvLXpVwuxNk/IG3036auUC18Goem0fuX8yUIerGBgbBnDtF6EeacSlkJ03bvSOJ10JV3OlQKEnsnUE5YHIK8TGnGVx/hHxc0UkrM9rzKjq6neOjJ7Bi9dMWbGh3CN6Vu8wfthqLt01+JQaPjNYAO+WPvbrlYX2TO/DI1fRp1WGXEVPG78ekTsh6Yd6aNmzsAZ4ZxetDnBy2V7lAnfA6AkCLUbMg//LZYC23GgSbuW+4qYggaySudehfys+7umstQIcLsf3niRi9G1QZBPDEMAEwx+HsjFNmysPQmzq0Mol6N9jpNtBnZS95s28WZXHZ5V5ZQMOoBHa9ZfbrZq/5DfW/fRQqmmpIEAuhtkKyEPAg4FzZQn7dq/Tw6pTbIzaLhP6G2hVKdejFF3qIUG1GC78yid6pua4UfzRw6L+WI7+Mjk8Cy83IjZKwKGkP2qNlzQMwMunQB294dolqseXT2jkgFo9UflbNMmLBiEqumOy0PV4BMDnl4y9NrIKAE55Cffs0boh9KL/DCPQwS1/G1GQmLic1Tspx+T6L4pq9nHd7G+pnJRdIqGvfVE32mVhi7Byfo3q81Y5DxcXfZR1LTTcZTY+FW1sombAeb0Banff4tRaTmlEwsNu4kp05nWJYCwdWb4nefmhZ9fVjrk7JhxV3UAFAkCe0sVcDVaVEolCcaXFvm9voFH2BcfzXt24STRuvi0j+F5NsXDjWFqxSlvhlCmCsqvWi3l0ZJ/FOh/DMETGBmdWla5Eu3pexVw/U3pBHA9gapOtJljnarb3W9oLkWj88mHC7I/2KStTfy2U/ZmSN5qo2s5c2OmQVQi5P4Olc1uqDayD+Wv5pqfuYi8w0yY9Why0FiuKLKeCBVf67Xn4aK608p+QONz9C+hrdLDHI91z8a39KMEmYs6cE/gRrNNW8NNfq1YvZ8eM8wZLR8cUEqwCyl27DXeZEpP1Fcav99kNEnW//C5yjEyfEW2SGdLI53Y06tvXwSQ9+9XhpLmiejHzz114UdAvCx8iUH6Hy4zw3frIuunDu7rLloGrszdRM+ffSS1cdjobByP0PMP6WBuMw/tFAoJV3zNE3vMmzK4VehrbV9wHhOcftSkQiepsC0D4fyDLRBwqSttdgcdOOxWsDD6TG3O2rNx8/5mDECw/PI1CWRO4zkM939DU7L6BF38S09h1afJ+bRs6P7tzGfCN89VCQ/tw/okmBdhfymn5grZMZS9gGplJuyOsGiuDuM71bQNaQ53lInfbLSsnfmT8+UGzGe1NGrzfM6xcpD5PCRBqYVGFaGBM/LapKpXdbWnV8uP/twunZIwOhXBZouoxyaLnhm6vJS5Twxy9Y5Rm/TnnjipCd8FcUlS31NDIAG5XVULiIOucfIKGsX1O1yBwyO5Lwx37T//vy8SqoKjOoSlfJTPgjHZo/LWXlRQCyR9mQAFoups9R3WFxkQAiPI+ouNy0/74QsTiah9VwDz303EiQ+y1u7A==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-06-19 13:04:53,973 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-06-19 13:04:53,973 - INFO [Shibboleth-Audit.SSO:?] - 20210619T130453Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_ga7zvyde3zk9bwvz7v6ng89d5fqp9c862mvx|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_9952dcbcc58d693eb016840d0f4a0d58|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxoolASuxyqhr4HvF4m41qqsaj9uEze8uXkaIbfSWz/K0v/yjvnkKhytQbOpoO46L0gUTHUeRN0K70lWDKSvSMIq/iF5ET/hQtddautkGiN8cLPnMZBBixj1TrKizxr4FsubUV99QjCTfvO2xi|_2082b24fc7ecdf8f36b0a2e5279da232|
2021-06-19 13:04:55,579 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-06-19 13:04:55,579 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-06-19 13:04:55,580 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2021-06-19T13:04:55.579Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_f5fb2b81-3b86-4035-9899-fdec64bec2d0"
    IssueInstant="2021-06-19T13:04:55.579Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-06-19 13:04:55,580 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-06-19 13:04:55,580 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-06-19 13:04:55,580 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-06-19 13:04:55,580 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-06-19 13:04:55,580 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-06-19 13:04:55,580 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-06-19 13:04:55,580 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-06-19 13:04:55,580 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-06-19 13:04:55,580 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:55,581 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:04:55,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-06-19 13:04:55,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-06-19 13:04:55,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_f5fb2b81-3b86-4035-9899-fdec64bec2d0', issue instant '2021-06-19T13:04:55.579Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:55,582 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-06-19 13:04:55,582 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-06-19 13:04:55,582 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-06-19 13:04:55,582 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-06-19 13:04:55,582 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-06-19 13:04:55,582 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-06-19 13:04:55,582 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-06-19 13:04:55,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-06-19 13:04:55,583 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-06-19 13:04:55,583 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-06-19 13:04:55,583 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-06-19 13:04:55,583 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-06-19 13:04:55,583 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-06-19 13:04:55,583 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-06-19 13:04:55,583 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-06-19 13:04:55,583 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-06-19 13:04:55,583 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-06-19 13:04:55,583 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-06-19 13:04:55,583 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-06-19 13:04:55,591 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-06-19T13:04:55.592Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-06-19 13:04:55,592 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-06-19 13:04:55,788 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:55,788 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-06-19 13:04:55,788 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-06-19 13:04:56,178 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-06-19 13:04:56,178 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-06-19 13:04:56,178 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-06-19 13:04:56,178 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@418840809::identifier=rick, context=org.apache.velocity.VelocityContext@6a768d03]
2021-06-19 13:04:56,185 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@418840809::identifier=rick, context=org.apache.velocity.VelocityContext@6a768d03]
2021-06-19 13:04:56,187 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-06-19 13:04:56,187 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-06-19 13:04:56,187 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-06-19 13:04:56,188 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-06-19 13:04:56,188 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-06-19 13:04:56,188 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-06-19 13:04:56,188 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-06-19 13:04:56,188 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 9f287a867348b9857460970329c62bda25a381e925b9669f37025682a424b04f for principal rick
2021-06-19 13:04:56,188 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-06-19 13:04:56,195 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-06-19 13:04:56,196 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:04:56,198 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-06-19 13:04:56,198 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@68678136'
