2020-08-06 13:00:11,094 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: s22222cf29d00507471aa97e9479405c39f07f79b7
2020-08-06 13:00:11,094 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:00:11,094 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:00:11,095 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s22222cf29d00507471aa97e9479405c39f07f79b7"
    IsPassive="false" IssueInstant="2020-08-06T13:00:10Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://mydev.cscglobal.com:80/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        SPNameQualifier="http://mydev.cscglobal.com:80/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-08-06 13:00:11,101 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://mydev.cscglobal.com:80/openam' from origin source
2020-08-06 13:00:11,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:00:11,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:00:11,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:00:11,101 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:00:11,101 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:00:11,101 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:00:11,101 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:00:11,101 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://mydev.cscglobal.com:80/openam
2020-08-06 13:00:11,102 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:00:11,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:00:11,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:00:11,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:00:11,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:00:11,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's22222cf29d00507471aa97e9479405c39f07f79b7', issue instant '2020-08-06T13:00:10.000Z', entityID 'http://mydev.cscglobal.com:80/openam'
2020-08-06 13:00:11,103 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://mydev.cscglobal.com:80/openam' does not require AuthnRequests to be signed
2020-08-06 13:00:11,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:00:11,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:00:11,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:00:11,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:00:11,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:00:11,103 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:00:11,103 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:00:11,104 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:00:11,104 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:00:11,104 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:00:11,104 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:00:11,104 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:00:11,104 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:00:11,104 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:00:11,104 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:00:11,104 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:00:11,106 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:00:11,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:00:11,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:00:11,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:00:11,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:00:11,106 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://mydev.cscglobal.com:80/openam
2020-08-06 13:00:11,107 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:00:11,107 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:00:11,107 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:00:11,107 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:00:11,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:00:11,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:00:11.114Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:00:11,114 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No active results available, selecting an inactive flow
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:00:11,115 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:00:11,249 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'mydev.cscglobal.com'
2020-08-06 13:00:11,250 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:00:11,250 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:00:25,964 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: NnT9BSAWBTPh6cbQLCdOUH8UHC4TUw-clB7bpM_P9RJ1JF3nJWRtNpwc
2020-08-06 13:00:25,964 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:00:25,964 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:00:25,964 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://10.1.1.250/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-d1dc055b22071b6f4fada0a980889b3be8c5be2c"
    IssueInstant="2020-08-06T13:00:25.396Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://10.1.1.250/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-08-06 13:00:25,969 - WARN [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Metadata with ID 'https://10.1.1.250/saml/metadata' currently live is expired or otherwise invalid
2020-08-06 13:00:25,970 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://10.1.1.250/saml/metadata' from origin source
2020-08-06 13:00:25,970 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://10.1.1.250/saml/metadata]
2020-08-06 13:00:25,970 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2020-08-06 13:00:25,970 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://10.1.1.250/saml/metadata in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2020-08-06 13:00:25,970 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2020-08-06 13:00:25,970 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://10.1.1.250/saml/metadata
2020-08-06 13:00:25,970 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://10.1.1.250/saml/metadata)
2020-08-06 13:00:25,971 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2020-08-06 13:00:25,971 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-08-06 13:00:26,447 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: _PMwQeOB0gv9kEgk1y8VD6sFhqOfT49_hsN4PGqTuvUBq5cgQw82nSn-
2020-08-06 13:00:26,447 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:00:26,448 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:00:26,448 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://10.1.1.250/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-d908ec5b31b7f9bd65cd48d5c71000cd6a118ffe"
    IssueInstant="2020-08-06T13:00:26.317Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://10.1.1.250/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-08-06 13:00:26,449 - WARN [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Metadata with ID 'https://10.1.1.250/saml/metadata' currently live is expired or otherwise invalid
2020-08-06 13:00:26,449 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://10.1.1.250/saml/metadata' from origin source
2020-08-06 13:00:26,449 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://10.1.1.250/saml/metadata]
2020-08-06 13:00:26,449 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2020-08-06 13:00:26,449 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://10.1.1.250/saml/metadata in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2020-08-06 13:00:26,449 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2020-08-06 13:00:26,449 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://10.1.1.250/saml/metadata
2020-08-06 13:00:26,449 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://10.1.1.250/saml/metadata)
2020-08-06 13:00:26,450 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2020-08-06 13:00:26,450 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-08-06 13:00:45,656 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-08-06 13:00:45,656 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:00:45,656 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:00:45,656 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="a2g7194eg96j08gc3hfj2h2aa8437dd"
    IsPassive="false" IssueInstant="2020-08-06T13:00:41.978Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ottosandboxb2c-saml-sp-poc.azurewebsites.net</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#a2g7194eg96j08gc3hfj2h2aa8437dd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>+E6f/iiC7rjmmcWyzvIOEgFyWxI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>cWa5DT02ItRsUk+RMkKYJHy4OWhXGAOvMlkrUbfO/Ta80hDMt+0SQ0EbmNdbcaJ3cxtUX88hydPhCJyXZSQ76ZNHQmsrTY10ezUFlngvmzyB2jUWRcIypVMlEkqJfi+FMZYUgKEIq2ZULBPtOTswfVJ8KK0taL8z32ZR7AH/zucI3pQ9T+nP9MRsIE01AKxT96cQHnt0z2GgDtnYIBNLri9MZV/A2W7dcQyO15m/JaOGQZjUoDIFzZQeFsm1TfYrvVo+86l9P0QAB1IUeJ3u7tgmKQbYXkZ2sXUD7h30pcFiVQmK5iEG0f22vpAbnSoq4C9Y+cpR2CpLBOMXrBESlA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-08-06 13:00:45,661 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' from origin source
2020-08-06 13:00:45,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:00:45,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:00:45,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:00:45,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:00:45,661 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:00:45,661 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:00:45,661 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:00:45,661 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:00:45,662 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:00:45,662 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:00:45,662 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:00:45,662 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:00:45,662 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:00:45,662 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a2g7194eg96j08gc3hfj2h2aa8437dd', issue instant '2020-08-06T13:00:41.978Z', entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: ottosandboxb2c-saml-sp-poc.azurewebsites.net, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a2g7194eg96j08gc3hfj2h2aa8437dd"
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a2g7194eg96j08gc3hfj2h2aa8437dd and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a2g7194eg96j08gc3hfj2h2aa8437dd"
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a2g7194eg96j08gc3hfj2h2aa8437dd and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a2g7194eg96j08gc3hfj2h2aa8437dd"
2020-08-06 13:00:45,663 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:00:45,663 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:00:45,664 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:00:45,664 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:00:45,664 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:00:45,664 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:00:45,664 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:00:45,665 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:00:45,665 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:00:45,665 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:00:45,665 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:00:45,665 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:00:45,665 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:00:45,665 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:00:45,665 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:00:45,665 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:00:45,665 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:00:45,668 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:00:45,669 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:00:45.669Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:00:45,669 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:00:45,669 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:00:45,669 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:00:45,670 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:00:45,670 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:00:45,670 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:00:45,670 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:00:45,670 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:00:45,670 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:00:45,670 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:00:45,854 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:00:45,854 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:00:45,854 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:01:07,404 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2020-08-06 13:01:07,404 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2020-08-06 13:01:07,404 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1024057500::identifier=morty, context=org.apache.velocity.VelocityContext@242d67c8]
2020-08-06 13:01:07,412 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1024057500::identifier=morty, context=org.apache.velocity.VelocityContext@242d67c8]
2020-08-06 13:01:07,413 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2020-08-06 13:01:07,413 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:01:07,413 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96 for principal morty
2020-08-06 13:01:07,414 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:01:07,415 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:01:07,416 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:07,416 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:01:07,416 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2da4c050'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:01:07,417 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-08-06 13:01:07,559 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'mydev.cscglobal.com'
2020-08-06 13:01:07,559 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:01:07,559 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-08-06 13:01:07,559 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-08-06 13:01:07,559 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:01:07,559 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-08-06 13:01:15,272 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2020-08-06 13:01:15,272 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:01:15,272 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:01:15,273 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_0a8887b8-6cff-46e2-a3de-c65d13e208f5"
    IsPassive="false" IssueInstant="2020-08-06T13:01:14.084Z"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://moveit.eastus.cloudapp.azure.com/6899/</saml:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <Reference URI="#_0a8887b8-6cff-46e2-a3de-c65d13e208f5">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <InclusiveNamespaces
                            PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <DigestValue>I1195HagpSyj0ZTb3yaisp2vrz0hDx+ddWiKiLveJvw=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>TYdEBttBkJIUq6Chs5YG8tAzo/065shI6FU3JQ9Vg4sjBy8VzaiGAnTyTkSyGF292VtCA8on7jhCQ48RO+GSBc+bX+yccL0qtqg0lHvWMHJa5OcKIVN2MiaGFfU8U3A1TyaFrjvFklyI654ldAtRqDuSZEU866YS5rvNHg39MDM=</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIICKTCCAZKgAwIBAgIQZTT+hOyYEbJKTeSyJyyY+TANBgkqhkiG9w0BAQsFADBTMRswGQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNDAyBgNVBAMTK1ZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjAwNzMxMTE0NzU2WhcNMzAwNzMxMTE0NzU2WjBTMRswGQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNDAyBgNVBAMTK1ZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIFNpZ25pbmcgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOzZbddUxFpjK/WG6CTL/u1IDD53+wk5tf8dJvq/z20HWZgZB9Uq/kIeFhRebOz2jA6wcvMVv1GcZ5y9pHaLu7eEQ31osheJmNK7wdZOf3fQ2gQEMjSVC0MkA73M36duMagtjpQNDVVvWBZr4E4R/dOnQRrXforQUuI6DKLWrnvBAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2jzdCoxd1M6IKXd3whOrwBVVD8++xJycVfy/azCW2PpL3D+GqTpqUOFOJVtg6dGFQ5A2PLrA2gHX48jbu+wirC7xU5QbAtikY9PTdaDDJuzR7au7Q6bTlm4cEJEhKr1+HRm2vRJ1oakxSLEDMY2HAyQSSwhLEpwkdafYd+AA39o=</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</samlp:AuthnRequest>

2020-08-06 13:01:15,277 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://moveit.eastus.cloudapp.azure.com/6899/' from origin source
2020-08-06 13:01:15,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:01:15,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:01:15,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:01:15,277 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:01:15,277 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:01:15,277 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:01:15,277 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:01:15,278 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:01:15,278 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:15,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_0a8887b8-6cff-46e2-a3de-c65d13e208f5', issue instant '2020-08-06T13:01:14.084Z', entityID 'https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://moveit.eastus.cloudapp.azure.com/6899/, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://moveit.eastus.cloudapp.azure.com/6899/' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:01:15,279 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:01:15,279 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-08-06 13:01:15,279 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-08-06 13:01:15,279 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:01:15,279 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 166321257288823104771128801066816864313508571863601390543013545133120205785261110610751340234196350511629891146256035820135915146409380604387125098174838064111727943990583480526557772786907140964251568694338643572469666137089175956758574284364261130014857080514325081382197164151047187227455666983789315128257
  public exponent: 65537
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0a8887b8-6cff-46e2-a3de-c65d13e208f5"
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0a8887b8-6cff-46e2-a3de-c65d13e208f5 and Element was [samlp:AuthnRequest: null]
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0a8887b8-6cff-46e2-a3de-c65d13e208f5"
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0a8887b8-6cff-46e2-a3de-c65d13e208f5 and Element was [samlp:AuthnRequest: null]
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_0a8887b8-6cff-46e2-a3de-c65d13e208f5"
2020-08-06 13:01:15,280 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:01:15,280 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:01:15,280 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:01:15,280 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:01:15,280 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:01:15,280 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:01:15,280 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:01:15,280 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:15,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:01:15,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:01:15,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:01:15,280 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:01:15,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:01:15,281 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:01:15,281 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:01:15,281 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:01:15,281 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:01:15,281 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:01:15,281 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:01:15,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:01:15,284 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:01:15.286Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:01:15,286 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:01:15,287 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:01:15,493 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'moveit.eastus.cloudapp.azure.com'
2020-08-06 13:01:15,493 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:01:15,493 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:01:16,993 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-08-06 13:01:16,993 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-08-06 13:01:16,994 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130116Z|http://mydev.cscglobal.com:80/openam|AttributeReleaseConsent|morty|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:http://mydev.cscglobal.com:80/openam, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1628254876994}'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:http://mydev.cscglobal.com:80/openam]' as '["morty:http://mydev.cscglobal.com:80/openam"]'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2da4c050'
2020-08-06 13:01:16,994 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:16,994 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:01:16,995 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:01:16,996 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7
2020-08-06 13:01:16,996 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7 to Response _af6e200ea58f484deebdd19f3891cb16
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-08-06 13:01:16,996 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:16,997 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:01:16,997 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s22222cf29d00507471aa97e9479405c39f07f79b7
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7
2020-08-06 13:01:16,997 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7 did not already contain Conditions, one was added
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:06:16.994Z, to Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7 already contained Conditions, nothing was done
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7 already contained Conditions, nothing was done
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://mydev.cscglobal.com:80/openam as an Audience of the AudienceRestriction
2020-08-06 13:01:16,998 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _ce13ba2bbf6654f6153cfaa0b1d2ece7
2020-08-06 13:01:16,999 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://mydev.cscglobal.com:80/openam to existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:16,999 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:16,999 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:16,999 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:01:16,999 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:01:16,999 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:01:16,999 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-08-06 13:01:16,999 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:01:17,000 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:17,000 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:17,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_af6e200ea58f484deebdd19f3891cb16"
2020-08-06 13:01:17,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _af6e200ea58f484deebdd19f3891cb16 and Element was [saml2p:Response: null]
2020-08-06 13:01:17,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_af6e200ea58f484deebdd19f3891cb16"
2020-08-06 13:01:17,001 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _af6e200ea58f484deebdd19f3891cb16 and Element was [saml2p:Response: null]
2020-08-06 13:01:17,002 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:01:17,002 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp' with encoded value 'http&#x3a;&#x2f;&#x2f;mydev.cscglobal.com&#x3a;80&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2020-08-06 13:01:17,002 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:01:17,003 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 's22222cf29d00507471aa97e9479405c39f07f79b7', encoded as 's22222cf29d00507471aa97e9479405c39f07f79b7'
2020-08-06 13:01:17,004 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    ID="_af6e200ea58f484deebdd19f3891cb16"
    InResponseTo="s22222cf29d00507471aa97e9479405c39f07f79b7"
    IssueInstant="2020-08-06T13:01:16.994Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_af6e200ea58f484deebdd19f3891cb16">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>u7ArtgADd6TlZz35WFFSCGjSMHqsaFCisDwPAE7jeIo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>j4xRvMTpgIKlT/hr9AwqQ0qplPeDWTGevZZz96oMnnVMUY+38ypEttZVFAHinmOyxvFtMSUTuIqjGrmSCbrC5rpn8/483aOsUvk5Po9cN1/PotC9Y+Ctt+joBPj43PIoV2K1IsyBK8SwslAUF6sGp2aV33CluIdfkYHomfbcUzNISZjLi6Hx+rJtDeGr8q2FddMH3m3IPKM+m3DQv8qGfhf42Yq7DttBSXnsXh9arL53HFVCd1G0QGjXVYCYmnCdbxkgZneq/q8VX1zp3fTUM1kV+rxnMRYiuQOjlhyQHoIjEAetzkrScIRPOlwwf9pVLIDLbWIaunaAoZ1SA9P/jg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_ce13ba2bbf6654f6153cfaa0b1d2ece7"
        IssueInstant="2020-08-06T13:01:16.994Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://mydev.cscglobal.com:80/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="s22222cf29d00507471aa97e9479405c39f07f79b7"
                    NotOnOrAfter="2020-08-06T13:06:16.997Z" Recipient="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:01:16.994Z" NotOnOrAfter="2020-08-06T13:06:16.994Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://mydev.cscglobal.com:80/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:01:07.413Z" SessionIndex="_f46546cb2c8ce10b894941a095de04c9">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:01:17,004 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:01:17,004 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130117Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s22222cf29d00507471aa97e9479405c39f07f79b7|http://mydev.cscglobal.com:80/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_af6e200ea58f484deebdd19f3891cb16|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR|_ce13ba2bbf6654f6153cfaa0b1d2ece7|
2020-08-06 13:01:18,295 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: s2ab34db6322a83ed39a3636b823055ea75849c24f
2020-08-06 13:01:18,295 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:01:18,295 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:01:18,295 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s2ab34db6322a83ed39a3636b823055ea75849c24f"