2021-06-19 13:04:56,199 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-06-19 13:04:56,199 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:56,199 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-06-19 13:04:56,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:56,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:56,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-06-19 13:04:56,199 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-06-19 13:04:56,201 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210619T130456Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-06-19 13:04:56,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-06-19 13:04:56,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:56,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-06-19 13:04:56,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-06-19 13:04:56,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-06-19 13:04:56,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-06-19 13:04:56,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-06-19 13:04:56,601 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-06-19 13:04:56,601 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-06-19 13:04:56,601 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210619T130456Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1655643896602}'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@68678136'
2021-06-19 13:04:56,602 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:04:56,603 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-06-19 13:04:56,606 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-06-19 13:04:56,606 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-06-19 13:04:56,606 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-06-19 13:04:56,608 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-06-19 13:04:56,608 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b1daae23eebcf92be9c0afb2da23da32
2021-06-19 13:04:56,608 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b1daae23eebcf92be9c0afb2da23da32 to Response _8112e2ff02300aa1f00b7a8b9bd437f7
2021-06-19 13:04:56,608 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b1daae23eebcf92be9c0afb2da23da32
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-06-19 13:04:56,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-06-19 13:04:56,611 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-06-19 13:04:56,611 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxC/ef0BeegOuPv5diRdUvEp6fOjhwbfuUhdXc8RjTrkHfGYId1JHADIDGVN7xuEMc/NMiAQ0wr9VziqzJRngbC/DlKmc1R2iPUUIYE9f8uStKuQalNg/fX8IJ516w8Dt+XTyxogd/WdvDO0CI with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-06-19 13:04:56,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b1daae23eebcf92be9c0afb2da23da32
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b1daae23eebcf92be9c0afb2da23da32 did not already contain Conditions, one was added
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-06-19T13:09:56.603Z, to Assertion _b1daae23eebcf92be9c0afb2da23da32
2021-06-19 13:04:56,612 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b1daae23eebcf92be9c0afb2da23da32 already contained Conditions, nothing was done
2021-06-19 13:04:56,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-06-19 13:04:56,613 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b1daae23eebcf92be9c0afb2da23da32 already contained Conditions, nothing was done
2021-06-19 13:04:56,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-06-19 13:04:56,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-06-19 13:04:56,613 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b1daae23eebcf92be9c0afb2da23da32