    IsPassive="false" IssueInstant="2020-08-06T13:01:18Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://mydev.cscglobal.com:80/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        SPNameQualifier="http://mydev.cscglobal.com:80/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-08-06 13:01:18,296 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://mydev.cscglobal.com:80/openam' from origin source
2020-08-06 13:01:18,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:01:18,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:01:18,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:01:18,296 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:01:18,296 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:01:18,296 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:01:18,296 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:01:18,297 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:18,297 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:18,297 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:01:18,297 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:18,297 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:18,297 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:01:18,297 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's2ab34db6322a83ed39a3636b823055ea75849c24f', issue instant '2020-08-06T13:01:18.000Z', entityID 'http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:18,298 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://mydev.cscglobal.com:80/openam' does not require AuthnRequests to be signed
2020-08-06 13:01:18,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:01:18,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:01:18,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:01:18,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:01:18,298 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:01:18,298 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:18,298 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:01:18,299 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:01:18,299 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:01:18,299 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:01:18,299 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:18,299 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:01:18,299 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:01:18,300 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:01:18,301 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:01:18.301Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:01:18,301 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-08-06 13:01:18,301 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:01:18,301 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:18,301 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96 to 2020-08-06T14:01:18.301Z
2020-08-06 13:01:18,301 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow or active result compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'morty'
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:18,302 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:01:18,303 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:01:18,304 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:18,304 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:01:18,304 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e401687'
2020-08-06 13:01:18,304 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:18,304 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:18,304 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@d32688' with context 'intercept/attribute-release' and key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:http://mydev.cscglobal.com:80/openam' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1628254876994' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e401687'
2020-08-06 13:01:18,305 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:18,305 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:01:18,306 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:01:18,307 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:01:18,307 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d597387bbb0fb2f49bae3d83d679e71b
2020-08-06 13:01:18,307 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d597387bbb0fb2f49bae3d83d679e71b to Response _c1f5bd3f69fbdc3b20cab58772f4332f
2020-08-06 13:01:18,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d597387bbb0fb2f49bae3d83d679e71b
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-08-06 13:01:18,308 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:18,309 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:01:18,309 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s2ab34db6322a83ed39a3636b823055ea75849c24f
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d597387bbb0fb2f49bae3d83d679e71b
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d597387bbb0fb2f49bae3d83d679e71b did not already contain Conditions, one was added
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:06:18.305Z, to Assertion _d597387bbb0fb2f49bae3d83d679e71b
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d597387bbb0fb2f49bae3d83d679e71b already contained Conditions, nothing was done
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d597387bbb0fb2f49bae3d83d679e71b already contained Conditions, nothing was done
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://mydev.cscglobal.com:80/openam as an Audience of the AudienceRestriction
2020-08-06 13:01:18,309 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d597387bbb0fb2f49bae3d83d679e71b
2020-08-06 13:01:18,310 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://mydev.cscglobal.com:80/openam to existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:18,310 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:18,311 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:18,311 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:18,311 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:18,311 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96: replaced old SPSession for service http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:18,311 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:01:18,311 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:01:18,311 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://mydev.cscglobal.com:80/openam was replaced
2020-08-06 13:01:18,311 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:01:18,311 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:01:18,311 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-08-06 13:01:18,312 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:01:18,313 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:18,313 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:18,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c1f5bd3f69fbdc3b20cab58772f4332f"
2020-08-06 13:01:18,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c1f5bd3f69fbdc3b20cab58772f4332f and Element was [saml2p:Response: null]
2020-08-06 13:01:18,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c1f5bd3f69fbdc3b20cab58772f4332f"
2020-08-06 13:01:18,313 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c1f5bd3f69fbdc3b20cab58772f4332f and Element was [saml2p:Response: null]
2020-08-06 13:01:18,315 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:01:18,315 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp' with encoded value 'http&#x3a;&#x2f;&#x2f;mydev.cscglobal.com&#x3a;80&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2020-08-06 13:01:18,315 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:01:18,315 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 's2ab34db6322a83ed39a3636b823055ea75849c24f', encoded as 's2ab34db6322a83ed39a3636b823055ea75849c24f'
2020-08-06 13:01:18,316 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    ID="_c1f5bd3f69fbdc3b20cab58772f4332f"
    InResponseTo="s2ab34db6322a83ed39a3636b823055ea75849c24f"
    IssueInstant="2020-08-06T13:01:18.305Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c1f5bd3f69fbdc3b20cab58772f4332f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>6MJl53eCjEW52AEap+T+wkbhsVAo6yXDScFtCKKq+zw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>s9l7t0nd23N7BurXbG4ztpddma/ze+6aFfsZ7Un91sfGqHyGX+2n5gh37uOuzPN9r1DuBCFHOXTtx3Yk8wwLZ66zP3Q9lsIV7XTRsoWnABDu+brD86vTkH/f3FLZ87g9kr1fNCvxe8jUUNAsmlc8aPmRG3JDBc4FJPqtprsyKpGEyJ9bKIfNgh4VvbcBfjpkOFqgut/c/DPIwdq28L30BbZWT7vVsg1aLni3ZwjMs8GkSLKRpSbrTh+ynrei8cHgJbBuv72W3Xx2hFOrRsjd9XMDuWSEXKzHJsxMSuNInyOe/lWCAkue6wVMN4m5oN8rAM2ATLHA/hP9sdtFGoWROQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d597387bbb0fb2f49bae3d83d679e71b"
        IssueInstant="2020-08-06T13:01:18.305Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://mydev.cscglobal.com:80/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="s2ab34db6322a83ed39a3636b823055ea75849c24f"
                    NotOnOrAfter="2020-08-06T13:06:18.309Z" Recipient="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:01:18.305Z" NotOnOrAfter="2020-08-06T13:06:18.305Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://mydev.cscglobal.com:80/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:01:07.413Z" SessionIndex="_f105629ee2b91be8906049b0e5005ede">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:01:18,316 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:01:18,316 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130118Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s2ab34db6322a83ed39a3636b823055ea75849c24f|http://mydev.cscglobal.com:80/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c1f5bd3f69fbdc3b20cab58772f4332f|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR|_d597387bbb0fb2f49bae3d83d679e71b|
2020-08-06 13:01:19,234 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: s2b93110c1e9869f36990a7972692d14421e91d152
2020-08-06 13:01:19,234 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:01:19,234 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:01:19,234 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s2b93110c1e9869f36990a7972692d14421e91d152"
    IsPassive="false" IssueInstant="2020-08-06T13:01:19Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://mydev.cscglobal.com:80/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        SPNameQualifier="http://mydev.cscglobal.com:80/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-08-06 13:01:19,235 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:01:19,235 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:01:19,235 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:01:19,235 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:01:19,235 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:01:19,235 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:01:19,235 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:01:19,235 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:19,236 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:19,236 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:01:19,236 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:19,236 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:19,236 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:01:19,236 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's2b93110c1e9869f36990a7972692d14421e91d152', issue instant '2020-08-06T13:01:19.000Z', entityID 'http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:19,236 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://mydev.cscglobal.com:80/openam' does not require AuthnRequests to be signed
2020-08-06 13:01:19,236 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:01:19,237 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:01:19,237 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:01:19,237 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:01:19,237 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:01:19,237 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:01:19,237 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:01:19,237 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:01:19,238 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:01:19,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:01:19,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:01:19,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:01:19,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:01:19,238 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:19,238 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:01:19,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:01:19,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:01:19,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:01:19,239 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:01:19,240 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:01:19.240Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:01:19,240 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-08-06 13:01:19,240 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:01:19,240 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:19,240 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96 to 2020-08-06T14:01:19.240Z
2020-08-06 13:01:19,240 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow or active result compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'morty'
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:19,241 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:01:19,242 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:01:19,243 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:19,243 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:01:19,243 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1c45c165'
2020-08-06 13:01:19,243 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:19,243 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:19,243 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@d32688' with context 'intercept/attribute-release' and key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:http://mydev.cscglobal.com:80/openam' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1628254876994' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1c45c165'
2020-08-06 13:01:19,244 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:19,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:01:19,245 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:01:19,247 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2316776031ec34ca04edd9280ae91fa8
2020-08-06 13:01:19,247 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2316776031ec34ca04edd9280ae91fa8 to Response _9687d173db18428bd939a02931e25e98
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2316776031ec34ca04edd9280ae91fa8
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-08-06 13:01:19,247 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:19,249 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:01:19,249 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s2b93110c1e9869f36990a7972692d14421e91d152
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2316776031ec34ca04edd9280ae91fa8
2020-08-06 13:01:19,249 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2316776031ec34ca04edd9280ae91fa8 did not already contain Conditions, one was added
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:06:19.245Z, to Assertion _2316776031ec34ca04edd9280ae91fa8
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2316776031ec34ca04edd9280ae91fa8 already contained Conditions, nothing was done
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2316776031ec34ca04edd9280ae91fa8 already contained Conditions, nothing was done
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://mydev.cscglobal.com:80/openam as an Audience of the AudienceRestriction
2020-08-06 13:01:19,250 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2316776031ec34ca04edd9280ae91fa8
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://mydev.cscglobal.com:80/openam to existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96: replaced old SPSession for service http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:01:19,251 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://mydev.cscglobal.com:80/openam was replaced
2020-08-06 13:01:19,252 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:01:19,252 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:01:19,252 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-08-06 13:01:19,252 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:01:19,253 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:19,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:19,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9687d173db18428bd939a02931e25e98"
2020-08-06 13:01:19,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9687d173db18428bd939a02931e25e98 and Element was [saml2p:Response: null]
2020-08-06 13:01:19,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9687d173db18428bd939a02931e25e98"
2020-08-06 13:01:19,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9687d173db18428bd939a02931e25e98 and Element was [saml2p:Response: null]
2020-08-06 13:01:19,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:01:19,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp' with encoded value 'http&#x3a;&#x2f;&#x2f;mydev.cscglobal.com&#x3a;80&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2020-08-06 13:01:19,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:01:19,256 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 's2b93110c1e9869f36990a7972692d14421e91d152', encoded as 's2b93110c1e9869f36990a7972692d14421e91d152'
2020-08-06 13:01:19,257 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    ID="_9687d173db18428bd939a02931e25e98"
    InResponseTo="s2b93110c1e9869f36990a7972692d14421e91d152"
    IssueInstant="2020-08-06T13:01:19.245Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_9687d173db18428bd939a02931e25e98">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>EeOW+ZQ82sl1tlOTkuK60NPznK+1VCiWKdnOetfftv0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>AuHmahgRvwTvnKw/ttctatsBpYjDjjGIS2Eh3W2VuNswYT86B9SNQfUhnmtOZxk66BJxO8p/y8ACmj0qfwhXuA5dflvaKO35ZVHUh9TJ3xK7MvCxT5lsggH7wf9hZv+VhtmCKSJWa0mAUywZjPLqkCIhJ6vobsah/u+rmyARgTURL2mEpT8uxKiAtfu6cGhQ8xS6xaC3gFvVHNJcNQ36KomojvCrqJPRBcDX4M7RtfqMprKFvFi58/O5ekzLPDsG+hxYRJUc82LTOn8nSq12N3MmzN33JZU3sAMDEv7f9t/EozE3pSAVE5FvrJieMVaFo8iz0zziDM5fX8GUse9q2A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2316776031ec34ca04edd9280ae91fa8"
        IssueInstant="2020-08-06T13:01:19.245Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://mydev.cscglobal.com:80/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="s2b93110c1e9869f36990a7972692d14421e91d152"
                    NotOnOrAfter="2020-08-06T13:06:19.249Z" Recipient="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:01:19.245Z" NotOnOrAfter="2020-08-06T13:06:19.245Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://mydev.cscglobal.com:80/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:01:07.413Z" SessionIndex="_c5857f7d6ace338dc3e4733924ceeb55">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:01:19,257 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:01:19,257 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130119Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s2b93110c1e9869f36990a7972692d14421e91d152|http://mydev.cscglobal.com:80/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9687d173db18428bd939a02931e25e98|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR|_2316776031ec34ca04edd9280ae91fa8|
2020-08-06 13:01:20,418 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: s28d74db029713c50441b19a32c179b9798627e10d
2020-08-06 13:01:20,418 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:01:20,418 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:01:20,418 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s28d74db029713c50441b19a32c179b9798627e10d"
    IsPassive="false" IssueInstant="2020-08-06T13:01:20Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://mydev.cscglobal.com:80/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
        SPNameQualifier="http://mydev.cscglobal.com:80/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-08-06 13:01:20,422 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:01:20,422 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:01:20,422 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:01:20,422 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:01:20,422 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:01:20,423 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:01:20,423 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:01:20,423 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:20,423 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:20,423 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:01:20,423 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:20,423 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:20,423 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:01:20,424 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's28d74db029713c50441b19a32c179b9798627e10d', issue instant '2020-08-06T13:01:20.000Z', entityID 'http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:20,424 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://mydev.cscglobal.com:80/openam' does not require AuthnRequests to be signed
2020-08-06 13:01:20,424 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:01:20,424 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:01:20,424 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:01:20,424 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:01:20,424 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:01:20,424 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:20,424 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:01:20,425 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:01:20,425 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:01:20,425 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:01:20,425 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:20,425 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:01:20,425 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:01:20,428 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:01:20,429 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:01:20.429Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:01:20,429 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-08-06 13:01:20,429 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:01:20,429 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:20,429 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96 to 2020-08-06T14:01:20.429Z
2020-08-06 13:01:20,429 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow or active result compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'morty'
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:01:20,430 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:01:20,431 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@28a42a7f'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@d32688' with context 'intercept/attribute-release' and key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:http://mydev.cscglobal.com:80/openam' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1628254876994' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:20,432 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:01:20,433 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:01:20,433 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-08-06 13:01:20,433 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@28a42a7f'
2020-08-06 13:01:20,433 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:20,433 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:01:20,433 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:01:20,434 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:01:20,434 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4b3c379210c8a10773afc588cb38c9dd
2020-08-06 13:01:20,434 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4b3c379210c8a10773afc588cb38c9dd to Response _8ec10b5566649f381c365c41de6b4d72
2020-08-06 13:01:20,434 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4b3c379210c8a10773afc588cb38c9dd
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-08-06 13:01:20,435 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:20,436 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:01:20,436 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s28d74db029713c50441b19a32c179b9798627e10d
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4b3c379210c8a10773afc588cb38c9dd
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4b3c379210c8a10773afc588cb38c9dd did not already contain Conditions, one was added
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:06:20.433Z, to Assertion _4b3c379210c8a10773afc588cb38c9dd
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4b3c379210c8a10773afc588cb38c9dd already contained Conditions, nothing was done
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4b3c379210c8a10773afc588cb38c9dd already contained Conditions, nothing was done
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://mydev.cscglobal.com:80/openam as an Audience of the AudienceRestriction
2020-08-06 13:01:20,436 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4b3c379210c8a10773afc588cb38c9dd
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://mydev.cscglobal.com:80/openam to existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96: replaced old SPSession for service http://mydev.cscglobal.com:80/openam
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:01:20,439 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://mydev.cscglobal.com:80/openam was replaced
2020-08-06 13:01:20,439 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:01:20,440 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:01:20,440 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-08-06 13:01:20,440 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:01:20,441 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:20,441 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:01:20,441 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8ec10b5566649f381c365c41de6b4d72"
2020-08-06 13:01:20,441 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8ec10b5566649f381c365c41de6b4d72 and Element was [saml2p:Response: null]
2020-08-06 13:01:20,441 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8ec10b5566649f381c365c41de6b4d72"
2020-08-06 13:01:20,441 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8ec10b5566649f381c365c41de6b4d72 and Element was [saml2p:Response: null]
2020-08-06 13:01:20,443 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:01:20,443 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp' with encoded value 'http&#x3a;&#x2f;&#x2f;mydev.cscglobal.com&#x3a;80&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2020-08-06 13:01:20,443 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:01:20,443 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 's28d74db029713c50441b19a32c179b9798627e10d', encoded as 's28d74db029713c50441b19a32c179b9798627e10d'
2020-08-06 13:01:20,444 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    ID="_8ec10b5566649f381c365c41de6b4d72"
    InResponseTo="s28d74db029713c50441b19a32c179b9798627e10d"
    IssueInstant="2020-08-06T13:01:20.433Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8ec10b5566649f381c365c41de6b4d72">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>az1xdvtJXVJfTZDQgP10GThEjp0hE/EvK7A1lSMcDCg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>cx3pozk2EG8KHulNQ+1FHLzW5gpwEQClX/jfLO7ATWV/0tf0Mn12Msw2LopnegxIJDNNAOZQORQ/KOgkgZDsar67jQ5lLtdVYKpHelRd8QSDFH2y4nuchV6Mz3pby4tXSxf13pZKW5Df1La3JJ8ZdaLWgttx+8fxTsDv/VIaMiVVN5T75OIixz5q/TQbfLwLtWkZiKRlBdDwRBl5gB9jEGLpQ+txKaRR5R2hz9cRhyMrahGdX0vgkMTdcDdyai1f5/Q3ik6hRRK6Sqadk4aoSHdGokeuLQsfURwRf7OuL0wWRI6Il+rNtmiA57n1S97nKQdwPijJhPOAFmX2a5zASg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4b3c379210c8a10773afc588cb38c9dd"
        IssueInstant="2020-08-06T13:01:20.433Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://mydev.cscglobal.com:80/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="s28d74db029713c50441b19a32c179b9798627e10d"
                    NotOnOrAfter="2020-08-06T13:06:20.436Z" Recipient="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:01:20.433Z" NotOnOrAfter="2020-08-06T13:06:20.433Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://mydev.cscglobal.com:80/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:01:07.413Z" SessionIndex="_35c77cfd6dc8a159252b803e74d26133">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:01:20,444 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:01:20,444 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130120Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s28d74db029713c50441b19a32c179b9798627e10d|http://mydev.cscglobal.com:80/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8ec10b5566649f381c365c41de6b4d72|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR|_4b3c379210c8a10773afc588cb38c9dd|
2020-08-06 13:01:31,469 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-08-06 13:01:31,469 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-08-06 13:01:31,470 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:01:31,470 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1752856946::identifier=rick, context=org.apache.velocity.VelocityContext@53cf2fc5]
2020-08-06 13:01:31,476 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1752856946::identifier=rick, context=org.apache.velocity.VelocityContext@53cf2fc5]
2020-08-06 13:01:31,477 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:01:31,477 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:01:31,477 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:01:31,477 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:01:31,477 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:01:31,477 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:01:31,478 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:01:31,478 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 01e7bf3cae795738c42c1308445988cca2d3f90790ec3ca4f6089e3dfbae9f89 for principal rick
2020-08-06 13:01:31,478 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:01:31,479 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@12567f98'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Deleted consent storage record with context 'intercept/attribute-release' and key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@533c0b39' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@533c0b39' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '["rick:https://moveit.eastus.cloudapp.azure.com/6899/"]' expiration 'null' as '[rick:https://moveit.eastus.cloudapp.azure.com/6899/]'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Updating storage index by removing key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[]' as '[]'
2020-08-06 13:01:31,480 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130131Z|https://moveit.eastus.cloudapp.azure.com/6899/|ClearAttributeReleaseConsent|rick|||
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@533c0b39' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@533c0b39' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:01:31,480 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Storage key 'rick' not indexed, nothing to do
2020-08-06 13:01:31,481 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:01:31,481 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-08-06 13:01:31,688 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'moveit.eastus.cloudapp.azure.com'
2020-08-06 13:01:31,688 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:01:31,688 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-08-06 13:01:31,688 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-08-06 13:01:31,688 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:01:31,688 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, Vladislav Antonyuk
2020-08-06 13:01:34,536 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-08-06 13:01:34,536 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-08-06 13:01:34,537 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130134Z|https://moveit.eastus.cloudapp.azure.com/6899/|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://moveit.eastus.cloudapp.azure.com/6899/, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1628254894537}'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@533c0b39' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@533c0b39' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@533c0b39' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Updating storage index by adding key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://moveit.eastus.cloudapp.azure.com/6899/]' as '["rick:https://moveit.eastus.cloudapp.azure.com/6899/"]'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@12567f98'
2020-08-06 13:01:34,537 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:34,537 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:01:34,538 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:01:34,539 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _3513e401f884fcb446ae502b1731c455
2020-08-06 13:01:34,539 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _3513e401f884fcb446ae502b1731c455 to Response _d9fb12a1c9472cf648e20c05d2385db7
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _3513e401f884fcb446ae502b1731c455
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:01:34,539 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2020-08-06 13:01:34,540 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-08-06 13:01:34,540 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:34,540 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:01:34,540 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _0a8887b8-6cff-46e2-a3de-c65d13e208f5
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:01:34,540 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _3513e401f884fcb446ae502b1731c455
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _3513e401f884fcb446ae502b1731c455 did not already contain Conditions, one was added
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:06:34.537Z, to Assertion _3513e401f884fcb446ae502b1731c455
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _3513e401f884fcb446ae502b1731c455 already contained Conditions, nothing was done
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _3513e401f884fcb446ae502b1731c455 already contained Conditions, nothing was done
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://moveit.eastus.cloudapp.azure.com/6899/ as an Audience of the AudienceRestriction
2020-08-06 13:01:34,541 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _3513e401f884fcb446ae502b1731c455
2020-08-06 13:01:34,542 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://moveit.eastus.cloudapp.azure.com/6899/ to existing session 01e7bf3cae795738c42c1308445988cca2d3f90790ec3ca4f6089e3dfbae9f89
2020-08-06 13:01:34,542 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://moveit.eastus.cloudapp.azure.com/6899/ in session 01e7bf3cae795738c42c1308445988cca2d3f90790ec3ca4f6089e3dfbae9f89
2020-08-06 13:01:34,542 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:01:34,542 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://moveit.eastus.cloudapp.azure.com/6899/ and key TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL
2020-08-06 13:01:34,542 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:01:34,542 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:01:34,543 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3513e401f884fcb446ae502b1731c455"
2020-08-06 13:01:34,543 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3513e401f884fcb446ae502b1731c455 and Element was [saml2:Assertion: null]
2020-08-06 13:01:34,543 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3513e401f884fcb446ae502b1731c455"
2020-08-06 13:01:34,543 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3513e401f884fcb446ae502b1731c455 and Element was [saml2:Assertion: null]
2020-08-06 13:01:34,545 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_d9fb12a1c9472cf648e20c05d2385db7"
    InResponseTo="_0a8887b8-6cff-46e2-a3de-c65d13e208f5"
    IssueInstant="2020-08-06T13:01:34.537Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_3513e401f884fcb446ae502b1731c455"
        IssueInstant="2020-08-06T13:01:34.537Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_3513e401f884fcb446ae502b1731c455">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>P0rLjjKc0wk3YyblBORMdjaANDXrXy0uq4DVjtgiDKI=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>VE6OYw+t0WXwm0co9aW455X+4CqUDod9Qh102pi1hKMuqbZF9h9Kkkn5SFEJy/MTH6lMAEKhiDCTCWzNsdOtwICXrkC7iIw9uesWGASfLHZ63FVM0uSKr6uZ6b94+UmxL638ElUXciVV1gaoeQgJVll2qxiqBl24Y9/gXr1XgI5/wW+JGlr2nfMK+MVAsxj2BgYcm0cXkiiKSOD+f23ovFnLf00YqNeMF3j8sV8LnkRMUqzw4xtJqKvFajBEcZ6J7fxeIaQyInmjHyQNvrb3NYL55xPM/mR9a1GFAOoPd/tofDZa73ZD49vHLgrJYtBp1ebEgZSNWdHTgcHElozFDw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://moveit.eastus.cloudapp.azure.com/6899/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_0a8887b8-6cff-46e2-a3de-c65d13e208f5"
                    NotOnOrAfter="2020-08-06T13:06:34.540Z" Recipient="https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:01:34.537Z" NotOnOrAfter="2020-08-06T13:06:34.537Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://moveit.eastus.cloudapp.azure.com/6899/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:01:31.477Z" SessionIndex="_2ab7504eb3b9f5e93bda6f5a3ca7ae26">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:01:34,546 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:01:34,546 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:01:34,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d9fb12a1c9472cf648e20c05d2385db7"
2020-08-06 13:01:34,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d9fb12a1c9472cf648e20c05d2385db7 and Element was [saml2p:Response: null]
2020-08-06 13:01:34,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d9fb12a1c9472cf648e20c05d2385db7"
2020-08-06 13:01:34,547 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d9fb12a1c9472cf648e20c05d2385db7 and Element was [saml2p:Response: null]
2020-08-06 13:01:34,549 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:01:34,549 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post' with encoded value 'https&#x3a;&#x2f;&#x2f;moveit.eastus.cloudapp.azure.com&#x2f;6899&#x2f;SAML&#x2f;SSO&#x2f;HTTP-Post'
2020-08-06 13:01:34,549 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:01:34,549 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2020-08-06 13:01:34,549 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', encoded as 'orgid&#x3d;6899&amp;client&#x3d;mobile&amp;code_challenge&#x3d;e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
2020-08-06 13:01:34,551 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post"
    ID="_d9fb12a1c9472cf648e20c05d2385db7"
    InResponseTo="_0a8887b8-6cff-46e2-a3de-c65d13e208f5"
    IssueInstant="2020-08-06T13:01:34.537Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d9fb12a1c9472cf648e20c05d2385db7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>1lF+kYHQcMKLxadTv8/RRd8iu+111/YFnG0TrHvqgno=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>KLXNd/QG8hBze7fQLEaZhagmFF5XOg0jL7QlCuGQLEErjLjg8J38ZhMvw9qVG2Rql59cox9ND4ub7tY4kzlPZ1OoqLOqrNBxRnFujX2E6pQdr1vxkdv1e9BnC8+HCE7i69T7PZLUVY4OkozKUZfI3ZOaH/xZJXXQfXDJR5OucjC6T2TsnvSkfRg9suEfnPedjHyYLpbeCY4YbFEt/UzxE7yP2aWCq9akB4SOQFcFwm1v7GwG2OzBbjWlidjF0m3tvY5i0zMrsp2asbo64Bjta+FwMUXoLqqqBhTOz0qGxKpAgBJeQwxDM85AcOReq/9lL+nEwDe/t9BD0lUCyYC0gQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_a4e96e507ea0c6f0900699743ceeb418"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_69458abb26debaf6db5938a3b96279e8"
                    Recipient="https://moveit.eastus.cloudapp.azure.com/6899/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLzCCAZigAwIBAgIQGS/tfqYYp7JLXvwRDoOZvjANBgkqhkiG9w0BAQsFADBWMRswGQYDVQQK
ExJWbGFkaXNsYXYgQW50b255dWsxNzA1BgNVBAMTLlZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIEVu
Y3J5cHRpb24gQ2VydGlmaWNhdGUwHhcNMjAwNzMxMTE0ODAwWhcNMzAwNzMxMTE0ODAwWjBWMRsw
GQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNzA1BgNVBAMTLlZsYWRpc2xhdiBBbnRvbnl1ayBT
QU1MIEVuY3J5cHRpb24gQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOBI
1FVyGFDyO1MbVBUyahoC7/byKW/jyKBFUJvYGZB8SHkzU1TMwrQlIdXtx9cqC2wjMISR+0hq25Jg
GoP5pkuQN2xsJ8UAaepiRsbRY+EswFAy8+/LbX2kRihz1Zq2bb6hgxiei2BYP0eyxZjQgLS0xCH0
cPecYLf2/J/Nsg5FAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAXfIFbNRJotIUX1fSketKvtLDhHcM
zQeempKN1k4Np+wRPV7KNA8AACxO4u4/dXmmxKdmy5U4XeuPranlJimI7QwrZ9+/opqBQz/1sZsi
nH36IH0E3PlIK9/+9hOMn6zaBLBi816L+i28vlgDchynmSf8guzQpO3Vl6zkU1jWYwE=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>fppXVKBJxzwWwTz7kyfhoGnNbTO2Xc/HtzG/ko/h0bmtocDQlhQaWZ6/nLr6DDO7eOi+dMYDP7Vip+Du6y9Pm5YF/HapJ9YTpZU1v+TPUEH0yuBhbbnAWqg98pLky5V19VaSITXf7Rv5LngXgAyDwM48ziVO3OnwI1OgY7OoM9k=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>vvMvBaSlaXw8QHUp34myR0JUxbV1S10b8MQGPCO5lf11dT+0R2rBTzg0TTKN7VcCuqjGUkjkccXMIOHVgdrbd4/49zyoIC3Ium0XfettBeCFflQw/YGz5DQlyn77avFK1plpfGGpH3AH24mXcavx7L1wjvuK5yCdNeQ3JKuy5suDTPPP/O9BdSgnYZ7B2eEfDie6RT9aY7lb2MFJwkku8XjhWroi0pYQKeNKfAC+20Qv7ddF93KWEg/vYElds9o+pZj0D+JRO1tWS2NZE+M4WewWSY+Ikz9oQQ/XnFz4qgh1NtGqtuh+VduFYevMjem0dVkU2gizJIrjVE9FlI9XbUxAPb1ugQRNXBk4qtkolIFQPUvTi9L+sE24wqQvRONdmlGFZUYSzmJB/CCmon0Uz3gRrswtzXfcG7QTAKrM845ES2OslkUbc1G/JNo0kEhbcDwmTSazwUYD0+eKQZ92eP+3n/CRt9cQxSNcxHVPQ3VIRcl6JBdvQVVTg9BqrPwDyOvZ0AQ4YBH9bXTRsNyrKJnx3cOdBmtJLIZ3IY0tzMgS0WifIXAn0P9hv+lBb7tIu9BGHYCvTAnI4jRJXkJ1+gWrXouOfLPqD0oCC0fgMxuiyqMSTxAExVXYJRtHS1nzAp6x/couTFlBnv8moruzyhmUxRwCRXF84yNxyEMutte/QHl1x9IAegh/9ziepYyWnLyUdBjPbGE9oDGTQratByFiPvXggjLYbJ4ndANjUJKmFR+Mumufh2vT4p78WeD39e811lcWIrM8ZYxjfXN+8Q8tfUT0NRimDj0G1Irthih9/V9R103ROxjW8vlvg/lWdGrL31wVAupqVXl8R1yY+QIM0qeLid2dseJ1Wd3nTho6Vvp9qfzSIWUFcAPH1J81PT3AJSQoa61cUwW/CtgaKGP7/Pwhz9GVr5jHvRvKIwHBpR01jlxNDthzJ5KklHt2PiI0L2MpQcqfY0X9vo04JaWXV59i77N8ld1Jmk0WYKQXojy6sgMDZPZJUvdYAW0BcKylVIBF8XlzJt3rXolbuHzdiSFtGHkTEmmBhINmwSlwiE4ri1XfKssYKw8ZLLiUrdZNXtU1M2dKVk4Zmmlh2jN4mGb0uuNu0VDpQqi3N5ENBOrZT7b1lF9T0GC1QJdtFq3bW1NUFQ+RkG5gSY62JSuZjLsFVl65lVc5evINH9i2/JafCzFKA2dRyhIDlTxiInJa2teLwKwbVZxVA8hbN/8fwIVrIHTi7n9gELbE3fOvaVQLkVOtrfGnk72pUchihZQdwTDP9IyqZG8s8g+gODSV/aVIUknvAMhMdo13IDePhCxTzto7MCXkpdHRmgkuyyqoPlugW1jAjizD+p61QP3r6PzPlYFV9ztDGXDuUsXdXgZkgwNJXpdAbbEYIHdm1Gf08NLpgv9eZ1PPZtMt+ABXHe1fzeyHvDIL+EHsm/GyICgCv3WpwYEEB2XqhOLdThsTBz1Sgii/5pHj6dpuo6Bs/sFVLbBuhGf0t5/ukr3+HUBoNoBrMcovw/pkrYpOpLV50WyypIMyoQRINkmDR2g+UNX2sGLCNpJVqxhjqGbNeNT1h07V9UttJwFT+Cz48h4ACysEwsV9WjUM9lAoHEHmR/wl0KRXxPSaMQithIhRSbQfDJqc2f4pp1Toj4nrGSw6PZQ6HJVloVTP8BPMHGBGAQ15BbNfg5XSH62ndU170QbfSWnAOXdCfSG9P7D2iXhL1K17f6iqsq5ckWXleW0KtZE4P7S0wXuCd1+idcHdn1KYZXEy/k4n2E91xUEGl9jNAvnFCBoJyupEWK0JPVIt8RxXLe8KXPFocqymLWxocBlQuYgiKRtr/gTVG739MWaaU+pQSnGPBdey1ZhykmwbmMx8zPe75I/6Clhz2TXu89J1UV3qyVLjHBJPGB+Z3TOalfGt+4FqDcQ/XUyhH+fu7YcZQ7B9w4k8sljz/EyqRokVwMAR6CXZdUmlHh2D4MFsjMxYSkoEbFtzpOUC4WbS3dy/CxFYDp8KWIS7BG3ro+W6rNzSs9xOEBhL2RY4Mh2d88uIpXy6CHfp0ivO4vGCJcHSkgfLQNPbWnppim1ZxBNKTEuJ0VIajgIQouq4YE7sU+1ZrkeDdrkdv2kRNbYbH/yAz5l6O+X88JGGNKwkX0pErFk6VfOcBNfARFUTCzC9Tj9cukjqKv4Quy9FqjxOaq81hFhutSx1TwV2G1Yr0DUlsjbrAPKpo8ETFRZG+gz8iP8Es2AsCjcjVPGaHAlMKOStoX9HCj58Hw0AZTu89XdtqqPoHg8LJREFCQzzDH7KzJ5KA1C8HURNw2t1UnsVNxf5l0gz9Vv93SBgVmTehCrXrUGoim1vHz80xabwQH3qDQfV3HHeAKrhKWgZTGiLjFYirWYhjIzLQr2T4wlaAY6o7VqJbFfDgpbVL7DUKXhbMobEK+axJ6I5BzZNKju/xohvLpy21pQpbYjvmUJ39XYRcdTaNj0tN1B5iG/6kXHDQYxOy1cYloPtjvHq0U/Izn2mGu0XhKTdd2zs/vLgnbUxb15oDM4e+38+dTEzcAP6YkqnygZYVi4SunavgYPoTH7zsdB2SpOPcLMCXT9S39YEiRBjlQ611ieejN6ipyIUXtZwM0CcgUUCGv0URI//z7DIHyBF/IIvmRlBp8H1V3yIf62ybosT422g+aOYTE17cv6N/s1voD38EzrHsqKeBwGYD/KfldNEv50wXJx22VubgX3brKl84wlSOsj177ktP7ah62AngUbrJU7bsubAC/nUQE8W5r752fotRKpwlm+hDGY7fHgCC2gZVfdV44GHbYOcPgii++fmnINUOJ3H+zjN91LFDFw8Nd5XmL8JbhP/E8LLn0aKS0ukCN3zbFS8tnG1YbnijqHc+xuVWjwymrOINkWUeYcMSWTmCeugy7tuH7D9YTzfP+QjM7HO8A1f7ylsxRM1R5OkZsirK/WXyyowh2OTn0FO6zpipTQQIs+F/czkLsBctTxuzmXb7xgNaChLZ9APAC35BLa1nLfDGB66M5PAU/O1/T/lnl8Zyw5VjefE6isoTQRKu6Rlb5mLE9rUB1SALC6GyrCaSTdJorSVRMcB2HRNnd+sWZ1VwPYSKar3XdeMCs9sIjtR8jpPUxE4TZlaXvskQM1yxQ6JyZpxsBjyRAF0oCsABFjOYgSDb+WDmcQkOREY151N1stiw6lizEpPu7Ggaqy3JzNBdVt222y6cAMML2TXQ8bRes1DUt9u1Xf4ExwQm4ELI/mcRRB7H+LpRPdSXWpmcr0fs7eW/x98UOx55/Vw+R9Pyy0VJ4sFr23a4O7tGRt4YldoV39SDZI3+jiy4O1seLYX4PJLl3rKxr4qBY46y7qXBG/Cbnw8T2BDmzoe6GT5ekB2IH3PAknBZ7jmSUhq0qqVnehoNf2jDJY3bcpnq5zpqY9J/r/DAED/uN1l+GjW3QCsB7HYUnWHlGfaUtcm7GvdzbQ7ZKs774HXbVefTXl4ALNSYLqePAov+o6OlyJgdFPL13pQzNo5eHsUtcb5oNptj1fwsoxjpVcbGEH3m1u/161gcBWP6lia0mm1wiuPwOj11zjvbMLDVubbGariKFMFBapUfFINNJALlCVffx4GtRw/3xPa1MFgYzoucdD7P9jUr2yO1S0vmXaEAMO1Gmp9+GvTuRffPiw2fK5vpNH24wztqKXtZyCr72w+UPR35qvt9gSk+ejS7X6IBOUdO09JZu1GPObDHv4CmiyAYarJV/dEHTNLtIuhrr4roBejihW6QsHXKG3+/FoMXIYEe4nqW13ah5Yu9Mc6J9zfx1q/BcwMIOYHAgbTY4fwjh1crJEhSsFQ6MnwpZEQM/87nj1FKwQV6W0c7OBvZEeLjaeuP4wjLVDVFpekRm3AtACWgdnHPFU6btIiNpqKs8YB8bN46wrBrMucMyvvQAkqV6txt0u8fRH1AYPNzlu28bYn/8cHitG7EiABqAsMpUmz7VHwJoyB9jWnDV+WICC405Nf0NvYKPYcKsaSuI5nxtgSMAeFrQi0QhWtL7eoispwN9yYlo4V9L0+kQLEUdVcfs++aecF6HULN9R1ZBjzj+MEETjdXKHPOKAnrq01kkvBYZrE/L9FKx1M3dqi19k2GdNxyohtwpoCMbBoMw5M3VpKo/tK4UEXk9173mPw/ppWT9PpYbUkqZi77gnwcEKdGi36cxQd0VMDH5hDvuGmwcasSsCbonITDh82w47h8hj8dGJ+Lby2kP9Sa2VkqVt/WOUV2oMQuhfOuTbO/bxzwOEvfATrwIOuETXeZ/k+qBFspwWcujWMgyMWYZoy403Fz/ui+/Die87TOCOV9aoyTJHQPZb8Bk4i2aY25+K1N2Nr80KuCm9a59lq03gIgiHLLOp/1onjnPpV878fujgKNxnWw9V7b0LfoPHJGm71RU34BCsFKYiY6rRx57VIoUavYJr6jdKqmWrZOUuDJBb2T3Jjfo2JBDeWxTWMJ4GLtd7+zbVRe5uHY8RxXuNx9c/F5DYz5dqlkLL29f2N1Tuz571r0kqtBejCSBkny0lOj5TsIjpWCS1d1Wb554B6FOdSb1ojewtBXfme7SagK9bvDnCMqcIeP/0EPUOBApji8LKLnPKyp76XGRW1VrKeCxj4LD9zAlqmIbSupdjJgNr2s7eZjyCl83QrxaWIXZj0l58Gz16y5CVipduVIwJq4OrLfoTTtvYzrnm+VFDROpCg1r7lifpHEILEyC0K65DrLCtKifVUA9clV9ldzh1TnGPZWuwY+GKUQFY/NT3c3cDAf3ixIrd2TAsQYe3DUbvnTb1ZEG2T77dHMltk0cupikJ6WltrCIBSjuzb3IlrgJsTf37HHfZa4HPbnkSmR1fDAkpG2+lEDv4HQA2IxATR9vBlNGKuXBPhccMLifsVwlkvEe9vpMLwiW4TkXauRCEquM9bTBPwPFSl3GWdTx5bW68JspE7O2ORvvr7N1U3zmmHPSEvAljbUV5He1VcWDuBzXGv5Sx9JZrSgin01UB1/BJnbtiVoyt8dnQUBKZ2Bls33eSDxYY/OWkM/mCVGObqoING7j/9h/E4HP3WiZkmA2ABLiJVIMRSTk3jKnXfOe5ynzm7cXcmEHBaYMQhE0nZqyEt293QQKnnrI2fX2qxzq2mAdSCgDhWyxS+QjoQjhijDNiS4Pn0JTlOXaNnRkf/IYyWzvHJt/76Nn3Zk44kjhYUmc/wPOqgtLyI8uujgHpo2EvU2wrIscjmPtSmGdtWrNuWvOp5dEuG4U7JQL/lWoNRsHhfNf2SNieaMcrbAaQ5Ggcd9yRnbwS99Mm/0H1iynpUcz5/8bcVR9YEQS+mFbzwJAEgBySSXOuq5UW/qMJAR9vG084YZ12J7M7djAviGmffGI+h21E5nYywgq7jbheHwxX9u29jLTubbfQbT/5bbNFo2ai9aimyb2ksM1y4/kxHJ3xVQPgwOZ30EU3/zTFnn5EO2emIKD9brgCD1I3Q3B46X1SIJrv1u1g7V+lvTNIZBNJAi26ea7wYkk0f+XazYtH3iMSHVF3ObA9Re+8BEk9wKqNA9/VLfRui+Ynr0JucVK/5RfzUG+FcR8nkI2YcuccIZm/xkMpAqV3rAsRMOA4ADrlUKAhsCs9IqXZ2SVaNpsc2DgV3fT1kDlUM0MNUE2jLTnD1A0GoHOLUVc+5PNjnPDYXv0BvAxz7UEhNLMzGwTFgkBaee079Ip5fZ3cmVkaD2Fex5FE1oV6qItntTNa+ela0OUdMtBq2yst1KKyoRHTbMc3Aoz1LGWBVATKkSzxgbbljhxHD0VWOSWlw6bfihmUHqsaIVSr2BIgus0RObCpb6eWZ6FqtXhCbV+W6SJjs6uttIfCBSIvZ4VNYqZWyD/d15RQK2f+lNWDBfSF6lLK23t7FiTPQEq50xCYo9JQ9jfiuaFsAnp1TCsDQPnDejA7nGF7AOSq4R9zvfXs6G6JdpvN7OzpVDkIpcjXmL85d/0xIJ2KIPBM1xCJacMYgLvbaYHr+95QlOQwwXXujTGC5XRCPPcUocFnKHcMJsyUikZZZRfA3j/mB+3jmL0HO0Plo+065mV109lAxbUbwCjAgnDcZ9ZCUHaZaMR6PyjQKs4R5YeZa5pdShS7rRjufI5+4Eal8upnelNdjgR85aLSWIkUHHEMdSeFGNfcvvcgWjy79Eyd4FTXKagxGZifM0rwuwhcaYyboRHvzsE04yLKrHm2kkOdv+fo/g8yAoFlEN9LnHuARCbeqnn9VhzBpk/VS0QTsvMdBVmDI/YKjXpjx4IgsCpha1G/CQWavO5aL0gDUAjwlmwkJGN/jsgPc+WtvZcfBKvLjDfBj5+O7ajJwHWUp0e8egmwMXS+UdPAkeGH3U4XchAWEXE/yw2u68r7JpGcwci3orJgBbWSvKgoT5Qem+YGswQT4xcxDLo+IgpYjHbMbyQk8357N4KiT1D/IKiNdJEKrfg3/Pr7BTG4kpIZgbI0LX9n4dOikR/DgEWGYGIJhPj9tn051i1V2CpsbfchdaWs6yAhhzM2Y5Asswgw6iAQ3QsKcHfxV9GpAF704vXoK7w4NL8lsSUWhSNDV993adcs/xnW20mTu1nmJDdu5nRKMjUslf9QG0IQEW98+IN0hwnguD2Zd4PgjQQ6WwMIwsTX8tAziRVvDN5HbykPLJCEgoqlh54NRd54DPYSuOdiAHb+Nsyo3eIBXu1h1JNvQAWiEbCd0e8VlwbLjmctmCRHUL+weQnGNRf469c3biSjHY5VRAdO5SWUtQyQIUwAIo9y3EFcqJpKz/QjjTZYCvstebFP03kUppPt51JlY3wlaSPrnKibccamvc5VK3Ya2XHPZNWolg61nr65THpX+HEWhaOnqMuniJXW0AVolR+XVP9FZSQEG7mZ5mPrvQdW+XpCK1rm7dT/RsCViKqaPDEE2jT45HXR+2BcpeRrAonUiVKaI/hqShY78Ep7RIswXJDRf32k5YQCMDSXKV9MUEJEoS7901Z6ypRr+X5k9oA7S8AnGtuIobgQVcIaQ/G0PkQFEfojoyP7hlLTyHn98o3OBrgcFZmQklVXTmBIuqY48dCNZSu7PNJHb3oF2gm71KtHTAlkEoBV4ORRVN8o5LUQd237LoosikHeMfIkE3jdBUI89KgNw52daTjDOkaWvxrqXQIPje7BmwRuW6shj3o4xSZQu0FT8GAGNoDIWef0SI6EhzOViIG7aRJNSADiEhvv5tZtRq43Qlz9kpuYamrPpC0RfX/8oD/D5RtfSZBATPFxmNnujXC/xR0R7qC7PtThsv2lXukoIJoclZMtP9swv+KJ2Wy/sZx5Jzo5DuRR2AUWFyXteifjfAL0ozUGueZTI6lCf3xxUVl3goaOwI4JXTAqTylFp40SfTmzlxncvb0VJ9lgWnJzNEb1cH96DfeBfdv5duW+BBZ9ijjGeXo03ndSRxJgDfHd+h7ZbIeUmInD/NE/K1O7/+GSV+bpB6n806DT3ShcV+TSd77SuuNLI3Dx9gthQqnzM+VLeJ01+P325+ryBgCZ80uKwws9YZpfuCUz8IU9FiZce7gt631PhfIcfYyLDyl8cD9ZmIm5SISiFlqc90PBqJoyKParBCv6IrYG2M4EfPrbUmdpy3Gkg9VysGZY4x08QA6K+45pBwiwnoKPZmgiSoWuf8IcEZ1sgdc+yH24eEC9QP2pFnO5lNbX79eVMuyO5eMET/L/W42Pv7IWf3OUpoDUx67FI6iuBGSo2pwKqUShakwtEUnKuTk7iRKcLJBPXBPNEPZsc88Xsn2u43Vdur69f8BE11wRm7T7z7aooUEvbMPZjOVUz8/fFt3UXOQM=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-08-06 13:01:34,551 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:01:34,551 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130134Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_0a8887b8-6cff-46e2-a3de-c65d13e208f5|https://moveit.eastus.cloudapp.azure.com/6899/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d9fb12a1c9472cf648e20c05d2385db7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL|_3513e401f884fcb446ae502b1731c455|
2020-08-06 13:01:45,976 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://34.249.24.65/?XDEBUG_SESSION_START=phpstorm
2020-08-06 13:01:45,976 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:01:45,977 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:01:45,977 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://34.249.24.65/mellon/postResponse"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_BF3B89F5563FEE335F287ADE614FE0D8"
    IsPassive="false" IssueInstant="2020-08-06T13:01:45Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://34.249.24.65</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-08-06 13:01:45,982 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://34.249.24.65' from origin source
2020-08-06 13:01:45,982 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:01:45,982 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:01:45,982 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:01:45,982 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:01:45,982 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:01:45,982 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:01:45,982 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:01:45,982 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://34.249.24.65
2020-08-06 13:01:45,982 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_BF3B89F5563FEE335F287ADE614FE0D8', issue instant '2020-08-06T13:01:45.000Z', entityID 'http://34.249.24.65'
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://34.249.24.65' does not require AuthnRequests to be signed
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:01:45,983 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:01:45,984 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://34.249.24.65/mellon/postResponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:01:45,984 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:01:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:01:45,985 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:01:45,985 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:01:45,985 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:01:45,985 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:01:45,985 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:01:45,985 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://34.249.24.65
2020-08-06 13:01:45,985 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:01:45,985 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:01:45,985 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:01:45,985 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:01:45,988 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:01:45,988 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:01:45.988Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:01:45,988 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:01:45,988 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:01:45,988 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:01:45,989 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:01:45,989 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:01:45,989 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:01:45,989 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:01:45,989 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:01:45,989 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:01:45,989 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:01:46,839 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '34.249.24.65'