2021-06-19 13:04:56,614 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 9f287a867348b9857460970329c62bda25a381e925b9669f37025682a424b04f
2021-06-19 13:04:56,614 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 9f287a867348b9857460970329c62bda25a381e925b9669f37025682a424b04f
2021-06-19 13:04:56,614 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-06-19 13:04:56,615 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxC/ef0BeegOuPv5diRdUvEp6fOjhwbfuUhdXc8RjTrkHfGYId1JHADIDGVN7xuEMc/NMiAQ0wr9VziqzJRngbC/DlKmc1R2iPUUIYE9f8uStKuQalNg/fX8IJ516w8Dt+XTyxogd/WdvDO0CI
2021-06-19 13:04:56,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-06-19 13:04:56,615 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-06-19 13:04:56,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b1daae23eebcf92be9c0afb2da23da32"
2021-06-19 13:04:56,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b1daae23eebcf92be9c0afb2da23da32 and Element was [saml2:Assertion: null]
2021-06-19 13:04:56,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b1daae23eebcf92be9c0afb2da23da32"
2021-06-19 13:04:56,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b1daae23eebcf92be9c0afb2da23da32 and Element was [saml2:Assertion: null]
2021-06-19 13:04:56,632 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_8112e2ff02300aa1f00b7a8b9bd437f7"
    IssueInstant="2021-06-19T13:04:56.603Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b1daae23eebcf92be9c0afb2da23da32"
        IssueInstant="2021-06-19T13:04:56.603Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_b1daae23eebcf92be9c0afb2da23da32">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>FrJQwv2I+GbHUoKmszekkkBYxu1D7q5tXxCQjwp8wtk=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>k+H93j46rHTYF9LyPUVLcmnQqw6Q2TPT/5X1VTyijoHW4wDVqOkT1Ly240ZN/o0F6JFwXFUA1/1DhfsStOSldmaGTpTESZ98YRg0xNF4XkBOEy2hdDxiOWBMfSAchS0Q/O4vNJliNnG0b0kQef7XA5tfBvKRoLGrh+QpRYzB91fu9j9kR6eJMtnCKJxAaFodGQIVxzodOWm0E4vUrtw2Aulwd26k6jdwUmYrA19Y8e+AmOkQdfQe13Hx3tpT8Z2A2dVajPt9Ay0R6eYJoV1O5ZZISlg1RN5BU010UYTh+KdjrKNkoxJ7T1+dQFzOwGM8KaKB3Pp+hS9zRIBVh1ouVg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxC/ef0BeegOuPv5diRdUvEp6fOjhwbfuUhdXc8RjTrkHfGYId1JHADIDGVN7xuEMc/NMiAQ0wr9VziqzJRngbC/DlKmc1R2iPUUIYE9f8uStKuQalNg/fX8IJ516w8Dt+XTyxogd/WdvDO0CI</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-06-19T13:09:56.612Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-06-19T13:04:56.603Z" NotOnOrAfter="2021-06-19T13:09:56.603Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-06-19T13:04:56.187Z" SessionIndex="_39428ab41f5459c11bb9e24d81921849">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-06-19 13:04:56,637 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-06-19 13:04:56,637 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-06-19 13:04:56,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8112e2ff02300aa1f00b7a8b9bd437f7"
2021-06-19 13:04:56,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8112e2ff02300aa1f00b7a8b9bd437f7 and Element was [saml2p:Response: null]
2021-06-19 13:04:56,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8112e2ff02300aa1f00b7a8b9bd437f7"
2021-06-19 13:04:56,638 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8112e2ff02300aa1f00b7a8b9bd437f7 and Element was [saml2p:Response: null]
2021-06-19 13:04:56,645 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-06-19 13:04:56,645 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-06-19 13:04:56,645 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-06-19 13:04:56,651 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_8112e2ff02300aa1f00b7a8b9bd437f7"
    IssueInstant="2021-06-19T13:04:56.603Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8112e2ff02300aa1f00b7a8b9bd437f7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>i13eNLrynXCW7ix1u3VUmOvQ4ZAS1aGQfYMYDRG+mJE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>XTnf0TsC0NuP5vLs816oKmA5M4TcDl71pSCLiyT5gf0i//qURJpL/lDM2DJ5CS7MXBjC3cpSG+XxSukGr/w2iPpDrkDfJwsGjO8UIznO8nR0LlXjLMLFf1hFnvmJR+kwMkWlmAAjLS6jgeP9GkoXrjDFAa+RqBZEW7jaGz/ctj0qRa0h7IaL5mAnK1nE6OVgY8MybM29I769F/C0jT4p1/h9NWUsK3URKXgQH9nRcLzM89KmcV6ri2pPhewPv93Y0ZQERIyrSjhVk+vltWncZ300pU3+EfAt3DUxobXXtd4OZTbLcxieK/YIt3WeuKLZhMHR7BJnquWBTrPQKfywwQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_c25228bdb039be3c20279918ac1ff4ed"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_edd12586fdadf4b046b102549d7bbca6"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>LZC2pjCGqTN4NAetOxSXDZi8V6XOXGauM+uWEtZhtv9R4FPKWHxc/6pqHsZ8dkL8BYgnIvBlAP/4V2WGDvhER+s+/ip8FjyCg9uGtmYQrw3Ps8ApsZHiljImZwG0IqTnm7TqT+iaf3N+4rS1Z9fiDY9CceEAn6BiafWaYDouzao=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>uWsA2K9MxrL39SIyTkYwZCVY6W+xVkFkADNRmQb5HhZ3X9nRAA+POaDBlReznVJBXjPi5LoMekZ6DeKMENXkGJ34KWgxvYSSfYwpJK36JuSUR93AaxesOA6QDKuCs28cxslIWOMccssWzacdSk+/B8GrdpOwSg0Fi3EYjforWMijqPajVF6krDdVElyzGG0cq4zibD9FXvkD4vsJAF0urddcRL0+cNIKhHFXWcHcX7qxFMuG2bk7RyH6POn2PChJP7M0oo2/9CZ7YSvqvcKJEvhSv+f3SU52eyM93nM7JrB7nsrxU600YQeRkEjCUu+HAxmCGpxg9stK6SFvG7va3KuHRpAG1R/pGWjwQvKGVPJUtqJOEESgkFNc500xH+PfyKbpiXPRvgnPpEQVIVql4/R7KbjNd9KXs7ZUdpInqJnhwjjwdPaXoSt09n2FSSiOwcEuYpUi72BsbltELeW0LyAQnNk6HXu4DUbT7FxxHTuqcp+wm52ZP6Fxba2M7209ZNBqQJdG0sAEZm2w8iGB6n7gbhvb/5cqMfdbFRWgI29XMtvh5QWe522K5RCQxADqAB7s1Kzwa0PkpnfTtw4QAemQY4pfPuS6r36wQ4dCB7zm3V6bZx0PkTStUnUUb7c+awpLLm0IVmLA1jYOOydg7x2DERyHyCJxqjUhALLEGi95Q7B3SB+xzNdKQ4ZwHGAvIZqd2ODA5gb9/81MXWAQzl8fuvn+wxi/cz0pTdpHcpwg+lv90hpglDr12v/TWvom4NJqwdZOlgqCZPepcRhw6d7/iE4HNlKVgxRketgxUw45KaRZCqrFmYa25w97eq1OsYQKtNp0p9ODODFDrQgv1v2A+jSX1L11Z8v9ynPlGi2xzu65Svo7eaZw3bikPJOCTEcKHrzLwBLUQXsc3G1Iksnj8uMPY32BZak9yh1RZR7FqvTvFsXd0WRp3Qa2dWluCtE76UhEDPddr/SssOCxaXIVkr+K3dw7+bKBLAD3VB3ldRBLKOM3Bje1bBeY04Yv2nqAe6LqiCKxnR5n9zDzpQPEaTs/oHHu6ibi7fmordbUq+4c6xzlF3FmGA4eryXLlTkNrGLjhcyo362Ne7VUEy+0kzfgaxDYqnqxbOkGTwJChcToPtCOrhrYEVu3dvC3O4oDn0aHfVv/xRKhCTK/t9DyzIbUl3e7We8bsG9gJjR7TwL8s4wRdY++trhXlcqZIvih+dktOKgxZE+Mdv2vm/nSVue3ovp+FdnwClTbc7M2fXjxQivqLUOcG7WmUxDsqt8EHgGUBUDjDPQjljTvQXRMNFqFYyeg2EJtlTEnmGs6b9buGe/FUTgJYjKVcofrDiVjLia0t+jK/b3zv3D/fcGzvmQPJdB9MYkJ6XKlVAqRM7q5kN61WymlpGfYIqJ06qcGKz4KKcZ4g3tDwit3LxGZDv9OD10OsnyDq4Anbs6OZEBT5zhanEbQ4imeOYEKJuErpHst3gBWQZsXiC5Y7mGgCRNHNZPdvwtrhjOcJTX4fSlpkKAI6EIjWXKasr319cQhqMPhESC4XwsFdNj6bzQnd+WOqZjlJMz3hEvaIms4vdEObaV3A22L5wRQbzz4TTZkXEl5/pniteFubtBoOkr0tfKaG7f7n+JRsJtBkko2qTpNhBzL96Xhx0Xlaha2wRRFPgZ83HOZG4HJEkykWwG4eAqaw5BFamE1nz97tKIzUkjUTjoT1mTKhLbnV45AvR8AlJNSkWW2OWdqAWqI5GPoZMEzVUq+LbFcXbzAsxCtXYqrpNyoqgu7rXa5gAfm6MPST1t7XLpX2wuFyseJ/0yTKehL2RxT+AvODy3SnWno3I1nPSBlIN5eLkNR/uX/t2DGJecrOJpp6Yw1/a1jZREzeDTEl3zNHPWLqMwWHJ4IRBy4WRSPfTaty1Nv8kn5Y/tqVbZmfiDpz7aZRLXh0Ki1q6sI20rBJaJhDTRaso+pIX81g6Wx9HCTMGweIHyB+vN0FO0go3Nbm1IaPeteOogQdhxM2i0a1dS0oFsX+reXYzyoChTzzQxmXNYjS9svIqSqbMB4d91Zi8quJDrrNtyucG4GsrC4lWBRvlXdmDKk/ccLga6Q4ZRwLc0ZU3wksPWCV9aEws8/jmSolLDUSuM+204UfsFt53PMwFC6l3cLJlDoKvH+sCZS18pZivsMRW3LLIir1qZZ24ZaW1sn