2020-08-06 13:01:46,839 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:01:46,839 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:02:55,487 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://localhost:8080/saml/SSO
2020-08-06 13:02:55,487 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:02:55,487 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:02:55,487 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:9000/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="a16i31cd3d7024b74b1h45986985a90"
    IsPassive="false" IssueInstant="2020-08-06T13:02:54.345Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">com:vdenotaris:spring:sp</saml2:Issuer>
</saml2p:AuthnRequest>

2020-08-06 13:02:55,492 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'com:vdenotaris:spring:sp' from origin source
2020-08-06 13:02:55,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:02:55,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:02:55,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:02:55,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:02:55,492 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:02:55,492 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:02:55,492 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:02:55,492 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer com:vdenotaris:spring:sp
2020-08-06 13:02:55,493 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:02:55,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:02:55,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:02:55,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:02:55,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:02:55,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a16i31cd3d7024b74b1h45986985a90', issue instant '2020-08-06T13:02:54.345Z', entityID 'com:vdenotaris:spring:sp'
2020-08-06 13:02:55,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fZHLbsIwEEV%2FJfIe7Dx4WQREi1CRqEAkdNGdcYbGUmKnHgf18%2BvwUOmGlWXNnTkz907nP3UVnMGiMjolYZ%2BRALQ0hdJfKTnkq96YzGdTFHUVNXzRulLv4bsFdIFv1MivlZS0VnMjUCHXogbkTvJs8b7hUZ%2FxxhpnpKlIsEAE6zzq1Whsa7AZ2LOScNhvUlI613BKKyNFVRp0fMIYox2AZtmWBEtPVVq4y6adGL26Kztf6KuCqqKhnnVSFdAOHtE9FMqCdNcBK2MlXG5IyUlUCCRYL1MiwqGKQ1nExYhFyXGUHMMyGUzGw8l4ICbekDXuBKI6w18bYgtrjU5ol5KIRazHxj02zMOYs4gPkn6cDD5JsLtd%2FqL01dFnNh2vIuRveb7r7bZZToKPezJeQG458AvdPgbwfLC4u05m0tT8XIA2TlivxcZ6on%2Bm9HH07Pb9n%2FjsFw%3D%3D&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fsaml%2FSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=SmSDyiivcFm5d5etNntL8o8fRJNEeGMajFpN1jbldCMrQnQGzDvmZ1pY1pYt1lNcQzJIL2i9V%2BTjCV0EV8S9VNqGrAiQrR1B0AOAS09BvSwwHzM7lW5d9%2BQNN2x6HQqSTFhAglq6eWoZjb0%2BBURO8m3D4pqhStjoo9qNL73Hw1KNNNtkVxjvMCWeJ1Iyr8ESz2vYnc5qpuxR%2FBvuDpYL08F%2FL8b%2FWiQoE6XAHkkL2GfDtucXl4sDvTIFVD2ebyxLtSXkKiipcw96u5NtrLLvuOjbmBAWUEXhYIPO3I66MktN8dhjm4XTgdiwb9hSa72qEiSsbDSqTB%2Ba95BbzNobYg%3D%3D
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fZHLbsIwEEV%2FJfIe7Dx4WQREi1CRqEAkdNGdcYbGUmKnHgf18%2BvwUOmGlWXNnTkz907nP3UVnMGiMjolYZ%2BRALQ0hdJfKTnkq96YzGdTFHUVNXzRulLv4bsFdIFv1MivlZS0VnMjUCHXogbkTvJs8b7hUZ%2FxxhpnpKlIsEAE6zzq1Whsa7AZ2LOScNhvUlI613BKKyNFVRp0fMIYox2AZtmWBEtPVVq4y6adGL26Kztf6KuCqqKhnnVSFdAOHtE9FMqCdNcBK2MlXG5IyUlUCCRYL1MiwqGKQ1nExYhFyXGUHMMyGUzGw8l4ICbekDXuBKI6w18bYgtrjU5ol5KIRazHxj02zMOYs4gPkn6cDD5JsLtd%2FqL01dFnNh2vIuRveb7r7bZZToKPezJeQG458AvdPgbwfLC4u05m0tT8XIA2TlivxcZ6on%2Bm9HH07Pb9n%2FjsFw%3D%3D&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fsaml%2FSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: com:vdenotaris:spring:sp
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: com:vdenotaris:spring:sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'com:vdenotaris:spring:sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID com:vdenotaris:spring:sp
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:02:55,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:02:55,494 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:02:55,494 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:02:55,495 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:02:55,495 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:02:55,495 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:02:55,495 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://auth.dev.nic-place.com//saml/SSO' nor response location 'null' matched 'http://localhost:9000/saml/SSO' 
2020-08-06 13:02:55,495 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' did not match 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
2020-08-06 13:02:55,495 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No candidate endpoints met criteria
2020-08-06 13:02:55,495 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'com:vdenotaris:spring:sp': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=http://localhost:9000/saml/SSO, trusted=false]
2020-08-06 13:02:55,495 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: EndpointResolutionFailed
2020-08-06 13:02:55,496 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-08-06 13:02:59,160 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: StateProperties=eyJUSUQiOiI3YzYwNThiNi1lOTA3LTQ2ZjAtYTY4NS00ZDg4MjBjNTA3Y2EifQ
2020-08-06 13:02:59,160 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:02:59,160 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:02:59,160 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_b0058dc0-04f0-4eff-b45b-949a5a646aac"
    IsPassive="false" IssueInstant="2020-08-06T13:02:58.8111578Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e</saml:Issuer>
</samlp:AuthnRequest>

2020-08-06 13:02:59,162 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e' from origin source
2020-08-06 13:02:59,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:02:59,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:02:59,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:02:59,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:02:59,162 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:02:59,162 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:02:59,162 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:02:59,162 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e
2020-08-06 13:02:59,163 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:02:59,164 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:02:59,164 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:02:59,164 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:02:59,164 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:02:59,164 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b0058dc0-04f0-4eff-b45b-949a5a646aac', issue instant '2020-08-06T13:02:58.811Z', entityID 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e'
2020-08-06 13:02:59,164 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=xVPBbtwgFPwVi7sNduyNjXZX2k0UNVKqrNZuD72sMH4ktDa4PJymf1%2fspGly2WsPIPHmDczME2sUQz%2fy3eQfzRF%2bToA%2beh56g3wGNmRyhluBGrkRAyD3kte7z3c8SxgXiOC8toZEt9cbcmoZK8pOspjlisU5KBW3edHGVV6JQqzylRCSRF%2fBYeBsSLgiEBEnuDXohfGhxLLALmO2atILzjJelEmZpmlxWX4j0XUQp43wC%2fvR%2bxE5pbNMH4BEd1R3Ix2dVboHOqvM6BE67UB6Wtf3JLqxTsJidUOU6BHm9w%2fBhn6Ct8rBWW%2bl7ffadNo8nI%2bgfWlC%2fqlpDvHhvm5ItPsby5U1OA3ganBPWsKX490%2f2d87IfsO2%2bc2k0lYvX3QJpF2%2bIhYM2jpLFrlF3CfXZ3S3alxE%2fobF%2bT8su7HXiCc8rLKiqy9YKwsFJPlCvK0EiG7sFWyknkKqr3MYAlspIiWvs1Pvgol70Y%2fnjc%2bvqZEtuu5my9zdHPCg%2fDnqXNFd7FaWjkYr%2f1vsv3vwazpOyPbl9PHj7H9Aw%3d%3d&RelayState=StateProperties%3deyJUSUQiOiI3YzYwNThiNi1lOTA3LTQ2ZjAtYTY4NS00ZDg4MjBjNTA3Y2EifQ&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256&Signature=hPGt08qSCfFxfwFc5TeJII2T4QwaEAC6fN6kBb%2buXzskVj9a94sYr5zMKgXZP%2bErA19oYJypCF1wXJt%2fKpA%2f4VxeEgpYBELGKideR6FZJZb0d8yIkG6ONpH52JbN1E9jq97CJwo6O0njPsq1u9S84aFHxYm04USwbs40kxzX%2bNlq5cvj7EVTjdn0sL6bz39ii90mq9%2ffqnWvlLpXHGLCCylrQm%2fVNz7hqABDSsjKxaxgfGe81SSbz%2bR4YkVyi%2fe3H9GQ9K1EeK1hUfZs5dDudN%2bYiY9tmQuojORfHyOXGmBi6mpVBxhNg2JdTzB%2bzXI9iAm2tHULIdNPzrs7vS9sDv18M0CGmxI7igDRQZjo%2fYgS0A2PUN3PVMLdSwP1Ag5L9Pn%2bGBNe7oxDGnPW9Omf0t0sLugTldcoFK8ZXv7wzZB83JXOgU1BBC5vZVVIUoZLPK7IHMT9A69E8n1ts2d13Jp3AO%2buRKS5%2bGKVAYrAQPOU1NwrWLQiDGeSodT2feUF%2fxNUJ1eUS3SmOt75SEYGNIPzo1KNw4rkTGQJmRC5iNb14g3C7gCnONnipyL0lieTzR4MdOaaErA8uwC53lD1VwXEKGYRfXzqIXwbb9SsSUjUGceYepdKcBDaIAECEF2H1camYKRbSbeOi5Okdf5S0GPYI72xyO0jR5iCN8mAjn0%3d
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=xVPBbtwgFPwVi7sNduyNjXZX2k0UNVKqrNZuD72sMH4ktDa4PJymf1%2fspGly2WsPIPHmDczME2sUQz%2fy3eQfzRF%2bToA%2beh56g3wGNmRyhluBGrkRAyD3kte7z3c8SxgXiOC8toZEt9cbcmoZK8pOspjlisU5KBW3edHGVV6JQqzylRCSRF%2fBYeBsSLgiEBEnuDXohfGhxLLALmO2atILzjJelEmZpmlxWX4j0XUQp43wC%2fvR%2bxE5pbNMH4BEd1R3Ix2dVboHOqvM6BE67UB6Wtf3JLqxTsJidUOU6BHm9w%2fBhn6Ct8rBWW%2bl7ffadNo8nI%2bgfWlC%2fqlpDvHhvm5ItPsby5U1OA3ganBPWsKX490%2f2d87IfsO2%2bc2k0lYvX3QJpF2%2bIhYM2jpLFrlF3CfXZ3S3alxE%2fobF%2bT8su7HXiCc8rLKiqy9YKwsFJPlCvK0EiG7sFWyknkKqr3MYAlspIiWvs1Pvgol70Y%2fnjc%2bvqZEtuu5my9zdHPCg%2fDnqXNFd7FaWjkYr%2f1vsv3vwazpOyPbl9PHj7H9Aw%3d%3d&RelayState=StateProperties%3deyJUSUQiOiI3YzYwNThiNi1lOTA3LTQ2ZjAtYTY4NS00ZDg4MjBjNTA3Y2EifQ&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e
2020-08-06 13:02:59,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:02:59,166 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:02:59,166 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:02:59,166 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:02:59,166 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:02:59,167 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:02:59,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:02:59,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:02:59,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:02:59,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:02:59,167 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e
2020-08-06 13:02:59,167 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:02:59,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:02:59,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:02:59,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:02:59,170 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:02:59,171 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:02:59.171Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:02:59,171 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:02:59,172 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:02:59,173 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:02:59,254 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'jdacldsbxb2c.b2clogin.com'
2020-08-06 13:02:59,254 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:02:59,254 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:03:02,306 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-08-06 13:03:02,306 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:03:02,306 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1744241403::identifier=rick, context=org.apache.velocity.VelocityContext@2e3129e5]
2020-08-06 13:03:02,313 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1744241403::identifier=rick, context=org.apache.velocity.VelocityContext@2e3129e5]
2020-08-06 13:03:02,313 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:03:02,313 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:03:02,314 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:03:02,314 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:03:02,314 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:03:02,314 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:03:02,314 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:03:02,314 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session dfbe1bbca80782dc6da66d2499b54c2ebda3b832c2603d4f09b924d3ef587a25 for principal rick
2020-08-06 13:03:02,314 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session dfbe1bbca80782dc6da66d2499b54c2ebda3b832c2603d4f09b924d3ef587a25
2020-08-06 13:03:02,315 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:03:02,316 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@181b5f81'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:03:02,317 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:03:02,318 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:03:02,318 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-08-06 13:03:02,400 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'jdacldsbxb2c.b2clogin.com'
2020-08-06 13:03:02,400 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:03:02,400 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-08-06 13:03:02,400 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-08-06 13:03:02,400 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:03:02,400 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-08-06 13:03:03,551 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-08-06 13:03:03,551 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-08-06 13:03:03,551 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130303Z|https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1628254983552}'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e]' as '["rick:https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e"]'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@181b5f81'
2020-08-06 13:03:03,552 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:03:03,552 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:03:03,553 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:03:03,553 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:03:03,553 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1c46380e08ecfab1143ff82076431fca
2020-08-06 13:03:03,553 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1c46380e08ecfab1143ff82076431fca to Response _796e189af6b4c949124a5fb0d3c2cb12
2020-08-06 13:03:03,553 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1c46380e08ecfab1143ff82076431fca
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:03:03,554 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent]
2020-08-06 13:03:03,555 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-08-06 13:03:03,555 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent]
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:03,555 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:03:03,555 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID ABW45UC6DAVXNLNIAJDYTXV4ZNQAGTAX with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _b0058dc0-04f0-4eff-b45b-949a5a646aac
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1c46380e08ecfab1143ff82076431fca
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1c46380e08ecfab1143ff82076431fca did not already contain Conditions, one was added
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:08:03.552Z, to Assertion _1c46380e08ecfab1143ff82076431fca
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1c46380e08ecfab1143ff82076431fca already contained Conditions, nothing was done
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1c46380e08ecfab1143ff82076431fca already contained Conditions, nothing was done
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e as an Audience of the AudienceRestriction
2020-08-06 13:03:03,555 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1c46380e08ecfab1143ff82076431fca
2020-08-06 13:03:03,556 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e to existing session dfbe1bbca80782dc6da66d2499b54c2ebda3b832c2603d4f09b924d3ef587a25
2020-08-06 13:03:03,556 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e in session dfbe1bbca80782dc6da66d2499b54c2ebda3b832c2603d4f09b924d3ef587a25
2020-08-06 13:03:03,556 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:03:03,556 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e and key ABW45UC6DAVXNLNIAJDYTXV4ZNQAGTAX
2020-08-06 13:03:03,557 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:03:03,557 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:03:03,557 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-08-06 13:03:03,557 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:03:03,558 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer
2020-08-06 13:03:03,558 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer
2020-08-06 13:03:03,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_796e189af6b4c949124a5fb0d3c2cb12"
2020-08-06 13:03:03,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _796e189af6b4c949124a5fb0d3c2cb12 and Element was [saml2p:Response: null]
2020-08-06 13:03:03,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_796e189af6b4c949124a5fb0d3c2cb12"
2020-08-06 13:03:03,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _796e189af6b4c949124a5fb0d3c2cb12 and Element was [saml2p:Response: null]
2020-08-06 13:03:03,560 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:03:03,560 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer' with encoded value 'https&#x3a;&#x2f;&#x2f;jdacldsbxb2c.b2clogin.com&#x2f;jdacldsbxb2c.onmicrosoft.com&#x2f;B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e&#x2f;samlp&#x2f;sso&#x2f;assertionconsumer'
2020-08-06 13:03:03,560 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:03:03,561 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'StateProperties=eyJUSUQiOiI3YzYwNThiNi1lOTA3LTQ2ZjAtYTY4NS00ZDg4MjBjNTA3Y2EifQ', encoded as 'StateProperties&#x3d;eyJUSUQiOiI3YzYwNThiNi1lOTA3LTQ2ZjAtYTY4NS00ZDg4MjBjNTA3Y2EifQ'
2020-08-06 13:03:03,562 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer"
    ID="_796e189af6b4c949124a5fb0d3c2cb12"
    InResponseTo="_b0058dc0-04f0-4eff-b45b-949a5a646aac"
    IssueInstant="2020-08-06T13:03:03.552Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_796e189af6b4c949124a5fb0d3c2cb12">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>+G7WzL5c+RYG8XBkRfdgmTU0+oI/AP74vq8DyK2ehUo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>HvuQLG64vJoAn7i2kdg+u0ayCU/SGy16VodfdbZN0Q68KzSz6MEiDocFfTCLdtPINYFhFzJuG0Gl4jcT8zlMGMBhFBKhOkqNS99yKkpW2r/5/53e/PCG6dOJL6paxVUFr4iquXrkBLE1G2aBSCnYh70Qq7zoktctxJwqKTdiuFcjO/Ps4ryNBIJxwu58VMiVehtYDHFaKbMWmSLgD6l6aiBSfVuOq4BmTmt+80OkJViPZyMHSqOF2YXIKcIbijQU9OWHxdek3P4bgEUSae1JRhMLz2741n7C+H/47j5Sakyg6QaEdCOKNGknLGL1Xz6nekTMqFD9wzS2q+5w1BMqNw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1c46380e08ecfab1143ff82076431fca"
        IssueInstant="2020-08-06T13:03:03.552Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ABW45UC6DAVXNLNIAJDYTXV4ZNQAGTAX</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_b0058dc0-04f0-4eff-b45b-949a5a646aac"
                    NotOnOrAfter="2020-08-06T13:08:03.555Z" Recipient="https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e/samlp/sso/assertionconsumer"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:03:03.552Z" NotOnOrAfter="2020-08-06T13:08:03.552Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:03:02.313Z" SessionIndex="_321fc180e4b3b7632b116d6589137080">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:03:03,562 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:03:03,563 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130303Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_b0058dc0-04f0-4eff-b45b-949a5a646aac|https://jdacldsbxb2c.b2clogin.com/jdacldsbxb2c.onmicrosoft.com/B2C_1A_TrustFrameworkBase_489252b30085f0c86e419a1119a19c9c41efb72e|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_796e189af6b4c949124a5fb0d3c2cb12|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|ABW45UC6DAVXNLNIAJDYTXV4ZNQAGTAX|_1c46380e08ecfab1143ff82076431fca|
2020-08-06 13:03:44,136 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2020-08-06 13:03:44,136 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:03:44,137 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:03:44,137 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_12eec306-e015-4356-b80f-a27fb0240d6e"
    IsPassive="false" IssueInstant="2020-08-06T13:03:42.942Z"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://moveit.eastus.cloudapp.azure.com/6899/</saml:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <Reference URI="#_12eec306-e015-4356-b80f-a27fb0240d6e">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <InclusiveNamespaces
                            PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <DigestValue>fDmq1noYCmA0ityflri2fEdMSQ+ouxI0uG5aA4tXBgM=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>IAdyK/JXbNH30TUZ9TQ8q7Xg4zPBuyTgs5QSM6AuTIFpzeLrVmWGYyOlTXFbKn6/JgN/6Gdc3ASrWZrFI/RXlrPPJT+npo5Zh+2MLMFYGY6u/v9sk22qWTUeVetdBWefIU1AqlCjp5Tu54bNcFODRx0Kpjf6cf2jO9Fa5wmZ9K8=</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIICKTCCAZKgAwIBAgIQZTT+hOyYEbJKTeSyJyyY+TANBgkqhkiG9w0BAQsFADBTMRswGQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNDAyBgNVBAMTK1ZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjAwNzMxMTE0NzU2WhcNMzAwNzMxMTE0NzU2WjBTMRswGQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNDAyBgNVBAMTK1ZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIFNpZ25pbmcgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOzZbddUxFpjK/WG6CTL/u1IDD53+wk5tf8dJvq/z20HWZgZB9Uq/kIeFhRebOz2jA6wcvMVv1GcZ5y9pHaLu7eEQ31osheJmNK7wdZOf3fQ2gQEMjSVC0MkA73M36duMagtjpQNDVVvWBZr4E4R/dOnQRrXforQUuI6DKLWrnvBAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2jzdCoxd1M6IKXd3whOrwBVVD8++xJycVfy/azCW2PpL3D+GqTpqUOFOJVtg6dGFQ5A2PLrA2gHX48jbu+wirC7xU5QbAtikY9PTdaDDJuzR7au7Q6bTlm4cEJEhKr1+HRm2vRJ1oakxSLEDMY2HAyQSSwhLEpwkdafYd+AA39o=</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</samlp:AuthnRequest>

2020-08-06 13:03:44,142 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://moveit.eastus.cloudapp.azure.com/6899/' from origin source
2020-08-06 13:03:44,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:03:44,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:03:44,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:03:44,142 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:03:44,142 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:03:44,142 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:03:44,142 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:03:44,142 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:03:44,143 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_12eec306-e015-4356-b80f-a27fb0240d6e', issue instant '2020-08-06T13:03:42.942Z', entityID 'https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://moveit.eastus.cloudapp.azure.com/6899/, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://moveit.eastus.cloudapp.azure.com/6899/' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:03:44,143 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:03:44,143 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-08-06 13:03:44,143 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-08-06 13:03:44,143 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:03:44,143 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 166321257288823104771128801066816864313508571863601390543013545133120205785261110610751340234196350511629891146256035820135915146409380604387125098174838064111727943990583480526557772786907140964251568694338643572469666137089175956758574284364261130014857080514325081382197164151047187227455666983789315128257
  public exponent: 65537
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_12eec306-e015-4356-b80f-a27fb0240d6e"
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _12eec306-e015-4356-b80f-a27fb0240d6e and Element was [samlp:AuthnRequest: null]
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_12eec306-e015-4356-b80f-a27fb0240d6e"
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _12eec306-e015-4356-b80f-a27fb0240d6e and Element was [samlp:AuthnRequest: null]
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_12eec306-e015-4356-b80f-a27fb0240d6e"
2020-08-06 13:03:44,144 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:03:44,144 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:03:44,144 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:03:44,144 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:03:44,144 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:03:44,144 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:03:44,144 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:03:44,144 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:03:44,144 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:03:44,144 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:03:44,144 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:03:44,145 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:03:44,145 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:03:44,145 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:03:44,145 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:03:44,145 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:03:44,145 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:03:44,145 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:03:44,145 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:03:44,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:03:44,149 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:03:44.149Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:03:44,150 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:03:44,359 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'moveit.eastus.cloudapp.azure.com'
2020-08-06 13:03:44,359 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:03:44,359 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:03:57,312 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-08-06 13:03:57,312 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-08-06 13:03:57,313 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:03:57,313 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@425156361::identifier=rick, context=org.apache.velocity.VelocityContext@1290de3c]
2020-08-06 13:03:57,320 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@425156361::identifier=rick, context=org.apache.velocity.VelocityContext@1290de3c]
2020-08-06 13:03:57,322 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:03:57,322 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:03:57,322 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:03:57,322 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:03:57,322 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:03:57,322 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:03:57,322 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:03:57,322 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898 for principal rick