1ag8nHhY6OlvlBL/YMjneSyd5KfqYCgMDnRa4lQX+DbxrFuUj0LUsac0eBGjHKDxDuiRx0AtEbjQ1bMFfn6GbSpqwEFwdVNhL+c6xmOp9aMjyECtEECHLkK+4ikxD1sKFDoU50USZP7MTbsBzkuBSU9KSeQu8HatTX4h26k5qGhxOl4APeAMzEtuqLTP4EXKsgm6OAidzBEqy9Ra9qGHbXTITyyVwQ2WwzYGwhlKxuFunIQ0H1s3OoB0puYrEsYPqPosbu6H530jS9+OGo70FKo0WebE/3Qilr9ly/HEZ1mDN8OG5Nuq4RxW2XJlyGh+S8CYZDkEJU4rW97Z6RviMR/EqbJbMeUZJteBYe4BdEaL/UblV4IEwnGpjkrHhF7QZ72Dt6iRJs0uQYn7KtVP1d/h8HyciewwWVeLzWSCdlzTKPMrX5aiYOrHvQOgozhePlutBHp0L7AWync0Emsou1b+F4d/llGiR32RGooEQW2McpqzsAGei3W4BsHyU0BXM4hyzM+Zsj2nznplTon0b1bYEhdO+COZXXRhAmg3vUORg1i7Yd/2OVmEVCFL4nzQ87tqWb0Eyk3tJ+lzLEwqGcpPTf4/c+AjTQSp203uDUDHFng0nYSoFpkfmNvvWh4vfLyk9/px8mB7ieeY08H2ctlgcdYLJFduuI3UYKbiR5AHcYdhTRWkJgqLIS7x0trQXGUD6WwS5LMbVgn6LKtbxRFxMBDVQNQ2v+1akb+x5K4XihAbXTmEHLH3PUIFVhUzP0knpyoxdmrEpIbFG/I7IXUbQIZTQjd9aLRZnsutkosQt0ASkoD+2zAidEm64Ag2IVz/4ClSzxN7bM8/sHS8+419STIqDvzCPzbGNLMnTMjgHnjVigZCC9x36iLoBjtQBYd4rn1zqO3/Hn3AuCwCW62sGY5Vs3HRzGKCqBbeeVolhwQ+Y/oFCqCj34lA8DA5TS+bJGaTe+QpArOPx4pfdu2CFhN+9L5LSvb9Hsz+L4NQfDeJdnm+fGeIvHjMZcW6SYuLAoq4xASdhtNikqvO3tBiNr8YGeafN8pBx7Std73yzLAme5xvFKDEjSxu/l2Cpxcnk3a9sIPVWEwm+qWG8usnRfjDqjZUasuaCxOPTR1MTs8ekT7RARLJCIal48Pw2ry+SJYsDav05tYZysuQn11j0avltZIJDs8+gTt0FjszUU9uJHh89ryutieE0X3uAfHpl6QUDs8LhT0MGLysuVgesskxNxiupRzyVrGTfovfYhAjbRSmlFRV+Uk6RO2ieCCxemAu9uOD/wk7QtZGwdE5CkR1NzUORnpN2A2SYWEtpg2+UeHMUntyutDWSBc3ythyVI1uSfHFK7+ezwvrwwh0WnAG6tdXi4qhNoFIHUhphj0TFE29wMm/vyDMBZo7t1ETZ+FwSNh9wYleDmRjSizDqgElz+x1arQRIc7CSFT9of5fO0VUhDJkH/ikLH5YhwYFvlEA2B+VgWaJ7VsA92Qc1vyxt5G9fjZkur1OJf3IKIYxmVRWrCktdqQjAyz8Do43ev1KCG6S8F9LSDRE3UXVs87NsBXSH8AwDgbjVMM6jZc7bNd336SYwr7eZnH+yQj5r03LJnRX41CiuWqORHjAD4GPRcsBPSoszmp5dunl/D4JyT3c2mYblOG2T2Crv6HwCIGyfyqhzeEKm1/y2Zp07eKRmjow+87BeWsQZ+l9no2uXnzeGoKickn9UNjD8cqBYhtQ/zhe+XJ4yxke97ryQaCP1ePBaca7G68YJocw9McbEaeyKTkMsGz6ou3ZtH+vLygm1F8TA6J6iF3oIc+eaKOOl7LIhLjYv3Ipkp9yi8YGwr0/2ZieB99wWvqRsLBLHDHDkS9lwxuJC8tQxFHqPLg7fKKVSugaHgfGwTRLM9aABpRGp0FP/4ESE6KwoIHvwkX0pIr0K/FVZ+bUB8rSEy1fj+h/gd396YsTU0Z+yD4BJ6+2/ThMrURUwVVJC4qjLAgcgLWrleKD56vbYxvBwMK/HSswZvfgm1dhLRQdEnBgQE2Grd3/C6evW5t+ZJaGv+1pG8+ot4JwBaGA3UJzF9yhpFnWYR4mc/bICiEUpY26W4ytGG06e4/uXx43BNokthsjchh+0Jg9KiMSWFLnCZ6gWt42qKTl8X9pzP9SHF8WDg4n6nJ5F23K4aKujxBADL+7WPilh5rRhuUSc+9wPagcDSpIPv6CDAii9b/PpMuqpas9PQ6F6j+qQBszLrHXEzq4sD5p1diXPlxQuRPBHBgZCdJkXSXlheENjDgw8Z9oQXbDdygOZ4jBzjpj7vkm/zC9LX91ysHrLCH1c4Lcmf9Qj7rgh3GNtuWrLALJBvXHJGhqK4Fl96n5Lu34xP01fmpgS/xeJJzIuig996qp4vdPcLUKtv06xoI8WhVRe2kTdWqRF6FFL4mus2yLWZA0izNvps4jXK+sOwZwKX6pooi2mD/xsVjEKCLgu/GVg92KwYrtR4XMJwkPCUIaHgy3O1BpbocS8KdvdRyzQrqHUz5AqWiUNI43I337u42R50bJUk17MRTaf/VueKhrYwpkPmfjb8lQrxVeQdKFjdr0gMAvv2gfO+SGU5dzxaUoeTm6uq5z40rjmC4FNby//q442CVhT3bp6v/UN2iQCi1q6YqilcfGarlYV0tKGOAJo9ICVcVghRfYoQYQRzJYnIInIqXK8I+pOqSjVJZkWAhotIxecngVrIzOVNVJChbYeFj6uqzwPiOtvJVgkzVQQJvby1caBCSINT+4HVN7XQfPMIArXv1/nh3pSHiXDpf66TTzumk+G39ZtrY+alJEKvMAfxbYTwiKADhn3T88h79hxJf0ATCXnjX0zu4gTLnpGINiUGJfEvhiM3xTfl5JDVi5Q96zFk1NLF+wxnz6sR8rP+7JzVHduD1PVWdCwmUD056s8BLiiIymLMpuDTWpCzFva6o9TwUxRRgvn56/jgu7fuvb/XexH3mPka8IRrZQNZloDlqmFSSPi+SUlCfdLZAAQ8jq89JP7hcUPPYzgqb/+4YyuI0CVChAXWoXVcAp3hwHa3WKS0uZ8C/YxLaSVne+4yr/ZJIjCJK0qhXss+xwsCYKPckjtz3LqDaO/TR0BJFIwc39nELCDpdx6sLCua6wVnpz+ZDb/B9sCzIi76/hy9qgYIHDMbDH46B/436X7dEOQ3y8eDI7g3rCvnLfgWtzkBln0kSrprSNZ9RIHFcDJTnLDb3271BhWfte0ZC9wiOiJnkUaac1POT5X27/cil0bV7/PWH3Vearwli1bMT9L4pRCTxkx/rYNUawmQB7u7dlYtmt6cMAB2/OghK2T05IHF7UsILqZbkjW6AXvIQ3RG6gylFFSKYuELP68o10cyI4gtoEa+OfGi64FoAfno8Wm6KFcTVF4xNXKvidLKavlWVAlKmHXI0zgartVr11VO8rzYZ7SXQltxkoH9c0RUz1T/72CDhtzPRPP7UIP7tqLXwkFBOgZDmC1PCx5PWY3GrTkVyPTB14n/qbM5kMsGi+1WLtRpYMa2Oh1COzy25VE7XxGlXSb42c9vj1o5fvh0pHdiJFOg1Aj3rhVGdon0U7DBbJZNSpd2CIY9uLfXifhZkpJFQGMD0lEF8aJLes/IilJfXIMZzxwFVaerFfjH6MaJqolsBW3tDPxh4Rl8Jdli8CcJkv+xux1m3dxWcEMqq8Q3kmiRefPB8P3+r+39uszuAYefFCQlO7DOEnrW2OlbzEyCDt6pmHHXCm3pn5yATm17XdDJupqIdMM5hP0tSwXW6xQRVS9eMnD5PuBVoaiZpMj6Xt/NUXikEusQ8srAbsJcPj9HTKMRONBPzG/7z7lRu2q2lOyA+AUErjYjO/znHuf3K8ZrWb1kng9SOqwnLJFxQLqYxGkk6/bSBkyzLNgUTmoJwmaYVIHvle0X3YerrEq5CT+7SYKtB18CtVQvEEqnmyIFBzK2hwOTUx03rGkMHd+ilhvDRFaH49XH+FGQt6D99/DCblAvdeiv85DZrAcae79oCIBlrBprtvD9HwXfa/l+CoPqdoFRsSaJ/SAyaumgGUbcB2VEmJzzKaEWr8rlZiCojdbsIwcpJ1GVJKoLoYssS19FQbJPXjuK8Se7/QUcGgHuKT9bDdwvw7jdnXIz5aTlyGMRuTMKiValUBrJWMur0FHi4FJ3TkWBLW1lQjTXbvqFQBO/uLZqSHLtLaCI5PaD8UT0YFhvzJ0nMSxN3B97LclzCg0TRA3UItAB/8I4M6CBdXQT5vW0U0hLTcS250PoI8AH1guUAsaqysTAMDzS3kGO7gU51Do3Mx1leATxYRqhSMjtv7j0HU+3Y/qtZrgGsN8ldDM2bQHlSRcLl3hObiBeSYfL5C0F9wFrNZ1uWReIIYN5eQEb8opnnTiRW0q21QA3g7tyGG9gUga8SmCpPPNZDn+Za5ck312YJDIXg95vpjVOlE4rqzp18S6T4K/TeLQo9PsvIj+Z3RqfuJnKGGOz7EZEvPgceySeyv4YoBEOKlQUfqejIixziOHPEe4VPGl5a6mBSqCpiXKq7R0vVTEJB8QDBd38D9NPVACjyaqij0DlLt9tdbblLJe8PGOLBSSRj2A9V8yXhuzys1ZZ4cl56LZb74/Qw4We/Rf5wrxMVpZf8vbvr7yBqvRH63fcoK/pxSpaspM2JPyRme2NzeoAPBHHTR3mcpVPLDuSe9nx6l1O10NpkMIA43AwyUN68bjxUjpgj0GDgDccoHhdQu9D1zzPXSdn/UhfnDcw3BlI1Y4B0aB3skRe+C6fj0Hfy4b9+vZltTrCaLSzs0ZKHBJOlm+R1SqX24yp3iRWZ+xZPvBIV01uJ1za68m7QZM20tcluwQV3/qBEqIIC44hYRWzLGr9qNoson8oXlt3ojTdrIztbSy0HpP+uVEPIgjvvOZxkr4cW51GPLDySEJFe49MirH14g/kKPWRSYt2AobQSOC8SzB2d175JxNX2xFgmgzR5zldtF/vZ3hOccqJvikwIiUcgd1kkEg+9/n4P4IwH7BC6buw4Wlw0pRf2qMr/1C8wVKOnuajmxzWdn6IHBkDYKv7QGqTIOw3V25xKujPgJgtsW550w1Ux0Wun1kOTE+153Iwf/rZRs0HW7A9R3uagjGPbjuDsw4Loh5RtW+C7O47aUYFm63g9pgmF3+yTNISn4dv1Zy/Pfh/uBWRNxP1enfzOesYAZYk4+NSjTNSR75LLRuYLjWOY0bMr9ceeFNeLtzr+gxyUlXpYdZkByQJK7lEQOfyZfFqkBdG1+0Pd2zzIyXxy97AfsTAYzu7ENx9yy2V5zO7+kpQhTJy9g7M4MjOKGq5ThsbVY+KMR9JGBjd5JZzl7xHaUvzOB4IgMbNem886H+ty+mSgMmStbPp42/Ytzt8GAPx4oXVDoQvGXqILXk40i2nFiv5HJ8c0C2CJCGG37eUw/Kbr9Tbh8ztTGu61IZ2yXhHBbvTo5AygL0HyE5fwUQ/jMvUqrnpWz7raH1C5fpyJGnMxwXDD2iE8TncAX2GkI7Nt53OvPNFQ8cr6zW9n3DY4H1sg9XSUGXrejBO8r67gXjE1pcS2jIc9KiKImhgHzNntBaS6Uiv6uUu8PT0xSbxi5/AANORqSUGBS8haOebBWmlIPWZ217q1PKHU/igwsWkgozUX4njXDXlLDchCdTYbrEM4R7rGe6uCTksuNSW3jkBBhELOVcxsDvgpsicLF6dgwHAm0ycr4YxVS57SaW3+DEfm1pdkWltSZWh8RUJQS2eXPq/8sBuySNGyP8DQX4wLW/Tc6hWEzsy/ZAo8kxh9wKFteKYj5zdxh+aQAOI+bnXL5XMyzsqvP9RWjfYtCsMXKbyaOqOeo3ykQYA+8VlpEjbaVvAMa6OQciWDn8XHGtV44oS+1wWKGQHO8S2splPeeuDl36JZXMM7bOVF+GRvzohwmmAJK3qA2VrnCv4ynZ8Ni3VA0NB58TUYKO8fvb4bxtziKlD3tlJCxsdXMK32s5lA2gNl8u++uYqlN9AJ50sgUOw5mhnn4tPCzWHw+0Q54P3oWZ5f1Dl1GwJEF8OXGNEycZhH8Ofi7UFL9s3rS0gimxasgoF7XcqbjwO0=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-06-19 13:04:56,651 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-06-19 13:04:56,652 - INFO [Shibboleth-Audit.SSO:?] - 20210619T130456Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_f5fb2b81-3b86-4035-9899-fdec64bec2d0|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8112e2ff02300aa1f00b7a8b9bd437f7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxC/ef0BeegOuPv5diRdUvEp6fOjhwbfuUhdXc8RjTrkHfGYId1JHADIDGVN7xuEMc/NMiAQ0wr9VziqzJRngbC/DlKmc1R2iPUUIYE9f8uStKuQalNg/fX8IJ516w8Dt+XTyxogd/WdvDO0CI|_b1daae23eebcf92be9c0afb2da23da32|
2021-06-19 13:05:25,015 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:431c6be9601a1c370a8e2fb9183065a746db812466c51ee2a0ccc19bca21184f
2021-06-19 13:05:25,015 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-06-19 13:05:25,016 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-06-19 13:05:25,016 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://fin2079-portal/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_b645d7e8c3417bfe57e43529ebbb4c7c"