2020-08-06 13:03:57,323 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:03:57,324 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ab8acd'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Deleted consent storage record with context 'intercept/attribute-release' and key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '["rick:https://moveit.eastus.cloudapp.azure.com/6899/"]' expiration 'null' as '[rick:https://moveit.eastus.cloudapp.azure.com/6899/]'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Updating storage index by removing key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[]' as '[]'
2020-08-06 13:03:57,325 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130357Z|https://moveit.eastus.cloudapp.azure.com/6899/|ClearAttributeReleaseConsent|rick|||
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Storage key 'rick' not indexed, nothing to do
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:03:57,325 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-08-06 13:03:57,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'moveit.eastus.cloudapp.azure.com'
2020-08-06 13:03:57,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:03:57,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-08-06 13:03:57,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-08-06 13:03:57,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:03:57,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, Vladislav Antonyuk
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-08-06 13:03:59,494 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130359Z|https://moveit.eastus.cloudapp.azure.com/6899/|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://moveit.eastus.cloudapp.azure.com/6899/, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1628255039494}'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Updating storage index by adding key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://moveit.eastus.cloudapp.azure.com/6899/]' as '["rick:https://moveit.eastus.cloudapp.azure.com/6899/"]'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1ab8acd'
2020-08-06 13:03:59,494 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:03:59,495 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:03:59,495 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:03:59,496 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _bd869a8fd0e0b64d1268673306f26a05
2020-08-06 13:03:59,496 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _bd869a8fd0e0b64d1268673306f26a05 to Response _8350276b202dab0ec2dd21d6bd56951a
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _bd869a8fd0e0b64d1268673306f26a05
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:03:59,496 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2020-08-06 13:03:59,497 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-08-06 13:03:59,497 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:59,497 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:03:59,497 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _12eec306-e015-4356-b80f-a27fb0240d6e
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:03:59,497 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _bd869a8fd0e0b64d1268673306f26a05
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _bd869a8fd0e0b64d1268673306f26a05 did not already contain Conditions, one was added
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:08:59.495Z, to Assertion _bd869a8fd0e0b64d1268673306f26a05
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _bd869a8fd0e0b64d1268673306f26a05 already contained Conditions, nothing was done
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _bd869a8fd0e0b64d1268673306f26a05 already contained Conditions, nothing was done
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://moveit.eastus.cloudapp.azure.com/6899/ as an Audience of the AudienceRestriction
2020-08-06 13:03:59,498 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _bd869a8fd0e0b64d1268673306f26a05
2020-08-06 13:03:59,499 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://moveit.eastus.cloudapp.azure.com/6899/ to existing session 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898
2020-08-06 13:03:59,499 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://moveit.eastus.cloudapp.azure.com/6899/ in session 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898
2020-08-06 13:03:59,499 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:03:59,499 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://moveit.eastus.cloudapp.azure.com/6899/ and key TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL
2020-08-06 13:03:59,499 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:03:59,499 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:03:59,500 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd869a8fd0e0b64d1268673306f26a05"
2020-08-06 13:03:59,500 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd869a8fd0e0b64d1268673306f26a05 and Element was [saml2:Assertion: null]
2020-08-06 13:03:59,500 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd869a8fd0e0b64d1268673306f26a05"
2020-08-06 13:03:59,500 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd869a8fd0e0b64d1268673306f26a05 and Element was [saml2:Assertion: null]
2020-08-06 13:03:59,502 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_8350276b202dab0ec2dd21d6bd56951a"
    InResponseTo="_12eec306-e015-4356-b80f-a27fb0240d6e"
    IssueInstant="2020-08-06T13:03:59.495Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_bd869a8fd0e0b64d1268673306f26a05"
        IssueInstant="2020-08-06T13:03:59.495Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_bd869a8fd0e0b64d1268673306f26a05">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>EGi58CYB3aeQ76EACCSFFemkOCt8bv4ljjfWSwlAq1U=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>IQ3hG8l1aDvQKP3y3+JoRvz30pLYsMg3rBp3h3OxJgsf2ALaVjE+Zs2XDhI6fyp1Kkf+4/oB7Egvebzz5iMhiBkFllDQTw6UZug5hUIDCY4yp8DSb/x57gXUjSHWMBEBGEHbZVjLp2wB0+yY3OfG9RIgEXJpHL7lB5LXFl40+f9yurWohVFe1gEntMw99NX/vzo0/zYFMLQ6XoJrG8rI8k22MH7hv+26zuY/2wPxt2FOl82bfpsZYEY6RME3mdvKoCwSQCi2V9nulOtNCtPGL3QHrUySWVgH/HrT5zzDSGlz4ENCWmeMiwu/c4upay0JhJ5ICQ6LT/mKJccJhpwv5g==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://moveit.eastus.cloudapp.azure.com/6899/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_12eec306-e015-4356-b80f-a27fb0240d6e"
                    NotOnOrAfter="2020-08-06T13:08:59.497Z" Recipient="https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:03:59.495Z" NotOnOrAfter="2020-08-06T13:08:59.495Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://moveit.eastus.cloudapp.azure.com/6899/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:03:57.322Z" SessionIndex="_067b80ad735ba1c3edbab2ea21a81561">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:03:59,504 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:03:59,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:03:59,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8350276b202dab0ec2dd21d6bd56951a"
2020-08-06 13:03:59,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8350276b202dab0ec2dd21d6bd56951a and Element was [saml2p:Response: null]
2020-08-06 13:03:59,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8350276b202dab0ec2dd21d6bd56951a"
2020-08-06 13:03:59,505 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8350276b202dab0ec2dd21d6bd56951a and Element was [saml2p:Response: null]
2020-08-06 13:03:59,507 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:03:59,507 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post' with encoded value 'https&#x3a;&#x2f;&#x2f;moveit.eastus.cloudapp.azure.com&#x2f;6899&#x2f;SAML&#x2f;SSO&#x2f;HTTP-Post'
2020-08-06 13:03:59,507 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:03:59,507 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2020-08-06 13:03:59,507 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', encoded as 'orgid&#x3d;6899&amp;client&#x3d;mobile&amp;code_challenge&#x3d;e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
2020-08-06 13:03:59,509 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post"
    ID="_8350276b202dab0ec2dd21d6bd56951a"
    InResponseTo="_12eec306-e015-4356-b80f-a27fb0240d6e"
    IssueInstant="2020-08-06T13:03:59.495Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8350276b202dab0ec2dd21d6bd56951a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>xjewDqierEZ7vAf1YcP3PudRCc5YS6P9zgJ2JLdHkVo=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>YccZ/pMWvv7UqX+X8KI8/t5DxWPwNStDuRB/CJixrB0ef5xf0FMgbcji4LyANbzyK5j07hH38AiLGPT8QcJEm20TNUCiD1AgSkgKTYlkRdLh/lo9EAMzYlVRJnuwQPutjDIkhuPXq7pQNen79LbALo7hVwhDC/w4fg2xq1+Ibdu272UM3ZI27T77UADLxS3YuQ0o5WLKaF2n+bnAboUAxk41LKO1CS/MtHZb0HMqDSHPg66ZPcs74cSAo9W78EDyWnUPdqZE2Vw94LY/2GsDKlPaeVgUiGs8OYajVIYGyG2jX/atKYQ8vdSwTbzP1f1XjRhzocGvSoywG92ye3Ynqg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_66bea0b142a94cd3ff5a28a9f0f504bd"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_48946bb34b9611f70eb84fa5ff5de41a"
                    Recipient="https://moveit.eastus.cloudapp.azure.com/6899/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLzCCAZigAwIBAgIQGS/tfqYYp7JLXvwRDoOZvjANBgkqhkiG9w0BAQsFADBWMRswGQYDVQQK
ExJWbGFkaXNsYXYgQW50b255dWsxNzA1BgNVBAMTLlZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIEVu
Y3J5cHRpb24gQ2VydGlmaWNhdGUwHhcNMjAwNzMxMTE0ODAwWhcNMzAwNzMxMTE0ODAwWjBWMRsw
GQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNzA1BgNVBAMTLlZsYWRpc2xhdiBBbnRvbnl1ayBT
QU1MIEVuY3J5cHRpb24gQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOBI
1FVyGFDyO1MbVBUyahoC7/byKW/jyKBFUJvYGZB8SHkzU1TMwrQlIdXtx9cqC2wjMISR+0hq25Jg
GoP5pkuQN2xsJ8UAaepiRsbRY+EswFAy8+/LbX2kRihz1Zq2bb6hgxiei2BYP0eyxZjQgLS0xCH0
cPecYLf2/J/Nsg5FAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAXfIFbNRJotIUX1fSketKvtLDhHcM
zQeempKN1k4Np+wRPV7KNA8AACxO4u4/dXmmxKdmy5U4XeuPranlJimI7QwrZ9+/opqBQz/1sZsi
nH36IH0E3PlIK9/+9hOMn6zaBLBi816L+i28vlgDchynmSf8guzQpO3Vl6zkU1jWYwE=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>DCAqH/+hK2iq5VqPr5t3eIk2PhRhCZlGP2vpAS/hzRymTg/ApgbNCaAloGvs1uRbP4nAl2Fqo0USn0FOVz7Bch2COkO6MrB0gMwb2Hg33Nbl5ivWV6CzNbuIvkksk84ROW82hIAQrKvCxSYDA0E9t2mUS7UscsMY0zCcXGnysiU=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>n8vbqmp6sgfplTdWEU6BCGvmwfFuuuS3L7wYdP68jgvj61nSAlBPQbafQKqGtAKcaiUFxoMHCFAk2kTBOnxsbdRMCo5kOgaefki27zRFqxcbIZRneK9Go1QSRYPrRGdtEmSmTXP7X0GMuoxmDRfRzeja38qlL9dBbvTKv8Pn95DXO5h6gwJEtJbUewmSZR+hObGlJOg+bQWnk4mFWFjaHBwBwwZWd98yvbCR34VYBnJLc8l+auTCJayKSCnbBijYZ9u23HsmbWmy0y3sP8hgu0huOMQwMrZrUijGrQyd8Gz1yxLBCdyXlS9X39+jfO9HM55Fq/gLbBj+nyfTdmdTiDy6TZmpCS7Kp0iMca4hPjBvagXUs4ATJ/OQ8Rm/C8XLaSJ8N3c0QSQCXVs7IRbJoWf2ltwgPHUXTiFqQ59UppeR8WZzVExJjdFBOiyYaMnr0uYW0M0iKp2uVaHT+M41M19LA8nGkpRuTjSDBepbTTE8bF0JmjHrC0lRCDey1mCbdqGUajWyAwAd1U4LTh/UjGeMA7m28EvsV7ZkgoqYqotWnhwWWBQTjem0zCPiwe3Jxnc+vSq9rp182sBy4xkj6d6N+s7fCAHLBiADqCtN16Qv9AaNxvolYmGakTv7DEfFb/O0o8xDpmM7yIpLn2QVww2qI6rizHGrV+HFTL/HFEp8NLzvff+hqPv8TC2LAsPdyarLnbBQbg0KDM0InJZ8kF2E2DIKT/fBgwTrJglDE/oyjrXX9Tj5ZvHeSmaT7eQvvHSQLIXcIiw5XwPcOzh/5q2Glsm0t4o0iSRKnHg2fQzlCIWEAQlmBWzl3HBRcPmzmjVJO7l/eP5mikjGBgASpPv72KeMSrHkVYY4STFNDbk1zBpv5yApYEqqa0jcQyesdhhP9j0HqIgVvk4py8QrUpukdqZF238NSP5POxd0aGGyj2ZHJfL8UqpFczTfZeJvUNy2bLV8XKu7xYOsHxrykvrWTePK6PlCAWv7UtpDgr6/GWVfJnD1FJzRMZDjorNm8N9O5DkPgPaG14pQEkxD1QQrNvAcarqFLOR6qX+Gg9zyxh/qTnrDHXFkxoKF5nULKxZzY/5gZyNfphM3GnBYIInbQxJoqvtKscpHt5EMf77JdCX3eua4zFO9CDodzZ6BVqply4TRWDI2HXHJeb+PVi9BjuKVbXHVyjk94nfSQryySV9SxuoWwOEvgVXgxDFmvV4vupvPMZZpseYJ34Qn7dYftee3w57aV1BugIy4pERGIa4tPUoFam/C/CM/0qwTGcq6w88mq62t9WlyGr7KoUQUU/ekq7Z5MLDIsNkWBp3Qu3i8vVVvuUZqba6blZ9lz+hB2vZcRR/5+it6hjBBsUanRH3aHOa0HWWbntlCKHpX1acFBgsRJ95USeIjGyAQdXK1WxZbQ0eg4Kf6SSwAAR7AsOWKV3/iQf3Asp6GApu5P6ALEqrf2Aw6QCQ3/t3YPG24vdXhyh86q9WJaymaNw5CAvQTFiNvpb9JzuOXaAjW8kVesxKLOx2rOz/duSW78z1aSlyCdx347LRHjIGDKrGqpKH5sgxp1EQb6MBBODWvFvm2EhHtsQK/g9qELYOBPWEc6VzwuFjY+EGyV5Wfj+mLOnqWk8bJZjZ8V+dyuaCRNRb5lAjUEHRe0p1BBoVjyT+MmI1DGiV1NXwANf78RF0LBMmVNPO4EhVoetQYMCvGJIuUVLXO134inYgCINi81v/p2hszjjckFtByLGoFdB0esd3fEdVAmSoIBfdMwtduX3FaEKbIoIzM9K1nF53s6D4PjI9Mc3tEZhuN/hm60Hm9uSKITy2bAhlWtwGYEeVcAZpRPTXdFa3PQs81G6ZgnjkMU1PsYwuSSVYVQZc96Wynfc90aiQQy93clPxH7tWk36dFErJqAxjAe7VEZvnpSq0XDcae4ChKOrlwsAHuz1+JvKi8uK4Q777seCiINVmsms4jT6ZcP48g5V+MxryaPSyO4UPGQ8m3CLHUNRAZp293kmtWooFfmEt+NvL7wMNMsMjFdSb/290FoGXuXGV2R1lv86Xwa3GVBEfPluGSiDBUcgECTRgadm1knHYkex4BTkX98ciwAYEBbWNzKc/QcOjlZ1kTX4SY4K+Jcg2OXBk8lTN6Ac1uL3e5MlrukhCz8ykdYaJsJBGmOYpzd5rJE/TKSckn99/LQBQLWsHuUb22Id9wW8xQb4op88uJipSmE7+Axo3w6NtFhrNUq28f21Dewi/JH0oJ2qxsTWAwOPC0HIrMmgvvy5p6WHbZD+HLvbHGQvzJD8VVwb981cpffVKEUFsdYg//M/4z+DxoFNGB00rYWr0RoQ3lADVkorckpAO5wEmO8md4vrN9eshOhzSgB7br0W8CnAyYNEWtKreL7cFJhb/F/NEQIWHin+YTiWlNHC7pxMCeO11X6HDyrG2nwTo2xboxj3P7PObROdNV3AEAimByDsg2lnSQu9+ZWukKM2dHtyK2mnRnsT7Etx+1GcoYIhjsqU35VXzuqUCII23MpRjdvfMtUKAMmtV3/DWEPSffpCzb7PzpHobZiLKHcSUrMl7Q0bmPlwDMaef5VHuoNZUAfw4Wx2D843YXrx8LEZsljuufygxwsTNtt4y53bQ9ZEKvzXpSll5lkjtpHo3ratT6hgrv8H847TX0/p/mlF+6ukkQybm4DBjwsa85BHq43352EsAanUCNFMAKH6qdn70xA3V7sHpZGnq1eBY+DEYaVgPSs7Q51FnP+2Y5mq2/6zoDoC9r4CSNy8/X8Iz/bNL3K36yaIQEUWzYbu3H2zXprTww+7zVuLHKHeecyMG1E27G4TI6ovMOHQStBrwZ9rC43ftRJ4hgVunzLRp247mZjGNBYFibbi6AA6dARfpCRgD6BQRcHzFHSf5kUacIy2rB5Uga1je+QzkHEqB6ym5dZF39t3UBTXNeavpKajjsJ2CAXDtFKeDlWaf91UHbDO2AQXe8ZmFJqfqOtlMemA8jj6FVz+HnAxsyLyWjZR3+LQ15CPa6C4bLe64Kyu06xtXCsuHxnVb6lV5frBfSjorjau46q6yZXK3AofCT8J9QYmaClqewsOCrNPsEU5nf2dbcyiHCovmUjVSqIibDnFzX3Bm9n1kzVg9ZNTnHGrIcLdYt2DFp8lHaTp5poEEY0oD0D+0MKdiEzxer4DElw3WW4nDyPZhj1zJ6K7crNt+SJwpcdAMX30jEzIGaNfVSw/QeevTkSvzZBVMWJLdVJNLXv49n2Qqg65xZO2qBEvjBNiYEFehcFrxsxZ5kcPO720ko2ebN4lgDQ5c/A1DjH6rT5Uh4DkPm1JdbFc+8SuV6awVnlob610Sql4bidYw3ysi/qKkGkQndJ41Y+CvIuthcaSqb6jsnyGeL6W1AozDKwSkU/UNaF4J+2u0hgHfgWDoGq4pnxKFrRv2gQwzO5GNoKYH6/Oe1h+ZoVJHAszZV7r1Z7YdWUpaXj05lD5M4Ym2PBk4PLVYPAgczK/MqK+zKZAGzPjatHl3j100gap0Co65y6BuLPrFk2PzpJ0rT+O8O5QIocWslm/oSewLDRwDhOmb28h6I5DwxSscFbd6PnEC7uR3hCHvzqAJ3GJDxtgDFKw6aGz4nO3vrNqrAhgePUDmwrUM74NP70mHXvN3LtE/Z1Ttm+3G8EVyAOCn8A68myAdxbQCRkkbhliyyH/yKNdm+8WGiQGsvCOQ5stGMrFnjMpnkX7quARET7o6upOMvrBfgaq2Yr2yUGwIMwetjVBSbpeY9X/Yusd61KB9NblKcdwmqIBGXgqmNzar975JpYPMzZsGh1nAmOVtHUImmkJCZERiYQyQODGr8o9YeWoVp0MDig0Cr5U6xffw6zHgAWXMalaxkb+A+YFIrQVp/pLKGEwM3Pqt8htJZoJCNvaJwmeHp7rbMADOx7mk6wKGNcbERfj6cVNUBsH++0fbIgvXzQj+nbMzD5Z4R5vU3FTUI62U5TYmgDdnArTwJc0HkccOi1AU+2W3qJD9VMOpCMl/fEzZxn6UZBEX8A3lsqs0yH5OifV9teiXixPX0LmwpprRAKTiaeYCdkyPz9hTwd1VnX6Y4+hl7cBox9LNAqXrM/8a42BXtOFvnGfZLDw9kDcE0kClxNeICCxa96zuDG/YjBdTQmT57QWSwAg6NzhujuEIAI8AwUucAQ8z0kvxmqcDR+i+P82xWqV+JQ1wWzg1rgx9rofEpXufWYmHWM/6LrmywskKreFXtAtv+K67s/pBgXo7FOF1NNO5UQldOVs2A6TxYxklj9senvsoCCmJLfY3zjkV+z3MSj2j6ln8hXcPVJp78LfqypvUyi9LXKfYbolBtXbW0Yvpqq02CO7kyxfFkstnAO5SSl9XJou9L2PJw3pq5+hiOC2P3UXqAcryuWLNe9y/GiGcWByKdbmSBYE8O1ocBKEjGjXIpEmwHsJqfoWid8SrgGF7lfvLR6Eyx4oJUvhLtRLGKkPIyF2pj3U0VoKZjYEkwFMwDmR+Sfz4Mi9wUbgb/h1tDKbQN/C4uzHQCj1YouMlEyG8KuVXU9HBVnmw/nTnUuT54yvnXdUdEbhTGw8dPECAcyueILF9uwUjCbJo9zZSsgSsbdr0n6TsTfgF5JZXtl5Bee9vozPIZK0JvjBgtmQBcjpy5Z1g7VozmFwy09BaxXa8z1YlWyMZoO/JjEkJaNZ2eryCSNl3+arV1uND76+KTkCC+Pu8bC+MJVaefmf0/JfVI11/U9lOipjN7ZAgjvT/4J10+IOD2N9KD5sqPev7qf7TYVLkOZOeH0tTeXPVX8QFa+vOq1OEEGAqiC3nKuoxLke9BK+xXF2GIokiCrOASNSfKyIfoA4nHKc9so3A28VDys2ccJd/JqU0FjIwLLFvl1Z7YyhT23wiuRb8fI99c7Dq9T9Jge9+BGKtAhI4k5fcBZcC085slrrl36e5TsW4mwO+C5MZYvd7RUlrGV9+iE7r1OQY2IHrEdBEJYAMongNlmUUnDJLWhgDvuSeBYo+ulRmUU9I4wurYKcOGBe4ppvFN3IkntFj/WMEIH5uuMeFth4TwW5yoCDVuiC1ybi9j7sFB8jEVxdi7iAVsC2tESnaNl/a+b1VkLDLdqqcqdBO66YlCi/yytVD8apM4fmX17jYErT1LFYpADfYEiutyN/nd3Ky63CW/x/l62T+bdfwOrN8cp45DWxeSb6AHBoUa1xz5Nx95GBaRqxxAH955SstzialVkGoEKYDmgomq8v5QEzJlI3GuLu76t0+Ym0qJ2efZJWvQC1CTWjhlygRiR6ILRllagoJ6iLPV23eebvjXE/Ar3V2GuSQtiYSir9W8Sb74/AFQ9ZrJInzOga9I/0aTlXARvLLd1fGWDbSB+2TQAa94qNLG0fJ0e5KOI5JMIEDxLJMYcueWGUXp+OnTX6vgbhfUTcYn6iAbqAOd6qtaScGkYUBxCFsscIiDp2RjASZPVNLTdZURyP6sbXPxofdMC2efex5w4EAUrHAJBrz74E9XB32/m0PpDXoL4jnrdZ8XNnDHN7AHeFtiAI0GT6H1y2cYYpQtQfAX1fawIILgPnsTNx5Eh+k+IUjvt8LyTbD+rOu3jPpSeQV7RReSVHFKeE8AT/MpNPG7csaFfEZ2TpyklkQ0OdaTeZnMybMHeXYm8THUJE1Vava2dDzvLPE7zv6uj3r3dLasxtkUpD3c57bSO95nWzMu0ynHu8ONrq5PYMsbdqsScsSNF0jsGEBUr8YnUwfvQvZe8WdU8Qb8eVeum6fWK6iii72POJkW9ArVxoe1fcd0A2cKqoj7P8RPidPIO5mMQeBURGN8KqM3YHc5/j4ky4o1mFAYxQlHeNUXyj9xC3fSZxX8BBxkbGfYoOvVln1xWXSTlcKa5Jqv5+z19nSqR1pnXe5k61n0npG7DW8CvV+cpcusqNSFvAQeqQg7/zelbrPgWn9ACMqwP2/qtCHa+wIpevnLcLyHbUA6qzcnACG7a+EfvPuUSVPp4OtjynZHmEoN496uCH0QFknZWU+9fMY5xJojLEaVpV14qPcRiSQqXtzS8sNJyHKSSWmOLYl5n8NNDk/w6aB62Axgf8H5NU26P4pIc4UFeWVdYXlR9u/tj/ZHMwqJS/rdzne1FjmpVDnaDuBtaxadoQYoPBR5DvPJ/R35s53PUU4yyAHIT69JGRe3HDW+e2FfOCcJ7y5e6rQqBh31nuszSxEJzULp5Eo4vhrpRvg6rBDgoOAzkNtIDc1BQjjlhHBXgujZWqzgwMd1Sp+o5yQJ6JOSP8u8f2Ib0El6CdNlf5XsoUWnJl+G2JCa1mju1faxcQOObUNkXZkb0tlpzxeM0reu3O1IY8e33jjgJTeSt1ao3VJs4mBtfnAS4dIHe9qUqui0F6u5ooWHqimA30WaiQmqWJbwZrdqILW2/X7omopLpf/EBXp82bw9gfBeq+KufW/fJS6qi9iGtDszgm9wRYK6InyNccjSVWqb4p/QSKctEFD8SFITGdJ14OELvthIp2BDcsjbw+8VbCsFxIr/CndBtGc+2abHOR82nK935Na+ejEHBKlF+rNOnfZeSlB6PmSyLpquIJtsC/mLbDzUGx5/i23dN2Z+CHIsk7RdOrjGEeHDQl5ggqzphsGXhfQNkmO6OW8sWtUDPlbnvdAbzYK+RSEstbIKNtoy6/bdGihb5ydwV+R5ljaxI1TiSjwZVMDuwrGtcpEuFHyA/FkkVv+Idx5Stkx1zDXW02R61YiZ+8+sRMGGKsg+mL8R/Gq5rfH/bXwy1Ddw43GFtAk9OzT3sEcok0Bl2KVPfJeCnorD09zZ1dOjbu54ZJNGwWu4gqgn7lQz0noFKSpE9EcT58MlVH6LVTT4prtHU1FRLAGYU9dGNrtfXsr1BFW/VU/ktagKPPJU5GZkY8h8LsC6rprdn/WMDayr/aW81Fs6VxhWV5x8lcHnaiR0y+JwWWgyffhesQZbxxVUO3iAPLxL5fFLodCBTIShhMi069xqCrF410GYiyxhahokQgKHQUJQkvQMDxi5MTPDzvs35kRaRhs6DM+8duiygEI3gVxaKS6axeymExMIwe9ZPmKmkEK3KRd8TZFR6sZIpKS9qDhCQnIBm20RhAPBRenLnlvgV9PQbvRfv0HsC0mCYmTZeelDbkgNFTHjX9dM3y/QnvPMBEcHCGHXiC8j2ZJ7fC7ReiUVSav8xL5NBjGsooZBMAF3ChHsw6pU7e9qwvZcNefmJNnnOR3VZYD7kA8RxEueiA4o5aEoHW1fEAMzONjWlpcmFPPq5zwoQQkOxMc5G9HUsz9e5WLmnHdkhB5KmKETWBbgl+KoAx+oxckc72nnOb5CP+UXl/y1UrUt1X0d3K7yPiuzt8EoR+moJ/APwb46nSJ4BzsIVnXRE2wIUGIgkuHniP5C4FLXx0vA2mpylya67/yfGLztqGrLDTYEZk5YwTL+C3y+k53tvXm1VkrnTYdK2wtHa301GWALY0k6eoapt7tCQ0tkk1+k1blbdIxJ4Q8Q2wSI+FxZ7JovIuupwajUJqMvAhjmYX54hbgZawgA29OwY875VjSrnq++x0ELPQEoDvsr/DV4IaJVKMtoHbKik6rwttpsJche4Ar1oQOjZLfgNwCOFeeuGITqLyfX0Oxby4G+Q7RTae2QeJhYWmSDXsI1GoIL3yeaM7/UEnl7dNwXjuN/3nv6vTcMFd3MaME038ftcbMmbdZsuzdpNUJAboIpjWMJBxct0K4wJyr9xwFfAgBBqYw0UDUfONCuPHri2S7IQA9mG6oDP3kh333ChnponNGbf23Hc97r9CtmW3L1KYpqQbeNIgmKGKoYA+mBuBwCDgQZuBc=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-08-06 13:03:59,509 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:03:59,509 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130359Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_12eec306-e015-4356-b80f-a27fb0240d6e|https://moveit.eastus.cloudapp.azure.com/6899/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8350276b202dab0ec2dd21d6bd56951a|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL|_bd869a8fd0e0b64d1268673306f26a05|
2020-08-06 13:04:02,710 - ERROR [org.springframework.webflow.execution.repository.NoSuchFlowExecutionException:?] - 
org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s1' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.
	at org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.getConversation(AbstractFlowExecutionRepository.java:172)
Caused by: org.springframework.webflow.conversation.NoSuchConversationException: No conversation could be found with id '1' -- perhaps this conversation has ended? 
	at org.springframework.webflow.conversation.impl.ConversationContainer.getConversation(ConversationContainer.java:126)
2020-08-06 13:04:02,710 - WARN [net.shibboleth.ext.spring.error.ExtendedMappingExceptionResolver:?] - Resolved [org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s1' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.] to ModelAndView: reference to view with name 'error'; model is {exception=org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s1' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows., request=org.apache.catalina.connector.RequestFacade@1bad7ff5, encoder=class net.shibboleth.utilities.java.support.codec.HTMLEncoder, springContext=Root WebApplicationContext: startup date [Fri Jul 03 14:39:58 UTC 2020]; root of context hierarchy}
2020-08-06 13:04:11,444 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:8d061f0e36cda919c9194a469f6b90cc553d29801fd0350b2794a20aca17e962
2020-08-06 13:04:11,444 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:04:11,444 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:04:11,445 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://sso.legendonlineservices.co.uk/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_2a87cb0a5a97baf447a44316ab429913"
    IssueInstant="2020-08-01T19:07:27Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sso.legendonlineservices.co.uk/shibboleth-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-08-06 13:04:11,451 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sso.legendonlineservices.co.uk/shibboleth-sp' from origin source
2020-08-06 13:04:11,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:04:11,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:04:11,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:04:11,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:04:11,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:04:11,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:04:11,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:04:11,451 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sso.legendonlineservices.co.uk/shibboleth-sp
2020-08-06 13:04:11,452 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:04:11,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:04:11,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:04:11,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:04:11,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:04:11,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_2a87cb0a5a97baf447a44316ab429913', issue instant '2020-08-01T19:07:27.000Z', entityID 'https://sso.legendonlineservices.co.uk/shibboleth-sp'
2020-08-06 13:04:11,452 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2020-08-01T19:07:27.000Z', message expired at: '2020-08-01T19:13:27.000Z', current time: '2020-08-06T13:04:11.452Z'
2020-08-06 13:04:11,453 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageExpired
2020-08-06 13:04:11,453 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-08-06 13:04:11,696 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: S_UiDMiPJPyHNXbZBBfAV6rVK_tMiitbjcZlR302ZG0.eleywOrt3FU.qa-frontend
2020-08-06 13:04:11,696 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:04:11,696 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:04:11,696 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://reto-k.dev.starmind.io/auth/realms/starmind-sut/broker/samltest/endpoint"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ID_c2bce56f-eeb3-42b1-80c6-aab5f4eddd1a"
    IsPassive="false" IssueInstant="2020-08-06T13:03:50.245Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://reto-k.dev.starmind.io/auth/realms/starmind-sut</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</samlp:AuthnRequest>

2020-08-06 13:04:11,697 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://reto-k.dev.starmind.io/auth/realms/starmind-sut]
2020-08-06 13:04:11,697 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2020-08-06 13:04:11,697 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://reto-k.dev.starmind.io/auth/realms/starmind-sut in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2020-08-06 13:04:11,697 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2020-08-06 13:04:11,697 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://reto-k.dev.starmind.io/auth/realms/starmind-sut
2020-08-06 13:04:11,697 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://reto-k.dev.starmind.io/auth/realms/starmind-sut)
2020-08-06 13:04:11,698 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2020-08-06 13:04:11,698 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-08-06 13:05:45,581 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-08-06 13:05:45,581 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:05:45,582 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:05:45,582 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="a24181icf3c304e61gicc4fjb67ag4i"
    IsPassive="false" IssueInstant="2020-08-06T13:05:41.852Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ottosandboxb2c-saml-sp-poc.azurewebsites.net</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#a24181icf3c304e61gicc4fjb67ag4i">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>mX1SFsOm0qxK1Mr5KvWOwaf2uCg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ERXiBfy675FtZSbEcG/yUEwC3ILXgj3hxvb3nbbFnm9bvGcQmpWksum8dIsrgNBx0gx8sKy6Lqq//YHddnGk6zGXD2Y0x37NA5gTctvzR3s/ND2FaqotRpIhnYZZn31vB/a/5qIKwk5HT1r8slMVvgHcJEViQCtrNZa0WnDA3q3uZAKmwxOt5/Kst2jzSxorcFkIU2Udr5+Yj7aMnMY85u6h8WYsLQv21TZlukz7RRTotcYpvzTYqMugjBXPCXIGnEj5TtC/TcKIoz2YdwJy/lv8l/7yDmRtmkC9Jaw2RuzCJFPcn/a0Oc+zcb9lXI6ExLb/IWPfVYqwc0RQ6w1i9w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-08-06 13:05:45,587 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' from origin source
2020-08-06 13:05:45,587 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:05:45,587 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:05:45,587 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:05:45,587 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:05:45,587 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:05:45,587 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:05:45,587 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:05:45,587 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:05:45,588 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a24181icf3c304e61gicc4fjb67ag4i', issue instant '2020-08-06T13:05:41.852Z', entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: ottosandboxb2c-saml-sp-poc.azurewebsites.net, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:05:45,588 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a24181icf3c304e61gicc4fjb67ag4i"
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a24181icf3c304e61gicc4fjb67ag4i and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a24181icf3c304e61gicc4fjb67ag4i"
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a24181icf3c304e61gicc4fjb67ag4i and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a24181icf3c304e61gicc4fjb67ag4i"
2020-08-06 13:05:45,589 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:05:45,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:05:45,590 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:05:45,590 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:05:45,590 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:05:45,591 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:05:45,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:05:45,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:05:45,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:05:45,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:05:45,591 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:05:45,591 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:05:45,591 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:05:45,591 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:05:45,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:05:45,594 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:05:45.595Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:05:45,595 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:05:45,762 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:05:45,762 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:05:45,762 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:06:14,246 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2020-08-06 13:06:14,246 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:06:14,246 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:06:14,246 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_9fd4867a-f075-4bfe-b22c-422642b3b076"
    IsPassive="false" IssueInstant="2020-08-06T13:06:13.041Z"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://moveit.eastus.cloudapp.azure.com/6899/</saml:Issuer>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <Reference URI="#_9fd4867a-f075-4bfe-b22c-422642b3b076">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <InclusiveNamespaces
                            PrefixList="#default samlp saml ds xs xsi" xmlns="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </Transform>
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <DigestValue>re2cQFUS72rcKM95B6Ww2JltOZIv+mJLFaf6Tz85UIs=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>CVIJD6ZXIi3dEX1B1TP7Zsf4mbaDKzdxujUg9URcXK8bDgqn/r2/FFc05EaKVwZFdTpSQbGVxSI0IrFDQXyhhZjfl+iGXKmxLGy46nzNWm7egpobR+7VrNRB9kLI2U8h41XMwbdS6tTddNI0Rmbd5gh5OYV4EiPgB7j13CBIdMA=</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509Certificate>MIICKTCCAZKgAwIBAgIQZTT+hOyYEbJKTeSyJyyY+TANBgkqhkiG9w0BAQsFADBTMRswGQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNDAyBgNVBAMTK1ZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMjAwNzMxMTE0NzU2WhcNMzAwNzMxMTE0NzU2WjBTMRswGQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNDAyBgNVBAMTK1ZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIFNpZ25pbmcgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOzZbddUxFpjK/WG6CTL/u1IDD53+wk5tf8dJvq/z20HWZgZB9Uq/kIeFhRebOz2jA6wcvMVv1GcZ5y9pHaLu7eEQ31osheJmNK7wdZOf3fQ2gQEMjSVC0MkA73M36duMagtjpQNDVVvWBZr4E4R/dOnQRrXforQUuI6DKLWrnvBAgMBAAEwDQYJKoZIhvcNAQELBQADgYEA2jzdCoxd1M6IKXd3whOrwBVVD8++xJycVfy/azCW2PpL3D+GqTpqUOFOJVtg6dGFQ5A2PLrA2gHX48jbu+wirC7xU5QbAtikY9PTdaDDJuzR7au7Q6bTlm4cEJEhKr1+HRm2vRJ1oakxSLEDMY2HAyQSSwhLEpwkdafYd+AA39o=</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</samlp:AuthnRequest>

2020-08-06 13:06:14,251 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://moveit.eastus.cloudapp.azure.com/6899/' from origin source
2020-08-06 13:06:14,251 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:06:14,251 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:06:14,251 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:06:14,251 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:06:14,251 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:06:14,251 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:06:14,251 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:06:14,251 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:06:14,252 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_9fd4867a-f075-4bfe-b22c-422642b3b076', issue instant '2020-08-06T13:06:13.041Z', entityID 'https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:06:14,252 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://moveit.eastus.cloudapp.azure.com/6899/, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://moveit.eastus.cloudapp.azure.com/6899/' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  modulus: 166321257288823104771128801066816864313508571863601390543013545133120205785261110610751340234196350511629891146256035820135915146409380604387125098174838064111727943990583480526557772786907140964251568694338643572469666137089175956758574284364261130014857080514325081382197164151047187227455666983789315128257
  public exponent: 65537
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9fd4867a-f075-4bfe-b22c-422642b3b076"
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9fd4867a-f075-4bfe-b22c-422642b3b076 and Element was [samlp:AuthnRequest: null]
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9fd4867a-f075-4bfe-b22c-422642b3b076"
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9fd4867a-f075-4bfe-b22c-422642b3b076 and Element was [samlp:AuthnRequest: null]
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_9fd4867a-f075-4bfe-b22c-422642b3b076"
2020-08-06 13:06:14,253 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:06:14,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:06:14,253 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:06:14,254 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:06:14,254 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:06:14,254 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:06:14,254 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:06:14,254 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:06:14,254 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:06:14,254 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:06:14,254 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:06:14,257 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:06:14,258 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:06:14.258Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:06:14,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:06:14,258 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:06:14,258 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898
2020-08-06 13:06:14,258 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898 to 2020-08-06T14:06:14.258Z
2020-08-06 13:06:14,258 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: No active authentication results, SSO will not be possible
2020-08-06 13:06:14,259 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:06:14,259 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:06:14,259 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:14,259 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:06:14,259 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:06:14,259 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:06:14,259 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:06:14,462 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'moveit.eastus.cloudapp.azure.com'
2020-08-06 13:06:14,462 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:06:14,462 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:06:17,594 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: Wx4K9jw0v2QuDuKwoV1I9HBVwkHrfo0Q4Rkv9LzbFx8k6NiACgwwSbh2
2020-08-06 13:06:17,594 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:06:17,595 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:06:17,595 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://sketch-sso.eu.ngrok.io/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="id-fa6e33b57685f0e730a98d7656ef3572bc761fff"
    IssueInstant="2020-08-06T13:06:16.373Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://sketch-sso.eu.ngrok.io</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2020-08-06 13:06:17,596 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://sketch-sso.eu.ngrok.io' from origin source
2020-08-06 13:06:17,596 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:06:17,596 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:06:17,596 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:06:17,596 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:06:17,596 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:06:17,596 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:06:17,596 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:06:17,596 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://sketch-sso.eu.ngrok.io
2020-08-06 13:06:17,597 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:17,597 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:06:17,597 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:06:17,597 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:06:17,597 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:06:17,597 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fa6e33b57685f0e730a98d7656ef3572bc761fff', issue instant '2020-08-06T13:06:16.373Z', entityID 'https://sketch-sso.eu.ngrok.io'
2020-08-06 13:06:17,597 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://sketch-sso.eu.ngrok.io' does not require AuthnRequests to be signed
2020-08-06 13:06:17,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:06:17,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:06:17,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:06:17,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:06:17,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:06:17,598 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:17,598 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:06:17,599 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sketch-sso.eu.ngrok.io/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:06:17,599 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:06:17,599 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:06:17,599 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:06:17,599 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://sketch-sso.eu.ngrok.io
2020-08-06 13:06:17,600 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:06:17,600 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-08-06 13:06:17,600 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-08-06 13:06:17,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:06:17,601 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:06:17,602 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:06:17.602Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:06:17,602 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:06:17,602 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:06:17,602 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID fc6de3c313c7fc7b0a1cb5db6bd63646686707a5ceac3af984b6e04ef0f890cb
2020-08-06 13:06:17,602 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID fc6de3c313c7fc7b0a1cb5db6bd63646686707a5ceac3af984b6e04ef0f890cb
2020-08-06 13:06:17,602 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:06:17,603 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:06:17,603 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:06:17,603 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:17,603 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:06:17,603 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:06:17,603 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:06:17,603 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:06:17,785 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'sketch-sso.eu.ngrok.io'
2020-08-06 13:06:17,785 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:06:17,785 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:06:24,175 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-08-06 13:06:24,175 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:06:24,175 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1711120686::identifier=rick, context=org.apache.velocity.VelocityContext@75483d3e]
2020-08-06 13:06:24,182 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1711120686::identifier=rick, context=org.apache.velocity.VelocityContext@75483d3e]
2020-08-06 13:06:24,184 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:06:24,184 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:06:24,184 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:06:24,185 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:06:24,185 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:06:24,185 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:06:24,185 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:06:24,185 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 5248374fd0f7dd8035ec4b763a0f5621b4b7f6feba40bf04d35b229c884487f5 for principal rick
2020-08-06 13:06:24,185 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 5248374fd0f7dd8035ec4b763a0f5621b4b7f6feba40bf04d35b229c884487f5
2020-08-06 13:06:24,185 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:06:24,186 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:06:24,187 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:24,187 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:06:24,187 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3d323aa7'
2020-08-06 13:06:24,187 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:06:24,187 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://sketch-sso.eu.ngrok.io'
2020-08-06 13:06:24,187 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@3434c51c' with context 'intercept/attribute-release' and key 'rick:https://sketch-sso.eu.ngrok.io'
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://sketch-sso.eu.ngrok.io' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1627123841867' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3d323aa7'
2020-08-06 13:06:24,188 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:24,188 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:06:24,189 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:06:24,190 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:06:24,190 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8a3efb8b90a221da395de8a1e33cfa06
2020-08-06 13:06:24,190 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8a3efb8b90a221da395de8a1e33cfa06 to Response _3f46cfc93d622f47a27df48c54fe213f
2020-08-06 13:06:24,190 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8a3efb8b90a221da395de8a1e33cfa06
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:06:24,191 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxpc0XA7MsIpjDAyaPxvXHNI/BpufPxOjB74XsqHAwf+f9AdR1kvJ8OqdJgEzNGY2KtWmmPiQRlMyWog9KHmbfqyxELKuqtKWwd76j1flDeHg2tih9A4A/vSHZosxXps91Eg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-fa6e33b57685f0e730a98d7656ef3572bc761fff
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sketch-sso.eu.ngrok.io/saml/acs
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _8a3efb8b90a221da395de8a1e33cfa06
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _8a3efb8b90a221da395de8a1e33cfa06 did not already contain Conditions, one was added
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:11:24.188Z, to Assertion _8a3efb8b90a221da395de8a1e33cfa06
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _8a3efb8b90a221da395de8a1e33cfa06 already contained Conditions, nothing was done
2020-08-06 13:06:24,192 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:06:24,193 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _8a3efb8b90a221da395de8a1e33cfa06 already contained Conditions, nothing was done
2020-08-06 13:06:24,193 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:06:24,193 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://sketch-sso.eu.ngrok.io as an Audience of the AudienceRestriction
2020-08-06 13:06:24,193 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _8a3efb8b90a221da395de8a1e33cfa06
2020-08-06 13:06:24,193 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://sketch-sso.eu.ngrok.io to existing session 5248374fd0f7dd8035ec4b763a0f5621b4b7f6feba40bf04d35b229c884487f5
2020-08-06 13:06:24,193 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://sketch-sso.eu.ngrok.io in session 5248374fd0f7dd8035ec4b763a0f5621b4b7f6feba40bf04d35b229c884487f5
2020-08-06 13:06:24,193 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:06:24,194 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://sketch-sso.eu.ngrok.io and key AAdzZWNyZXQxpc0XA7MsIpjDAyaPxvXHNI/BpufPxOjB74XsqHAwf+f9AdR1kvJ8OqdJgEzNGY2KtWmmPiQRlMyWog9KHmbfqyxELKuqtKWwd76j1flDeHg2tih9A4A/vSHZosxXps91Eg==
2020-08-06 13:06:24,194 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:06:24,194 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:06:24,194 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8a3efb8b90a221da395de8a1e33cfa06"
2020-08-06 13:06:24,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8a3efb8b90a221da395de8a1e33cfa06 and Element was [saml2:Assertion: null]
2020-08-06 13:06:24,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8a3efb8b90a221da395de8a1e33cfa06"
2020-08-06 13:06:24,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8a3efb8b90a221da395de8a1e33cfa06 and Element was [saml2:Assertion: null]
2020-08-06 13:06:24,197 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_3f46cfc93d622f47a27df48c54fe213f"
    InResponseTo="id-fa6e33b57685f0e730a98d7656ef3572bc761fff"
    IssueInstant="2020-08-06T13:06:24.188Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_8a3efb8b90a221da395de8a1e33cfa06"
        IssueInstant="2020-08-06T13:06:24.188Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_8a3efb8b90a221da395de8a1e33cfa06">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>5pRFEJZF1H09YHTl1G1go/RLhBaGA3MpcrlK5mwlRb0=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>j0jg5IG5A609E1UEVDvtuuok4KKocviRi5xMHYrsrGGCTgc6DEv6pBkaG3v6ePHNsfpg68ucVKvXRxQo7ew1qudZywqoQVkxklXpSpubYhFHjNF2HzkPrKLgrR/NyNko3CVnRyKpHl4DM/H1g8VrB6AcI7qtHt2sjTSnSHmrAwbtfY1Op7c2b3CXiq0EQY3dOzk+ZnZeZVtbRVHQ1XU505VJu9VN+AmS1SVe/GFqVz4FHTXe5i/lmED2Cxxj7HJUhSDsSreNATDBTlnQi/gfBi3J766YXdsW5wr3n9jAhQQeP61YmQ5jsxm3HiYS5mZ4PTqp6Gu8jh6qoUx9QKu2MA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://sketch-sso.eu.ngrok.io" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxpc0XA7MsIpjDAyaPxvXHNI/BpufPxOjB74XsqHAwf+f9AdR1kvJ8OqdJgEzNGY2KtWmmPiQRlMyWog9KHmbfqyxELKuqtKWwd76j1flDeHg2tih9A4A/vSHZosxXps91Eg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="id-fa6e33b57685f0e730a98d7656ef3572bc761fff"
                    NotOnOrAfter="2020-08-06T13:11:24.192Z" Recipient="https://sketch-sso.eu.ngrok.io/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:06:24.188Z" NotOnOrAfter="2020-08-06T13:11:24.188Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://sketch-sso.eu.ngrok.io</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:06:24.184Z" SessionIndex="_26e702989ddde6bed6e5c757f78a4b38">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:06:24,198 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sketch-sso.eu.ngrok.io/saml/acs
2020-08-06 13:06:24,198 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sketch-sso.eu.ngrok.io/saml/acs
2020-08-06 13:06:24,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3f46cfc93d622f47a27df48c54fe213f"
2020-08-06 13:06:24,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3f46cfc93d622f47a27df48c54fe213f and Element was [saml2p:Response: null]
2020-08-06 13:06:24,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3f46cfc93d622f47a27df48c54fe213f"
2020-08-06 13:06:24,199 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3f46cfc93d622f47a27df48c54fe213f and Element was [saml2p:Response: null]
2020-08-06 13:06:24,200 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:06:24,200 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sketch-sso.eu.ngrok.io/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;sketch-sso.eu.ngrok.io&#x2f;saml&#x2f;acs'
2020-08-06 13:06:24,200 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:06:24,201 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'Wx4K9jw0v2QuDuKwoV1I9HBVwkHrfo0Q4Rkv9LzbFx8k6NiACgwwSbh2', encoded as 'Wx4K9jw0v2QuDuKwoV1I9HBVwkHrfo0Q4Rkv9LzbFx8k6NiACgwwSbh2'
2020-08-06 13:06:24,202 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://sketch-sso.eu.ngrok.io/saml/acs"
    ID="_3f46cfc93d622f47a27df48c54fe213f"
    InResponseTo="id-fa6e33b57685f0e730a98d7656ef3572bc761fff"
    IssueInstant="2020-08-06T13:06:24.188Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_3f46cfc93d622f47a27df48c54fe213f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>JslN4zsoWTIKXrbGhEqKLyPbDIC8TDNZYKzYsAgHljM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>RUcHGEGwQuEnVc0mOA0suQeZgQ9BaoZ8IkuAO+dsPMTTLsZigNmUMLgw9nxaQKcJZESwluu26nb/ni1TsgYT7CeFOP0BwK/qbgsHtuSTVMw+uGp52C/MZk8pj1PGQWP4wbOpTGxubrOwZs5j/ZTtYhajoPBMtoNUc7YQeHmNv1AvC4iLnAmhWjCL3E4epje1RN8CjTruDedU9ISWMtYT3UQXbb9QFWwBqrU3mwSgVCWDJ7tYqUpwHjetNrSBEnzN708xjEK2BEQvsS60ucjCwhFLBqwgjcRWeQIKdt1sZ6f1ZQkxckMIySce6241/7XkkliEdPcHyel5uKcJ95M8AA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_2fd8b3f73eb02be13e204f61fdc14c47"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2f18fcf6bed14b82bf7dd48a1e8fb102"
                    Recipient="https://sketch-sso.eu.ngrok.io" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDJzCCAg+gAwIBAgIUBT2lemTMW/S3vzImXFwwSGpUJv8wDQYJKoZIhvcNAQELBQAwIzEhMB8G
A1UEAwwYc3NvLXRlc3Rpbmcuc2tldGNoLmNsb3VkMB4XDTIwMDYwOTEwNDYzOFoXDTIxMDYwOTEw
NDYzOFowIzEhMB8GA1UEAwwYc3NvLXRlc3Rpbmcuc2tldGNoLmNsb3VkMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA6HKmBtCoPvzkooJir1sgtHKCoSDuGabZO7Narhul5VHaSO+gl1Bv
h9KmHb6xj9VmY/UKFkwWdx8QgamGOFbc2lcB068kb3zgo8O7wUWeZfbZR1dSsGVAuQ17t4dX5g/2
gQeaw/bh14JS+HsR5yH4LYx4g0TqKoCNM7R5V4AnfuuszjbqxBzL8nsb+DcQ/TGv6upzIpbZ/ggY
1l8Vi1j1SpvWvgYczkGHbu4JAuyUhrqmcDkWxmEkpBdMQJ/9ENOccCQW5LSVKSYNlg0ywnuo6SHQ
wiIX/1KNAv11VXqXdutOM2R/x56g8sZOfifS8oKriOHAqdocruxdcgGh1lLVXQIDAQABo1MwUTAd
BgNVHQ4EFgQU1krhgFOnGmp+/IvpZZ1ontngW3EwHwYDVR0jBBgwFoAU1krhgFOnGmp+/IvpZZ1o
ntngW3EwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAozsy8cYpEkX14UBMbTTg
2sssLRohGaXosfMn8jh/yriEQWZuelkMCldmqXNC/DdwDGhD8/sq9pnfqzplXZF8Oj0WUTko5vNk
N1psw1gk5YnLrnv9gAWag5NbfOWXzWb/6iB6pYvjQ/36Sj54NgoNNiYRzc6poUO2huwlM0Ix4sYG
P0hWr0j9IDww6cH1XPjpbLeX/YZOXaE2gOkUyKOOsO0fDsHyZyZnaozS0GnCPTy51jGy1HKZk+zr
gKQrcUJZjQPyeKvx0pJEk2xOHpf0QwX4oDA+i8xJ4WQzk7J73MPa2A+LoOlf8Mw9eYMwfUrdspfI