    IssueInstant="2021-06-19T13:05:22Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://fin2079-portal/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-06-19 13:05:25,022 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://fin2079-portal/shibboleth' from origin source
2021-06-19 13:05:25,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-06-19 13:05:25,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-06-19 13:05:25,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-06-19 13:05:25,022 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-06-19 13:05:25,022 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-06-19 13:05:25,023 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-06-19 13:05:25,023 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-06-19 13:05:25,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://fin2079-portal/shibboleth
2021-06-19 13:05:25,023 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b645d7e8c3417bfe57e43529ebbb4c7c', issue instant '2021-06-19T13:05:22.000Z', entityID 'http://fin2079-portal/shibboleth'
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://fin2079-portal/shibboleth' does not require AuthnRequests to be signed
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-06-19 13:05:25,024 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-06-19 13:05:25,025 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-06-19 13:05:25,025 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-06-19 13:05:25,025 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://fin2079-portal/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-06-19 13:05:25,025 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-06-19 13:05:25,025 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-06-19 13:05:25,025 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-06-19 13:05:25,025 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-06-19 13:05:25,026 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-06-19 13:05:25,026 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-06-19 13:05:25,026 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-06-19 13:05:25,026 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-06-19 13:05:25,026 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-06-19 13:05:25,026 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://fin2079-portal/shibboleth
2021-06-19 13:05:25,026 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-06-19 13:05:25,026 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-06-19 13:05:25,026 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-06-19 13:05:25,026 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-06-19 13:05:25,035 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-06-19 13:05:25,036 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-06-19T13:05:25.036Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-06-19 13:05:25,036 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-06-19 13:05:25,039 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-06-19 13:05:25,040 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-06-19 13:05:25,640 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'fin2079-portal'
2021-06-19 13:05:25,640 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-06-19 13:05:25,640 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null