Zz/F8aV8g4a9F1b7sA==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Uo4SvlmvvwPEN1YRPafAwIUnrkaxmivY/gJ+duTgN23lv7W2oJFwrZZo96guAmSU025RDaEDog23xm+Fy1aXnlDclcm6M30SgLgyAecydo+08HkgV54WUqCb9/NL9i4LBVJYHCuqZmn/j8Clh5y1u3hvHL4qAiaSCTfUirvOB4LgbV9ErxVFBT7mYRF5xz/6EGpWDcJ36CVxIpSg1eccV2Lou5jyPWiOM+eJyvfKQMPamUqw5QVoYlt6So15KE1OFjaOzEsWJTQa0ElFg6FCmnuSuFiOMNxx99V7vyqUwguzGSIvaC6dZ0A2A9j9Tkg47FdDR2tQYmx8I0mFARNqUQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>9HjNDKt+uKMkr6n4bcY7+0h+Hu/h8QMnA6Es36OOVmBy6RrzsSYxBfmeJnqtfUKYjFWH8UtRlys4u3OXfc4rlIQl8EJdLGN2zcvx3X7GF670N5LoRhz2dfI7gLFappm2dC4VbA4cX6cZemqLkR70cTu6wfRousvnkXKJumDHpCRhcqtZx9dSgH9sBfBKAvHYtlqIOOlbGc282sKJ82m3/08RoEO8zTMMABHQbdYWD7x2PRSl8R9T11JLxoEww8+UWjGivDk6At4ySua+Pnqe2MvjekIWGmHwswSDkSc27M3YARboyOdnKPacr+/+yxn1p8K6Vi3R6Y3KIqXFhln1BRBziyVgrCTxNun/5N9YxI7OkZg5gxzWjGfzIV0XydTqt/jQjG/LI+Q0N4n+1ZQ9N1GXGgsW8G9T3PKnllgg3G14pesHinVkwmS+Vy1QSyghM0AYwxMO6kBzmS6WL3QhxZ6SMNqiDnEUHxLNSG0wS+j26Mx/A46TWCZU1f6hwgvCxYtM2WsYg+c5fP2G4tl7JOlvVJAjtufqsI/mVjT4sJ8pNk4K7//5S9NQOssEQFY5mdF2eRPSSws0VC3b0MwUGgnUwXq3zjRVYCxhT8YJbIOoD89aw1LjBjWaevtQ+6M0PYBR/+D/GVse9L4+YxjXGPUBd2yO7BuoQDfMYvNnbgSTpJv32dxX3c0h5PQ9QcOF/4NfMCVB34TU6KZM9bbsLuF1qxHU0j+jK65IluZIFHPpWPH0iOd0Z/ZxBn3VNSxYeC5stVoIzMbehc60nNYlbsnjz4rKArkjsFtW91AMYKQAcQNo1RQGhpwVNIMMAyfI6fHHMK8R2ykojSa0jgEIUFjpSZ9i+qHjwaHXuZjpFG0OQjPaurcbqiw4Nnjyb+FQvTMgkoJDj3/nRust2rzWoYa6m7Kpp8yMF699UKXGCgXRUM5YUPIm7wrrglZ4kJgcniGVL48OnmC63rStmzZ+Iy8xiDynTMg7nXUbUblV+XgPdwqtHjPqi1qg9X05oTZwR6Gj6bhJeqAguX+8hEj6dSh2JSsTEecUK0+aBB7WtBsCyYWizMlyliFtZsllT29dBmyKmBTsrCfwsgG4AQNCbKPj4peipncDwXUCqrM1Ln2OHqEOCK0enISWKB98FMP64i+MWNG97oGv2UnivB2sckZ0HBlgeTZh92P35ZBNWx5aHpcz+FYQ8iphyJ/ON2zpmiqYCwmX1C63bMcTXKfbiMtMbC9xSYRhYbCSMpdhDqq1qNXtlAgrpcHH9iMEAB73tJLIxJDYU2Jx6ZJnsBijOOZ8mKIekv90BqDUuY+V1m4t6IFkHOf6obrij4CifiYgJR0DhVpSfhlFrQCddslkFtoMZLiSH/wcmEHfGcaj9BxdqKM9ZeeR7uDRg3ShJRR5UM8Gro/cKb6x9EYvO8/ZMiSUDpmL7c2Q7Sq6vOB1X/81cW2wKGTXDPX9EsM3CHN2b/ou4ti41iR1KpUBJNHNauVaO1GFPIOY35AeMDDPYVtn1/qLxFeXSQihmqB45yi+aqvAYK8kHJYBR8zlwKd6A9Up1BqYbo9J3Lo7NipU5v/wBXMExy/jiB8q6o3lmfug07Wf93GNFLUlCFf0LK0vB++lCpL8KzC8bMpCym4IrHvmryl1YbuMG04WLP0iPeVlUKkZSjr1pGKWEZP+k/v6aiQcG0SdPGOV1k8eSsH/2ORfDpIui7bEKIa9Dy0xmXw+HHCL77KzT+ru/KKgqMnDdGbecRwI4n2PxymV1YmBxWTLsGTZBC/cWBcKlJzI3QHRstXOdim7I8dKhxhpiEZ9VnFYVHbG6v3J08Uep6WbHleL26Jbb98w0WYjUCD2P/SVLCSwGzVf5I/jDHXHITARpyT3z3te8jPuf0QspqWAKEGpr6Ertrvg1ewrwqf9w9jHd8nhvHXg1DqtRtWB1bFYsUgm/6v9yUhkalgNGBcxYg4ZWcyXbGAjH7GOSSh97UDqbH0A/DrIioObkhbn1cxwm92Z67+3rKhxLh2uZsSR4bjw9ZaEcU7DVrzzaTeODxdSg6LaNuqudP0D6bl1ugS45/uJpDbNfkeCuqXrXCwyTnLMKC2Ov5HwFi1uL6MXy0zunHtFuxCk6VdL8DmQqaLS1ufIQiELcCBkC22ZF8fN5J3bkhoFY0XJ49jV7Ux8PZDT+5Mn3loNWVzB6IqMCN3IjAGiPWVnWr7Rt2q3Udl0crnDIZu+dq4e6R9O/01Ou6VxC444Q8GEt6NFHH7NamEkP2IqKAsjkNC8BMP9Vnn2zz4YmclskWvqBBr7s6tkTK7g7jEMH0oXpqDvgcVOlRKa1TRg6ldqR/Tok/2ZIO/wpdB64Sz5YzBTRiPOwT4/eBstOtrqRv4GU5fM2OCkm4fPf8KCYIBiKtZ2LoDoIvUJfFnxs5aATH+CW41k/IGLn1E09pTewpHgL5IRL6ZR1zAwVR11KMjj/OIQxQc3NyRtJ3OnXBB3+V9/TeReaJ3MsbIa6sJ1pwFMqGAQ+f3xofYjqPxIaasFG8Rr1w6T6HOqPdFz7y7kaSgLMTiQFPrK69QCVX5xspPDCoutNz0S0vkMJJY7z26Zq9WCea7gVwl7GAQ+Hw4RpfHHqzDxuJQdAnAS4ApdXAYOMEQULTSrWF5PS/t6cKRWyzyfGIikkIKfm4UGC6roRX4LWjGJBEGjhxLPexICAksO9yR/0qXq+Zvd+sm7OgaL5WyduuTcHdtCQBJQoQsgW/vwFZMlDfvdkRgcjVn/lcEHZ2HSHpMKzPN4piXJdPWTrKcIlnvcsBNvZHG9jxd0P0oCHioKAwQFDW3Q/4nHo6HPyRJf6qpLj0kBIZErTeM3SktoGrO+6tOrH/gFf64OsGJtRSPLrsT2VkMr/xwFR5SvSQfMaHrNi1sQ57iMbpwlVLn7EuTURiPwUA+fPDPx0N/Wtb2cA//dxheqJqyZDFcVjzoYXER6reQsRoT9IhJwqNxNef50mGiO9Mw+/FmWax5/6FoOKZxx7HE6WxfwIwtB53cfn9sP9K9udutFCzH+8zegGq22/0tRVCdx2hVR9gAKa/BrFJX8jLo9OrcKEYlvx19iv4b7zkTZ3ZAIV/Z3q0g9ezis89zeRFofXNpHqm+7w9/dGnWbdXo8OkzVDDdja40bAzRlgEyyoDupyxEG+GSO0dTR1niPOH5/RKceXKFt84JLEv2NvnGzboc+fmsgavcsXsTt+cQ7a5NhL+feN/R16TSgoYH/uKZummxc0hlO1aEZbamnAnMChRiJhMSpa3kmN1rn1OwPrQ2TtPHfYgJZP7v0Mt5h+hnkMhAJRhtfyQzGLxXwjA5neAwpfRZHKqD9Vfhsv0sZ71IEzZiY5ZCny1GrJvVrUM7x0C1qVJ4apI+jg+w1iYwLeoMV1Zq8JkdSdy4crWKbYUjDZjwkYRjQaw4DtEChmcT72C9Ew6uNLhQeyQYawmvhBuJ1s11o4f30ccjFfQg1LrLE25OtpeL8vXYDJHqAZMObc6WPOvxZ6g2zF49qKU2ZTNdD0LqMTgxG5u83WasGkhT15drCYOUM652RtQSP8cQdFLQ2Qfij3WLvvzinjSiDY8gL5u1yZ1fNFK/iKb16GaZeVFjWBiX4IaFv9W6jDPFqbQS1ZVMEMStKzy10NT8MMVnaK0TQ5RslxvGvSLPRP0KE3BNT6h8xPACNNG8zMcj57pqGLaeo58dofHbYE7KMcSbuH/tJuwrVsoNlNKIpCWARCwRrFPSWpBHGcLZ3SOjTP/3l6V/EZuo748vks5IF/JO4taysWdpOqy8AfMPuFJlTYy0qTr/ekz/vZvA8RkME8UswZRSISe6bwYia3D1WvYeBV0AY73fs+r/4nbljyJU9foux2ECr6aayhyoa8VCNkv5yjp7Duh4mQjLc2wzeehImX+ReuhfwzVlf+M5ldT0HUCZpEZ3q5pAQnB/KsvZik6wBUBVeLtj/srk8i8DPKTLm3p5yUAlcmSwe4U3r61CvtGT7uWPqOdDR0WS3QLrn9wtNY48pY0qNPSX7xxExfZoLb8zCwZQQlo7Sy6+GmntXFxoisQyQWSw5EA0FYedFQYl1nVY1mYpfNQZAP2bl3HiN5GANa+QRvBHx4k/IJ8vta8TE08D4mZ23rPnEoNYYuHI4v59cBFhjNqeOohIX5pTKIo47ye6NIQCYNlZzrOGW/+o4evQyEJZtaLphWRkpidYks4nJNjz2LPRECiWly0YOFI6O+cbwZScaVjRAg/Q6cGcb00ct+lV34glbXxrEsctVtkJyEe8LVkGStayxf5aS+QskAjEKW77xAWbWzIOHvPf9YI7uwJbpg3MBZVa27j2m0lc7xzjOcqTiI/0cEuWRch+oJF0zC6KqtpaGekJRUgnZ0Gjsmt4lNKD9BswtHy6g6s9WvvH1/PK+c5Q8E3sjH4/DhVTVhJnD1Lrs8k1a2gjf5464k+zy+LSmN/FR9L8XFah10wP5117bZ+Ehc5dxmz56ClhhgHXu5680B6Lczo12bT4dqrK6e8bd9eNK84Oo55S4H9o/m3/NZbCgnnLpEYF7wGWTxqKW6mDRlcVoG6fdRDooQ8XOGnKtOEUxDCy1l5o09E0SDkzPwK6gyIzPr0cZmDHYn+mgVm955yxZymLpmS+Ltdbj4tI7rrF0lEStSruNvV6p1hT8TcVJWakWNmJx4o6KYxjSuK/sS13fwnXv0d5KzlE1HR2v7cnX2T+bHIPCkfcQceP+1it62Y+gy+3Jb+CD0GIvJjog6rBqg1F9eCw1smSay/OE9sfvHORJflBzWPH/o3a3u8Y4EciNG+g0lBYKhaVyNl6qcSvsVzImiezjd70qkP5akI/O/FsN542T/7ygmaxhaVRFbrrx9ETdhM9JwuqTw0W7JHPvwZq8JwHIzl+86/2GIOK/6w7xK3gRFFHrpUv/5KOlW1j01xY/npGRNfMB2nsrMDuTpxI9CMN/8QcGUsRbqy1NYgYpj5TInfL+OZfK/+0q7u7eqxyNaK8qGiyE3P7UEkHpWHaTfcjb6MBHL9RXMJU/h5mg5lvROsBdDbIxJmz2e49ocgTuMOaCClHFthR1GKMpYcv9Bdb06bDq8CT2tOeMsW6Dr/fPADiSYfKxcDpGZbSfIdtT3LTAFxfXdyemZFTyKiDTlPBoIu23i0YSXYMMCimq4WqwtCDctLj/+kMBdC/G1Tvh810WueLBfm6kIKwSZ6mK3gPscc9eg/U9q+dwqBa93HOq7OAqVXUAjUKUytDl8pPqMnpvFn4aRcbY8rgPudZPswVWzNXIEyXALkSxZclf2gKcYN6R8/9DRIjuVSDGSIvIar1XmTDNwOh7ZKRxWVJ4ur9G4nt4XXa/cUP6NQEpSj9yPT0dQI1x4WB1xkcUeEzS9F2JrGNXPqnbP8qNoRnZqkE/mSEIYSf+b8v22mPY5AndVn9h4FSy33EgYWroOq3zDQwGMZdb04k9r4jxLhVkj/O6bg+7E+jlziZ5emfbNauclDyNaNFXhQ618tyITClqy9HQjdIrDKQu3/JnjpdxtKu4AdPnWYX9qz/dH87S4UD6h0pJTLr3ADkfRGdERvVSXpgKtdLuxj4EpezHYU/1LyFR01cDUPRVQKjOh2fbt5TLSxscK+q479KB90U7SjKcr0HijIDSCZVYFsBvmmx4IoKdt2UQN614QcFNlO6Q8b9lHXyX2X86VrYVVyVdPRbqSX/A9snuuIOG9HMwfUAOp1sW57M5xHgzX6eAZVQ1GvfExtxGbwmhJyPd6kZ7qf8LmxGpQnGILu4SahYfmG2YajXdm12++7hbzdb5kussB8miBoKXZ12TECJaGq2gIJnL4yXuhQtwAWaof0keBwV4mmtnAhoO97zpmGiqU7FdT2dTwBQTliij9qHpSx1622XoVKWMCskmi5q97lux6JblqCp06X30v+7dMiTxea4NAp1K8yTtFzaiTR7eXvX4Bfc1ZKtFcpOJQFMbhXMrMOiHfikNYPcTwyKhTt1MoWCMOA2Db+mWXsSYHxp2On0UgLbFWz2mxrAVa5ctSynIkVJyXBx+VqBw8CE/wVk0TakW1psNGZKgJxEHQutq6MQJpZnCF1iFFK90YaxarB8YCGv4O/39pAaQDwVOkyoOP8+u5H17+A3h3H/yuPkXAX6Ns7od81BwlYzoyiMxPKgJmNaQNKtlY7JSHEViXWVNWGPQ3h7HbF3vJ461Pb2NDLgiEvYvB/VQCKbrCDrba+ccC10SylJq6M+Ifr4tWQP3faYdmuatl+dJHWXOedOk42Abc76Ouf77CPXHl8SxAxgLun9vHTFY6Tbnqo5CCh7LXk1isPdGMbwAHkxRoz2LausxcgjQjw8oBNC/phsI/iczTKIegnkBPP++PWvSk4F139QkuUIE1zNqz/AgNV34s1vwAcTWvRsvN2YjrXTHXj3P9gOy1jvliyLQVpdGlBqDuysO+WDAxqfWZqxyCnDxoQeCwMR0lEPMUMFFCMTEUzT9/sYYyh/8uncpVIn/uMUu6oCRYE+3jarHL2NQ0Bn7b+VWIT5T4UxH+ewJWWQFJrRDxe2FSw3Yb2UAieo0VYO3sl8O7q65OKZ37GZThfQyTMM+6SwoG0u61FsZEURjzpyOhEwQM9qJbduea/QmKD/cCPYvQUt0DVyqTKOwsftvvD09CK0amqWsFwSAePDsXwm2Y32xNsF1gmtE/J1tIhktLXRlCCOr1Uu7PM3zj2hf+10ozVbesQeFB6uy3mw1XRvisWzsvvTh3He25CeWnoNGTYRnZLP8vYLYl75IU+6XF0v/eF3PVRdR30iiabnr3ocpJa1U9OYw/Ztqhnt8zBjup+9Ryoa01bgsAI8eIKurRNoKq8YczEAIPhqBdrEpA0AeZ8XTyetPegMetRrH7/6IAtaRURqoAXaoLDM+O+vLXdWp8Yejx8SuEA43a7YhHbR5F64dzOloUgr9xNwzLvBvPOuRELd4h5NBEjya2VE1neg7qusOxhDc6+ki5l1su0GWNHKH37tqrcsntlZeeezpzeJciplGzgyET47KhKF5u2VVo9KJXcm9r2iQWSU1P2w7euW6WGFA6CkvgOPaFqbcK8hjHdz44WSuAm775j0MkDGGoC9SusTlfWxW322RmD7cpxslRaIifYE2QAc7YLQApUHvZiik6+PRE27OYqgaDmp+Og+w8VdFsojTV4qm1o8g9g6aIap38xgXP46r58/x6l/SOb3xwg8fgWVojnbHr0eNlStMm1qm3PpzZ9XBKtW+jWyOGylFKiDHEdiOfLbU1KCLs0d8rHMUwHecmsAG6jQh4V0ELhrtBXobq12D+1ylzRNRINsV+ARuacJx2uhK0Y0YTcc80+VYTmaZCGdRhTb+WwazYIaR/JkYzixM+JpaJRbOz5fS0nCzSiTXcEHC8oUynTCGUEDXXzuwjRkXcDtUPkdSVjRd0bKLk1NC1Uaj+p17PPAGpjGqgYB75a7ML0iTBs8LPzGUvXhN2x3zukcTNTn2yaXzH2lRZbiw0EAldCTuuzAoGfw36lkhdpJ6VlygtIjnBfxiLDsqdCdofCnCx1WK73VTvSXFjn3IA95q20HetwuuNEDzcjNE/ibC/2Nd3m/jSc8ihUlR0jww3Tmuy6ixvOem5SkTxqEf+hhbzizd5c5NRXvEl+WhrZvgd9q42S0cA8gpyBllNRdOp3s6EOrrV+l5ZgSH8HPaC5xHjSyK8tCDhFXmGopAfGyuxuTysBW1AIaTCXmy4LTMNPjanIPOLqmZSwPEW9iaHw/wMf7L4qf/w6EvyBd6f2oH9olniENDoxAhSlinUQPaxB6ygtsv3Y5HxaztlK4bxouZvcthYY8izrOerWwp3mamAwqGgyX1JW9SOhgMsVdaDw9sfX6dOk8bHwcVmHvWP2qRMwTsSCg/f72kLClbs1pxOelO1Kj5GlVAGNU1bdXN</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-08-06 13:06:24,202 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:06:24,202 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130624Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-fa6e33b57685f0e730a98d7656ef3572bc761fff|https://sketch-sso.eu.ngrok.io|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_3f46cfc93d622f47a27df48c54fe213f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxpc0XA7MsIpjDAyaPxvXHNI/BpufPxOjB74XsqHAwf+f9AdR1kvJ8OqdJgEzNGY2KtWmmPiQRlMyWog9KHmbfqyxELKuqtKWwd76j1flDeHg2tih9A4A/vSHZosxXps91Eg==|_8a3efb8b90a221da395de8a1e33cfa06|
2020-08-06 13:06:26,551 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-08-06 13:06:26,551 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-08-06 13:06:26,551 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:06:26,551 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1866413375::identifier=rick, context=org.apache.velocity.VelocityContext@7e3624]
2020-08-06 13:06:26,552 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1866413375::identifier=rick, context=org.apache.velocity.VelocityContext@7e3624]
2020-08-06 13:06:26,555 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:06:26,555 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:06:26,555 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:06:26,555 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:06:26,555 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:06:26,555 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:06:26,555 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:06:26,556 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@c0800e8'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Deleted consent storage record with context 'intercept/attribute-release' and key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '["rick:https://moveit.eastus.cloudapp.azure.com/6899/"]' expiration 'null' as '[rick:https://moveit.eastus.cloudapp.azure.com/6899/]'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Updating storage index by removing key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[]' as '[]'
2020-08-06 13:06:26,557 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130626Z|https://moveit.eastus.cloudapp.azure.com/6899/|ClearAttributeReleaseConsent|rick|||
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:06:26,557 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Storage key 'rick' not indexed, nothing to do
2020-08-06 13:06:26,558 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:06:26,558 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-08-06 13:06:26,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'moveit.eastus.cloudapp.azure.com'
2020-08-06 13:06:26,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:06:26,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-08-06 13:06:26,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-08-06 13:06:26,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:06:26,760 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, Vladislav Antonyuk
2020-08-06 13:06:29,225 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-08-06 13:06:29,225 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-08-06 13:06:29,226 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130629Z|https://moveit.eastus.cloudapp.azure.com/6899/|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://moveit.eastus.cloudapp.azure.com/6899/, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1628255189226}'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'org.opensaml.storage.MutableStorageRecord@e09b44b' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:_key_idx' value '[]' expiration 'null' as '[]'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Updating storage index by adding key 'rick:https://moveit.eastus.cloudapp.azure.com/6899/'
2020-08-06 13:06:29,226 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://moveit.eastus.cloudapp.azure.com/6899/]' as '["rick:https://moveit.eastus.cloudapp.azure.com/6899/"]'
2020-08-06 13:06:29,227 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@c0800e8'
2020-08-06 13:06:29,227 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:06:29,227 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:06:29,228 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:06:29,229 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _74afebdfc67192b5fb2027ef4a3a202f
2020-08-06 13:06:29,229 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _74afebdfc67192b5fb2027ef4a3a202f to Response _1d57038e545fd2225de01c89b052d53d
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _74afebdfc67192b5fb2027ef4a3a202f
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:06:29,229 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2020-08-06 13:06:29,230 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-08-06 13:06:29,230 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:persistent, urn:oasis:names:tc:SAML:2.0:nameid-format:transient, urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:06:29,230 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2020-08-06 13:06:29,230 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _9fd4867a-f075-4bfe-b22c-422642b3b076
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:06:29,230 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _74afebdfc67192b5fb2027ef4a3a202f
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _74afebdfc67192b5fb2027ef4a3a202f did not already contain Conditions, one was added
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:11:29.227Z, to Assertion _74afebdfc67192b5fb2027ef4a3a202f
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _74afebdfc67192b5fb2027ef4a3a202f already contained Conditions, nothing was done
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _74afebdfc67192b5fb2027ef4a3a202f already contained Conditions, nothing was done
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://moveit.eastus.cloudapp.azure.com/6899/ as an Audience of the AudienceRestriction
2020-08-06 13:06:29,231 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _74afebdfc67192b5fb2027ef4a3a202f
2020-08-06 13:06:29,232 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://moveit.eastus.cloudapp.azure.com/6899/ to existing session 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898
2020-08-06 13:06:29,232 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://moveit.eastus.cloudapp.azure.com/6899/ in session 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898
2020-08-06 13:06:29,232 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:06:29,232 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://moveit.eastus.cloudapp.azure.com/6899/ in session 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898
2020-08-06 13:06:29,232 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:06:29,233 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 7a2d19a2dceda8960f97bc68d3305b9faa2355378b94e8694978099ab6b6c898: replaced old SPSession for service https://moveit.eastus.cloudapp.azure.com/6899/
2020-08-06 13:06:29,233 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://moveit.eastus.cloudapp.azure.com/6899/ and key TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL
2020-08-06 13:06:29,233 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://moveit.eastus.cloudapp.azure.com/6899/ and key TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL
2020-08-06 13:06:29,233 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://moveit.eastus.cloudapp.azure.com/6899/ was replaced
2020-08-06 13:06:29,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:06:29,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:06:29,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_74afebdfc67192b5fb2027ef4a3a202f"
2020-08-06 13:06:29,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _74afebdfc67192b5fb2027ef4a3a202f and Element was [saml2:Assertion: null]
2020-08-06 13:06:29,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_74afebdfc67192b5fb2027ef4a3a202f"
2020-08-06 13:06:29,233 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _74afebdfc67192b5fb2027ef4a3a202f and Element was [saml2:Assertion: null]
2020-08-06 13:06:29,237 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1d57038e545fd2225de01c89b052d53d"
    InResponseTo="_9fd4867a-f075-4bfe-b22c-422642b3b076"
    IssueInstant="2020-08-06T13:06:29.227Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_74afebdfc67192b5fb2027ef4a3a202f"
        IssueInstant="2020-08-06T13:06:29.227Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_74afebdfc67192b5fb2027ef4a3a202f">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>tcXhD/Zhecl0SDk7BqPZTKLpGqDa4zrWM1RwSbvhs7s=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>XG10H5OmMbbLW/x7CTFBbQR6fz3z9KM2bVs2WnVhpAdmUrf1gy6gydeX/0PggRE+X664B7P/gEqISt/qfEKtH+YhlBGYY7nRPSWBfur7Jcb0/El338bDfvVIxVeD4Or48mTkSfS+bnnZU+FyFoSMhxroWAspxuvwBqyRTF8VTvpQSPkJ8JCeayVhH5y/LUlxtTkQPzRrtUk8gRxLYeC2PeJmMhpr5wItUNfFD4eqSF9SE0O2EZ0m1h0wPGggX3rXBbMJ/qVvC+XlfgFPHDeHFWGbrzhJQagqmri/q5TWPOr7NB6i7xAw8vd5y9WQoqKo8jbQhIZ6c2Cwk0wzDOwRMA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://moveit.eastus.cloudapp.azure.com/6899/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_9fd4867a-f075-4bfe-b22c-422642b3b076"
                    NotOnOrAfter="2020-08-06T13:11:29.230Z" Recipient="https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:06:29.227Z" NotOnOrAfter="2020-08-06T13:11:29.227Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://moveit.eastus.cloudapp.azure.com/6899/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:06:26.555Z" SessionIndex="_f5c4277bd611f58395e178da0ff277f7">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:06:29,239 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:06:29,239 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post
2020-08-06 13:06:29,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1d57038e545fd2225de01c89b052d53d"
2020-08-06 13:06:29,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1d57038e545fd2225de01c89b052d53d and Element was [saml2p:Response: null]
2020-08-06 13:06:29,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1d57038e545fd2225de01c89b052d53d"
2020-08-06 13:06:29,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1d57038e545fd2225de01c89b052d53d and Element was [saml2p:Response: null]
2020-08-06 13:06:29,242 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:06:29,242 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post' with encoded value 'https&#x3a;&#x2f;&#x2f;moveit.eastus.cloudapp.azure.com&#x2f;6899&#x2f;SAML&#x2f;SSO&#x2f;HTTP-Post'
2020-08-06 13:06:29,242 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:06:29,243 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
2020-08-06 13:06:29,244 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'orgid=6899&client=mobile&code_challenge=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', encoded as 'orgid&#x3d;6899&amp;client&#x3d;mobile&amp;code_challenge&#x3d;e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
2020-08-06 13:06:29,246 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://moveit.eastus.cloudapp.azure.com/6899/SAML/SSO/HTTP-Post"
    ID="_1d57038e545fd2225de01c89b052d53d"
    InResponseTo="_9fd4867a-f075-4bfe-b22c-422642b3b076"
    IssueInstant="2020-08-06T13:06:29.227Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_1d57038e545fd2225de01c89b052d53d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>1R9SV0ZI9rHIhE00wNCfZ8tHIYLVNrVpB4tbkVQwS7Y=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>PEoXF3esc/N14uLDeqLe9m5evmhw+VmfhMY3cYJc/MZr92maoqc9pIPIN3pUewaEopwuGCqCTyq3Syl/f14axJFhZW8MzWIcNXtb8hj5y0kL8YZLnAO54EMYbkX8m1NmYLD4mXFxu3Q1icTyUEPN0CX7bFsYPjh4+O+K5XLlnX+Yev1FyW02Oz3PyqZco0dgf1M52y9fRSmIst+sMigOXizw7AeJrdtI1ZI9yd7mAxER5SPmMc2fod8SimmhhEMOUPT0grpnuSZNJUbq4SxSEsvxO1q6tz2qdgFVCJdg2M+BmylprFPUih8C/4NIitgQhWwLa/yD7jgRcHDYqDhmbg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_28ebb1e215110a31a401ca56208993ff"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_ac430930f1cc5f73a002fab422334895"
                    Recipient="https://moveit.eastus.cloudapp.azure.com/6899/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLzCCAZigAwIBAgIQGS/tfqYYp7JLXvwRDoOZvjANBgkqhkiG9w0BAQsFADBWMRswGQYDVQQK
ExJWbGFkaXNsYXYgQW50b255dWsxNzA1BgNVBAMTLlZsYWRpc2xhdiBBbnRvbnl1ayBTQU1MIEVu
Y3J5cHRpb24gQ2VydGlmaWNhdGUwHhcNMjAwNzMxMTE0ODAwWhcNMzAwNzMxMTE0ODAwWjBWMRsw
GQYDVQQKExJWbGFkaXNsYXYgQW50b255dWsxNzA1BgNVBAMTLlZsYWRpc2xhdiBBbnRvbnl1ayBT
QU1MIEVuY3J5cHRpb24gQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOBI
1FVyGFDyO1MbVBUyahoC7/byKW/jyKBFUJvYGZB8SHkzU1TMwrQlIdXtx9cqC2wjMISR+0hq25Jg
GoP5pkuQN2xsJ8UAaepiRsbRY+EswFAy8+/LbX2kRihz1Zq2bb6hgxiei2BYP0eyxZjQgLS0xCH0
cPecYLf2/J/Nsg5FAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAXfIFbNRJotIUX1fSketKvtLDhHcM
zQeempKN1k4Np+wRPV7KNA8AACxO4u4/dXmmxKdmy5U4XeuPranlJimI7QwrZ9+/opqBQz/1sZsi
nH36IH0E3PlIK9/+9hOMn6zaBLBi816L+i28vlgDchynmSf8guzQpO3Vl6zkU1jWYwE=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>OJukvMzZplIP+rB55ulJRYKjTlbg/KWctiKdP/1dVGnfhqRcgXr3Id87+j9CULglzzeUIpWfrwaHVsn5frTvLmHEolf/4xvS5daShFmdbUC+BUee2VhZ2W3lPXC0U8yQqM+qhEEZec7oB5Sjs5GIDLtIkprgWUPq0MGND4MywlU=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>Z9I8s4hCoXjb9FNZ/e/is8cAhZSQP/FDQQVQG3OBLcMfuaazrCXCwMfhF0FM0IK/Pq3I10jgM56KqRFy+SQyFVI19Sw/rQE2GIg6IqG+/krJ9mORZrDQ/e2gF++cFkywRh0Q94wy57YF7+Xpzvdss7oNMocJhPOUdwVzOaYsAHi2OiiKaNbZhnLAf0cpgieN60kGvyFG3g8jBr5MMJmLyZuAMH93ktUpZJ55YrwaK0OMlAzej4YSgBr2oe/XlO4HfIzZgfI6ubiwidghhenMHAcGI1NAwv3Gf9jJvg4lriFkPCGyC/THwMMjqo4iHZRp7pc4DXT8ezm03GEegxaVXNM6t6FMwtCfjJjGxn/y1AIfDtFc0HzF4QrlBl90+AEuQs+MUq8prh9vEQSaDHKF24em1r29YFWeFYqsPDIFXaYARtdrjDYIEIdrERnOI9Va4CCPQdZNkZ4GCgEk+Nz0Im6Sfknlb7+4ceX/kmaZGuh1Aw0qGGupX5DwAXQmKfxZ+TVZKVhhk82PBreaTOrLe6+sluULnbTUhk9UfoTss9boi852D4wtm7LpRtaTxuSDVQ7+iPY/2H/bClaoDxwfFEi3i40INI75CgxqX0Lgrk5wE0iBG17tAgdizjCb77i9YJumWcUU+LA2Y45SL5M3a4L9PPlFsQqEdzr3hGLF9BoLGaU2wUh8JL4YndRxyOGuSNSclX4Z/MIrcCk4nFyERh0WZ4phuGacHhUjQ+Vx+cHpficzddqacZ0vO8SBEPp/2TRlXTHPRgr7y6+cJEhrqAl2ft+vB4LocuT3I/kfCbCSAmIObMRyfNMplz6w9kG0O3zKRFaflA92yF1YoGB2F57z9X1F+MZuq2Bmb4m4Ds9VZ9jG+8nuPW+DO2Kf5FcbsioYqsDIsmVutH4iEK1MZmpn89dKg2jiMONMSl9V1oJyUzkAtZmbYNGmgVXpuoEaFceixHp9ZNP21LfVExkuHI2wihxMU1/Ujj/wHiRWLUY1JjHyozDm1ahTzjYLhsmr5hn09uSqpPw4CorXTvnkfJ3oOlDpRjSvX4+jRINW2+ZLv3ygE0Drqyq7I7bGIn2T/2fH45+ZfkFeGhF4qoorAPfgil3E6STHk2CDMj+ZBixAuEzqkBIZK/AAd9lAmLBB2xkJHIwjYSh0RY1ZED95mTPnqmZeVVEJrQMGVEghmQWF0wErvMYj5n9CWmuTv6fTJ0IQwV6beLMzrAVF3k58vtyggSWqPm7Pc2XmiGxsdTWJVBVjHw6pDJ/qk7njRLycDzxnjkpr7KQEssvE82WsvPo2lKCvaAXgIfN9LCvMzPVEHZrwXIpKfC5a2Mx3P9lo0uep+Ezl7XkL3sQ+819SaP1Emqp9bMEKSezKt49QgNRBO9GoNNLBOPRcIwSBZBywY/XUUxMn1CUqgZpfHOwFlr0Y6mNiRVrIorGl1zDF8aT/8fS59UEkQU1qR0zgbxfCR2Zz2Vu5R2HOtDpqEgLelLocIzk/hlDHQbiVKnRs1eoBJQlJNggsr7k6g1w5oGOJKGgGIvJTG5saLWpEIRp0JMloDyTwqkDnrHJXB+HwITuITLzMgWly3kEem9GIFJYnjXV6ZdVT7l4J0yXR/IMbnVqRGZfzfNMn0tdz84tiYjgzAQoxjHTeC39qMQBgGO+shNkISjBPOJ5v8xdr7GLRiJCuyjn99ZFm6IS6Aav4creBVYzlf2oUKzalfba0TKZJKBvv7yj2OVh4pWbs9rkqyN7970SNakUAd5Hvm4EYRWsvSaoNCS5L0w040zXbeSBBQNEzrcJBiUEIYsiaMYaYozFCZp/PiM55ixajOmHJozSAK7FkALgmc8KHaMevauG8hM+p2yibGr/aItzlai58fLbpgbIMA/WQJt/zltTA/A91K2s9cwGjJmwou3MH5g0MkugeUt2bJONcfSMTV4rB+8nO6EaAXj9SVBtpbVc5nVNNOM4N6BwABALECqF21tvwV/wGH1Aj5fQrNz9r3CFVjvnq5B7xLg9ELLrKfyLPvq9/+YHlQuKpUJUTzS4/gOrycQOf/D/6oik2lClrgwF0cWIjakyIV07BNIZqhSjAd5lBp4UPKpS1MRSzoNafqvENti5Rf6Zh0Ck+kYJYGGLG/ePhf76j7Q/AqCqgBLVL+tledWrIMW1KJIqBIto6loSNE8lRzPcN87GMs/jj2lV8TzSCc442lDS/sPXcHG139WtxT1c5wQdlTokTtfk6DPTrFQmytehq7nbYI0yoT40PTXiqc+Hs0CT5XEPPfbiJMaUPOOr7gRfXSOigvDcT2PmydvxjvgmZE8dzZhqttxTE5b7aMXM8pprkFFoIqPOSG44KQSOONnZJHVyH8x9y1+Uyq1UE0QmQPhWYKpYjt7NxhStMi+qRnUVV/2MMggryNkpfjD46d7KfnJwq9ejaEHiiSUlahIC7f8xVWXk23rKpe8mvAH8umlc4uRLgpv33zCykyorUQMVefMlzJDfUCOYLERj39vv7dBb/XPvr6kr8p4ECWWeFjJCmV4vWiDrM1UzHxixqqbjrTlg8oMFc08QLxcaQsKZ0vXGAn9/L1d9Ir2h9HA+QmZ9YSBffbictuMwqZuBsFtFIgkwCt1rl4eKXDzK6WujDM7u8YkNvTWpvyjS74UuMAYu8rqd7aChd4ZfZTq/1RFR+/A78ZU4WQAbCTYi7Vgtluw7HJkLAzYpiH8HNVgw67QfBC1r8Uqu83xCMQ+2FtNezG1Lbh5SBVZoj6cMVnG8QenPRFIMYkub8TqDGJaQglyyLSmgRp7FhPLkfm5LgVH7mMKPm4m8hupxqGvv1mKgc2CD4hDIAE8J/Rljv1AfxcYFoLgz2+2RsxrpVBiFrzY+D9MI7wBIj2XzQZ2NN7ruviYihuWZajZ3nJ/AwvqftwqcwTXSUF5+QCWY/ovrPSXwQ5NLHLB12BqwetTHwYpVCiznlcu9IFDNkrf7xrhvzsr1TvHn+d3e32C8R2wt2xENjmJ1MdLY+hjga90WZa64wT09jA2NOEohoGEP7y+faldnSi4m9/pfJKIE5RI6LcXaChmPnq8G1zjp9jpm3OpTYInnl+jQVPDCOy9frGalA/sTkUptX98U2Erp05GjuysCIgF/kPgWQPRCd+KDKgZDXUXlobOH7739Dh2Z3wQqtuJjBshXf/xF92N3gZvZl48esmphIksciQxmYQEIjLcvDJkgJrKkPplw6ALbFh6/eSQQSzdm7Qxq/dOVHm4bUGfa1b9Ez1vdcqHyRzklGeoZ0dli9s3l7+az6V4RKkz/bzxqw/f2l8OveVvlq44UZqH8zCsOj7kT7fNCQ49FaJd79GZxB2T6fbs06/azsmf3tFU2mfGgTlh5tvk8y4PyYNCVxpdYQTifDFD4ROKv2nWVAH4rDWiepiiZQUSY4Dbj6Zsa0aJ+itOBqh4r7M8aj5v17wr2SB3naUavnMUDHD7a2Uzs3Z8ObOPBwj8ZPzGyUCtrkJSjend3IWwWUGp7R09SBDPOhryePU8t+DzOeNs/nv3GuB8OdMsL2QOekkxhUapN68BVK1lilRe0bZ5J8nvCOXlvJhYI0q4BViFLH2Wuazx8vvVOK4k6i0zYo2vov7utDwd0wsjAI+FC7bV62y9ELGaN2eeu/0nb2BbByS6CHWreMTQhsujyhrCl4YFPa9wleOSldvTN3ZfSpSSJEhdpiQsJWD9zGLVomwHPuCvMJn60V57TC4h7S45yrIbB42WgAIf5P4/u4zmKKCWUaFiIQEJ357qbKhAl0IYGRt+VSJdW0mwwXkIhvhdQB122C5eP3QTRpL2UDZlFwZ29jRWVgpSDxIfGR2gh54OVJ2yMAPazkcius/T+1CoamkhfRxFYukUFTr9A/YqV4Gt8AUanZ5gN47zK5AarPSQhDoLKcUf0guQRXAa0JLuBSEN4rgPSP2tWGE4QYZSKUylkhUos+b4UmsujlQiviCT50WsSlO51aXXzbAR/I9fRl3Uiwu5fUAsjMsfr84RgJJkHhu2ivmZLIf6MvK6W4E/jIXahKVnkRaJ5cJsEnA60Kmi7EKTVTvTDYsSTRK9io9NECVmjN89QKs1kVat7a3CpvQoWbj7cEQmnYaBkf/p0HGaLa/j73MgXV1xIGjs6h5D4W1Yz7DROzrhWO6RimnLroPmBLTfd5O4k9Zz923q785oT6vIVgZ7O6viFDzFyFcY7c6mKgvV8L0aIs0eeqXFRsNBDd6RnCPREzLqf4AGoJzzcHabfS9TG4Be9WXuZLx5+iwA0V/FMCh3mR5ufa0yryrrJU6JjG46lUWEYthiH6k3Pl6nfmLcimOb7N/LyXJbEdcC07edPn+KGgrYVlCuxUimjdq+YHDT0YQaHRO7VFBtVBwr2DkVp+p5U+cQy5sQ/G0evavL9qZgSG8HM0Swsb7kHMC2rAW1Qi6syreZMxX93k/tuXkljj/cI6MKm9Ev9tSoniryGhMiW3lzTTq1nhpVAe4wd5IH7JSz4bkT0NZFdX0z6haCCqbQa7NkIDaiV8FYP46ZfPc06+kBwOiQX8U6eNzGGGvPMIn7IWRJi8VoIKN0zAkCTxcBD6BZ9+DkK7SvQ7McxIrUAIZp2gQeib5nXqoP6l7QDXSct9eMT1HNhphwC5htKtWACP5O1Uh7WEr8/AMyJOTtzyVX9Q1IF3q+GtPRmY0jiOkufjYCwomsKyeKPfk/4SfA95D8dUApPtN/TYAEKFv9iONfV0GR4+mjcxpylTxMdS0xMmut4Hh3wa9Hg75Pu1R64/EyDWK9ZiH7kf2XFNnUD1NZzJ+3UIcqH4TDWfhio62CHZw+gkhps6/dVQXkflayGBmSJb9y8sW+FnPBGjlHpM5xrvD3jvOzdwMmkVj+QHGUuUOXiqPEwDLrGFwvVqpFEL0duU+Ldo0gVlRnMr2/Z13mGReJmN5HdkAk84ZLa1Kp8EjcSbtebtp4/raTg3TNZ2WcEP7FCUgLYfNrpmbswb1Q9hDQuIJHbC0vIkNgLy4fthy5t4mDVMoxi2VJ2BAQDmprvUCrwCtAmgEBcbm0tKP7l3+JndkDjR1foKM0XC1/OFqSzt4Bac7Yrgi346jL/8ZQmPyTuC2EUXtjgMmplbYXpj6bYg8rIpN9jOoOsIsKU9E1Ho+osk6s40dX6Kw91oXFVEpYyJ1Um5KSjpelbKQTwR3An/duPtiLhdvfQOPfQA/ex0MPXCD2yUWJtiJd9LCzgQB/n4CM0KnL5pHG1QdnzXUMICTNdyEa68XlsRCAWx3utyPHMFiuEmHxwNw8RE/gwnQ/D4GCEgSACOGT3yvVDNxljWyy2ta8rBR2vpWgjqoTq9zY6mQD0sZvnCpZzJqtTk6F0xk6OgTPopQFOW2mTNz91T0mLZq+LIsTmtTP3jRFhVYW+gz2+Ia2PNv25Nqm+oInEYjef4IOsV/gG0icKhwzKWfvKrMYNzQcQyBLl00SC+DoGAvqKhuO78kQK118NuF8dUClq3qR/DPTKcVlqhFDYY9KqFnR9AApRAeTCFS7a1oly7n6eikKjD0gQVju8CTutmzqQ5FAV+YhFvOW9rYmV9G3RDhHTcuF7limycA3ofPt0DtDicS/Pmg/Rj+FXsLOjCYkIfBWd/wPeBZKwt4b6tFUEKXEm3BG9sZfgSN5EgM42lf4dex+v00ek94o+w/EFYbJnQJLiVbqMZDg+R19iOcKsgzvvY5ySxh6EmCzBGShV8Rwd1BP1VsIqAD+5/XOxZCNrUfc3c69RKRu+ZXIPtRY8AoLt2S0YFHv1p213iZP4A/qLoXNPPS9G8iNdg9qAN+SwB7MdEsD8bXfpFcl5+QRjz00XGTcUiFId5JlJfMDrIr97thXLTOKV2rUTLdSXtUFpFB0e8/pNhtRn9Whp+PrYWjWcHQrTlNLUopafQneCJhsP6CSK0Vq8EYhMNkmqvZUmMJlaL9PglWihFRXGvGPhu9gcbdToUGL2vF9CgS0Wdi+llViIAeuqMlX+rqrRUqZ48GsuxZzcprZUf9NVMKv3ax7pXVjgqC356myEolBAXCk9hDFc2T/y79H58OC3HTKMQ3s+CJJdTWIJo3U/5QtfQkEx1oNR8qr5uYR1MGp6aE5EV9a2NpITWYixQ66Fs1iOdh1bqcCA7sKlwUk72ctymgi2EN96cB0/tgj7NlNPNTqBCPsW4zODz2yIIvZ4ZT4dZMo269D0yG4pDp/0X2dJAIchrhFsLA44S4u/MzoVPtRe9pQJ3ZCempQ+8ppZkfOBQWiLM7XteNaqmzVe5Cet9nOLcUox3NXfRPcIwQrNFiwj6FnX/olS63FoHHnGaPJkSKCh4DNYrNhoV8kOq+3U+C7iOIpamewnFcrHwfVH55FWlrTKI1q+e+RdeTnrRG8s2cP0vipccquofOZmoGtmAd7lug7Mm5WJmxd5jAukaqzi+K5OuCaaTP3mYr8yGk6uxSCwogKmyoDC73e600vj5CzaQSJz/k1Q+m7NWCVpMaDi8lDf2F390PT35nZrCjafw1RFSJdzpYm67FAbE6QRHe8rGI2SjCx0rPh1DPAkudixDyvaMdsfSQ9rlpUI6CYUyOPMiNgK5LPWyT/0oqmA76pWO5p2RP1G+VoaBsJp9xp05x3lwTdhmOD5HTnCxTfb1jnom7VXSp08mKxycVhutXDIZOfMEOtpBtSIcNvuPWSobAOoRrx8//JesVREGhJwTs1M+0ZwtjX9zGyCTexflfSod7ZMRdNXTHpUICQ2LhnchCuKFC47+kLKXX4PlBNler51b37VyT6OMNsNzIYoyA75rgXCbJvfSPX4ybRhFr22SvLR08+bZMx+43psmEgGAs2CmKUqn6atqv0RGtXLCtiRA9DfXeaFlIf+CD3IrT2r1or6R36vVBJ+T+OC8jQHyWk/+Ep3Iu7FlJNaP2nQkwa8oqmsxZT6ufc0y90k58SgORQHCwa4AUUhwTgbHiLCUuPAoSnzN3k0i4yH2UJri3utWsofCAuGigkCzAYIsUSPn2bdWMS43n6Q29YyKQ0IhkIfa0v7I2iwEoxONNE/mSPSKE9Cowh6X71G3Fn7uOInNBOoHhx61nuzsgcr04jqmSmyMhNg1vwb81oiGdemnuFfSxyqd1Xnq9zXdzjlYYcfuhW6DVEIhN3IJIr+d6L9QnjyqlnzbxD4MDghbSL9qeXAD1H0hv0YPEJjOFnQVH/p96KDToWgnwopCyUhtxPrUAtT4Gn/9/0PyB/c7o1dnRx7FS996AuJ5QFI+YvfTHXaQDvkBXhnAtIm6RFwY0z/Lr6/WIpkZntn11vtE0PIifFp5k+9Nn1oGsqYnwNDjCVYoz46wjtKdSAjDtXdWzy4UX13nmyQ9jLRGs5XDQGFoLMwZMFElIpZ7hGrzysyuNWwrfl5appDnWVXqoMnyvRKo11NGsPFLUTdWJmG0sBijfzZ2TKmqI6Alx9Jn70oQ9jYSDsCzfjxe8pUW3yDCbhLGDFtzsfGeHr2sgO04U4/BGcCKxylecYKTacvFY0njN1b7KOujNyfCl4AMOpn3xt8XcBdQWNcRnhTyxFDqELhvxxt5XUUORNExRhzcCVYOip1Tf5HzVrW2qb4Lu2ZJFdD3C52Epw/BiFzjN9yZKLakoYIpxxpgAo3PJ3yVvzwjhZJMX6qYbpcoN8sR8ILVXGpL/O7UjaMX34fZDiTVPM3bx+gWdotKyC0UQsjeuRyEmt4C71XU+1V5pCj35FKEPhzRgl1iGFiKc5A4aywMeuhqZcm5hNGqLjgfvjVzQk4zV2zt5fidPY+A0sBsoDZOO9lwLrTX5EwkdtnwPzMHt1uA9mvRz6BCFYcelgN6vTPgdCwt7khz1FLSBWI=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-08-06 13:06:29,246 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:06:29,246 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130629Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_9fd4867a-f075-4bfe-b22c-422642b3b076|https://moveit.eastus.cloudapp.azure.com/6899/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1d57038e545fd2225de01c89b052d53d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|TFSLKM4HSIZXGLTTLRM4NOWOSGXH4XYL|_74afebdfc67192b5fb2027ef4a3a202f|
2020-08-06 13:07:12,481 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2020-08-06 13:07:12,481 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:07:12,481 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:07:12,481 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s2b426ce41b867b1bae94758bd48a3ec19e80b235e"
    IsPassive="false" IssueInstant="2020-08-06T13:07:11Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://mydev.cscglobal.com:80/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        SPNameQualifier="http://mydev.cscglobal.com:80/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-08-06 13:07:12,485 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://mydev.cscglobal.com:80/openam' from origin source
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:07:12,486 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://mydev.cscglobal.com:80/openam
2020-08-06 13:07:12,486 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:07:12,486 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:07:12,487 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's2b426ce41b867b1bae94758bd48a3ec19e80b235e', issue instant '2020-08-06T13:07:11.000Z', entityID 'http://mydev.cscglobal.com:80/openam'
2020-08-06 13:07:12,487 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://mydev.cscglobal.com:80/openam' does not require AuthnRequests to be signed
2020-08-06 13:07:12,487 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:07:12,487 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:07:12,487 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:07:12,487 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:07:12,487 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:07:12,487 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:07:12,488 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:07:12,488 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:07:12,488 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:07:12,489 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:07:12,489 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:07:12,489 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:07:12,489 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:07:12,489 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:07:12,489 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://mydev.cscglobal.com:80/openam
2020-08-06 13:07:12,489 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:07:12,489 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:07:12,489 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:07:12,489 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:07:12,492 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:07:12,492 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:07:12.492Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:07:12,492 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-08-06 13:07:12,492 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:07:12,492 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:07:12,492 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96 to 2020-08-06T14:07:12.492Z
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow or active result compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'morty'
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:07:12,493 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:07:12,494 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:07:12,495 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@dbe9005'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@d32688' with context 'intercept/attribute-release' and key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:http://mydev.cscglobal.com:80/openam' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1628254876994' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@dbe9005'
2020-08-06 13:07:12,496 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:12,496 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:07:12,497 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:07:12,498 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:07:12,498 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5a4ea466030d6f7430c60ef32d1f1595
2020-08-06 13:07:12,498 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5a4ea466030d6f7430c60ef32d1f1595 to Response _bc1afe04c877dc063ec08c0b7f354fb4
2020-08-06 13:07:12,498 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5a4ea466030d6f7430c60ef32d1f1595
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-08-06 13:07:12,499 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:12,500 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-08-06 13:07:12,500 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID msmith@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s2b426ce41b867b1bae94758bd48a3ec19e80b235e
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5a4ea466030d6f7430c60ef32d1f1595
2020-08-06 13:07:12,500 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5a4ea466030d6f7430c60ef32d1f1595 did not already contain Conditions, one was added
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:12:12.496Z, to Assertion _5a4ea466030d6f7430c60ef32d1f1595
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5a4ea466030d6f7430c60ef32d1f1595 already contained Conditions, nothing was done
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5a4ea466030d6f7430c60ef32d1f1595 already contained Conditions, nothing was done
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://mydev.cscglobal.com:80/openam as an Audience of the AudienceRestriction
2020-08-06 13:07:12,501 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5a4ea466030d6f7430c60ef32d1f1595
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://mydev.cscglobal.com:80/openam to existing session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://mydev.cscglobal.com:80/openam in session 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 2255e5d3b35033a7901de8202afccbebd600e7bad2616b26eaf16577e119fb96: replaced old SPSession for service http://mydev.cscglobal.com:80/openam
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://mydev.cscglobal.com:80/openam and key 6AMDYXNTVWURRFGTDXWQXMAI74Z6VCWR
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://mydev.cscglobal.com:80/openam and key msmith@samltest.id
2020-08-06 13:07:12,502 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://mydev.cscglobal.com:80/openam was replaced
2020-08-06 13:07:12,503 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:07:12,503 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:07:12,503 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-08-06 13:07:12,503 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:07:12,504 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:07:12,504 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:07:12,504 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bc1afe04c877dc063ec08c0b7f354fb4"
2020-08-06 13:07:12,504 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bc1afe04c877dc063ec08c0b7f354fb4 and Element was [saml2p:Response: null]
2020-08-06 13:07:12,504 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bc1afe04c877dc063ec08c0b7f354fb4"
2020-08-06 13:07:12,504 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bc1afe04c877dc063ec08c0b7f354fb4 and Element was [saml2p:Response: null]
2020-08-06 13:07:12,507 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:07:12,507 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp' with encoded value 'http&#x3a;&#x2f;&#x2f;mydev.cscglobal.com&#x3a;80&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2020-08-06 13:07:12,507 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:07:12,509 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    ID="_bc1afe04c877dc063ec08c0b7f354fb4"
    InResponseTo="s2b426ce41b867b1bae94758bd48a3ec19e80b235e"
    IssueInstant="2020-08-06T13:07:12.496Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_bc1afe04c877dc063ec08c0b7f354fb4">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>Xu57l0hI7KIS4z1R0oTaaLrvVnrCVWOaAZnkX0AxU1Y=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>KuXiWq8flWIbv4sMauMqGj8gY9XPzxZau62058uHmPkAd68roTXbKQAfKE2n7VNSgM+dL0u1Kt7kcGAv3zEJTC7+6PY9ZeBY8vyn/MR9ayW38JT1xhBkASVKRW0ZbzvDeS1aXz7gPsAJX0bejNxKanGZdvJU/WF9zbSHLZ/GAra9hT4ItOzjWW8ySiNz5KvCEEMVBXWtbYa8XhNmVjDWF2eFlwl9hbySuIbdtTG6t6tOfz6Msb4TWnQQxLQRzq3HvBamXh/D9kDKpVJ9JQFQWndhkLAFZ+sdBvTLhcXFhYk/RvZOKt3rypkMrX4yVLPx/Sj8+g2FJ3JtVdNpiai8+Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5a4ea466030d6f7430c60ef32d1f1595"
        IssueInstant="2020-08-06T13:07:12.496Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://mydev.cscglobal.com:80/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">msmith@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="s2b426ce41b867b1bae94758bd48a3ec19e80b235e"
                    NotOnOrAfter="2020-08-06T13:12:12.500Z" Recipient="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:07:12.496Z" NotOnOrAfter="2020-08-06T13:12:12.496Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://mydev.cscglobal.com:80/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:01:07.413Z" SessionIndex="_ebfc503d1649df4a577457cb572a6fea">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:07:12,509 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:07:12,509 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130712Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s2b426ce41b867b1bae94758bd48a3ec19e80b235e|http://mydev.cscglobal.com:80/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bc1afe04c877dc063ec08c0b7f354fb4|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|msmith@samltest.id|_5a4ea466030d6f7430c60ef32d1f1595|
2020-08-06 13:07:20,729 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: D55989DBE6890266CDB5BB4285F2FC73B3A4B1E154A0BC33DE81BA12A18CAF74
2020-08-06 13:07:20,729 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:07:20,729 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:07:20,730 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="vid-2f6ad8b8-a799-46de-9308-9a4facc46132"
    IssueInstant="2020-08-06T13:07:20Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">        <saml:Issuer>https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml</saml:Issuer>        <samlp:NameIDPolicy
        AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-08-06 13:07:20,734 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml' from origin source
2020-08-06 13:07:20,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:07:20,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:07:20,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:07:20,734 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:07:20,734 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:07:20,734 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:07:20,734 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:07:20,734 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml
2020-08-06 13:07:20,735 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:20,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:07:20,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:07:20,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:07:20,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:07:20,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'vid-2f6ad8b8-a799-46de-9308-9a4facc46132', issue instant '2020-08-06T13:07:20.000Z', entityID 'https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml'
2020-08-06 13:07:20,735 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml' does not require AuthnRequests to be signed
2020-08-06 13:07:20,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:07:20,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:07:20,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:07:20,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:07:20,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:07:20,736 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:07:20,736 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:07:20,736 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:07:20,737 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:07:20,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:07:20,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:07:20,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:07:20,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:07:20,737 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml
2020-08-06 13:07:20,737 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:07:20,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:07:20,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:07:20,737 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:07:20,740 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:07:20,740 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:07:20.740Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:07:20,741 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:07:20,821 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'identity-broker.vtex.com'
2020-08-06 13:07:20,821 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:07:20,821 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:07:23,655 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-08-06 13:07:23,655 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-08-06 13:07:23,655 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:07:23,655 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1713820324::identifier=rick, context=org.apache.velocity.VelocityContext@61189742]
2020-08-06 13:07:23,656 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1713820324::identifier=rick, context=org.apache.velocity.VelocityContext@61189742]
2020-08-06 13:07:23,658 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:07:23,658 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:07:23,658 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:07:23,658 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:07:23,658 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:07:23,658 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:07:23,658 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:07:23,658 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 36e36bb158c5e1fa2adc7eafc605645a39411e05153e7f623e40b1cb49b9cbbd for principal rick
2020-08-06 13:07:23,659 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:07:23,660 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6a641b69'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:07:23,661 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-08-06 13:07:23,743 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'identity-broker.vtex.com'
2020-08-06 13:07:23,743 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:07:23,743 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-08-06 13:07:23,743 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-08-06 13:07:23,743 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:07:23,743 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No relevant OrganizationName in Organization, returning null
2020-08-06 13:07:24,372 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-08-06 13:07:24,372 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-08-06 13:07:24,372 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130724Z|https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-08-06 13:07:24,372 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6a641b69'
2020-08-06 13:07:24,372 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:24,372 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:07:24,373 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:07:24,374 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead
2020-08-06 13:07:24,374 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead to Response _d6f458cfd5cf998072b3c9761a8b4696
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:07:24,374 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:24,375 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-08-06 13:07:24,375 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to vid-2f6ad8b8-a799-46de-9308-9a4facc46132
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead
2020-08-06 13:07:24,375 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead did not already contain Conditions, one was added
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:12:24.372Z, to Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead already contained Conditions, nothing was done
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead already contained Conditions, nothing was done
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml as an Audience of the AudienceRestriction
2020-08-06 13:07:24,376 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e6bf9a2d872fa7ac1a473f4a3cd91ead
2020-08-06 13:07:24,377 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml to existing session 36e36bb158c5e1fa2adc7eafc605645a39411e05153e7f623e40b1cb49b9cbbd
2020-08-06 13:07:24,377 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml in session 36e36bb158c5e1fa2adc7eafc605645a39411e05153e7f623e40b1cb49b9cbbd
2020-08-06 13:07:24,377 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:07:24,377 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml and key rsanchez@samltest.id
2020-08-06 13:07:24,377 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:07:24,377 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:07:24,377 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e6bf9a2d872fa7ac1a473f4a3cd91ead"
2020-08-06 13:07:24,377 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e6bf9a2d872fa7ac1a473f4a3cd91ead and Element was [saml2:Assertion: null]
2020-08-06 13:07:24,377 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e6bf9a2d872fa7ac1a473f4a3cd91ead"
2020-08-06 13:07:24,378 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e6bf9a2d872fa7ac1a473f4a3cd91ead and Element was [saml2:Assertion: null]
2020-08-06 13:07:24,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:07:24,380 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso
2020-08-06 13:07:24,380 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso
2020-08-06 13:07:24,380 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d6f458cfd5cf998072b3c9761a8b4696"
2020-08-06 13:07:24,380 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d6f458cfd5cf998072b3c9761a8b4696 and Element was [saml2p:Response: null]
2020-08-06 13:07:24,380 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d6f458cfd5cf998072b3c9761a8b4696"
2020-08-06 13:07:24,380 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d6f458cfd5cf998072b3c9761a8b4696 and Element was [saml2p:Response: null]
2020-08-06 13:07:24,382 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:07:24,382 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso' with encoded value 'https&#x3a;&#x2f;&#x2f;vtexid.vtex.com.br&#x2f;api&#x2f;vtexid&#x2f;pub&#x2f;saml&#x2f;instoreqa&#x2f;idps&#x2f;instoreqa-saml&#x2f;sso'
2020-08-06 13:07:24,382 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:07:24,382 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'D55989DBE6890266CDB5BB4285F2FC73B3A4B1E154A0BC33DE81BA12A18CAF74', encoded as 'D55989DBE6890266CDB5BB4285F2FC73B3A4B1E154A0BC33DE81BA12A18CAF74'
2020-08-06 13:07:24,384 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso"
    ID="_d6f458cfd5cf998072b3c9761a8b4696"
    InResponseTo="vid-2f6ad8b8-a799-46de-9308-9a4facc46132"
    IssueInstant="2020-08-06T13:07:24.372Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d6f458cfd5cf998072b3c9761a8b4696">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>f4DSYo3elUKkI5IlFX8F7tNE5Eh51SooapfHDnfQhE8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>EwV4J37DNg6/RLEeNVBPMBX9AHJRNddU9lEgUZ46qOJwxNuSso3oMGWoWMa8QhaYukT9kPjfbWyT1/aPZ70wVOsWQBpAoqTkYQLQz+V5/P4fvfL+Qd5gaeO25lcpoEvpDVe267GEFO3v7QBOb+YQD9FI9RtvCkReKz6qUXySVGP30/OHCDseMJUNUAX8GaPlPAdhM9UIqQbOrCSBAMIiaYv4zw5L1e1AK/S9OR3Hu+JpT6YweXZjIyOe+PzeuoRW5yNjWFMkmi17gitFxeSU9irYKtih2a4d0Fbm2Yocj/Xf5OWM2WIJtE+mB5eg5kK7mtlnAKCydKjK7PMhxJE6Lw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e6bf9a2d872fa7ac1a473f4a3cd91ead"
        IssueInstant="2020-08-06T13:07:24.372Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_e6bf9a2d872fa7ac1a473f4a3cd91ead">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>InYBYXTxH4C6vUJq3gp/Fc7slvatYsSzpV8JW0g/cks=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>qbFOG6/Y18poMR4OBPNMsAoYaGBDdLS52dfWOE6nPe+2GNsMWfNdMR3WibuF/lOaQRBkw2OFLVuT9NXAtB8K8S2cj+sgFIdkf4lUY2FWAAdRVn2VakzQN8Kn+T0SkRE4VF4xDSTt3dk70ZUkVLQgOVRwH9EB/zX3TuJeT/h7VoUyjHYFXLdDa9uC18oPSymucvGUC4xbqiWonwVoyElEYNrQEy5prGeypDPFFkW1gNTI7/s7Zbs+V1024RZBqrZs09vj5f7c84k7YGNY3uuHFjOjBn5mqpzupI+tNJCkHs384IJr0ePvrMU/Im20jo5QnS+FLwZEvWUJh+H1dpiClQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="vid-2f6ad8b8-a799-46de-9308-9a4facc46132"
                    NotOnOrAfter="2020-08-06T13:12:24.375Z" Recipient="https://vtexid.vtex.com.br/api/vtexid/pub/saml/instoreqa/idps/instoreqa-saml/sso"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:07:24.372Z" NotOnOrAfter="2020-08-06T13:12:24.372Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:07:23.658Z" SessionIndex="_0e213198948d2bd353cc0c21666ae5c1">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:07:24,384 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:07:24,384 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130724Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|vid-2f6ad8b8-a799-46de-9308-9a4facc46132|https://identity-broker.vtex.com/instoreqa/idps/instoreqa-saml|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d6f458cfd5cf998072b3c9761a8b4696|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|rsanchez@samltest.id|_e6bf9a2d872fa7ac1a473f4a3cd91ead|
2020-08-06 13:07:50,881 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2020-08-06 13:07:50,881 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:07:50,881 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:07:50,881 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="s2d40052fffe20333d6f0058811c5c16e5c46ee8d5"
    IsPassive="false" IssueInstant="2020-08-06T13:07:50Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://mydev.cscglobal.com:80/openam</saml:Issuer>
<samlp:NameIDPolicy
        AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        SPNameQualifier="http://mydev.cscglobal.com:80/openam"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
<samlp:RequestedAuthnContext
        Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-08-06 13:07:50,886 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://mydev.cscglobal.com:80/openam' from origin source
2020-08-06 13:07:50,886 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:07:50,886 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:07:50,886 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:07:50,886 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:07:50,886 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:07:50,886 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:07:50,886 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:07:50,886 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://mydev.cscglobal.com:80/openam
2020-08-06 13:07:50,886 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 's2d40052fffe20333d6f0058811c5c16e5c46ee8d5', issue instant '2020-08-06T13:07:50.000Z', entityID 'http://mydev.cscglobal.com:80/openam'
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://mydev.cscglobal.com:80/openam' does not require AuthnRequests to be signed
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:07:50,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:07:50,888 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:07:50,888 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:07:50,888 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:07:50,889 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-08-06 13:07:50,889 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:07:50,889 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:07:50,889 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:07:50,889 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:07:50,889 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://mydev.cscglobal.com:80/openam
2020-08-06 13:07:50,889 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-08-06 13:07:50,889 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-08-06 13:07:50,889 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-08-06 13:07:50,889 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-08-06 13:07:50,892 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:07:50.893Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No active results available, selecting an inactive flow
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:07:50,893 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:07:50,894 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:07:51,017 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'mydev.cscglobal.com'
2020-08-06 13:07:51,017 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:07:51,017 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:07:59,216 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2020-08-06 13:07:59,216 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2020-08-06 13:07:59,216 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1521296302::identifier=morty, context=org.apache.velocity.VelocityContext@5ece4c70]
2020-08-06 13:07:59,217 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1521296302::identifier=morty, context=org.apache.velocity.VelocityContext@5ece4c70]
2020-08-06 13:07:59,219 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2020-08-06 13:07:59,219 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:07:59,219 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:07:59,219 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2020-08-06 13:07:59,219 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2020-08-06 13:07:59,219 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:07:59,219 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-08-06 13:07:59,219 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-08-06 13:07:59,220 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2020-08-06 13:07:59,220 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2bacbdee1a17ebcd9623f58f53520b0cdbbd736e2c60af3675317c5b039a4c36 for principal morty
2020-08-06 13:07:59,220 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2bacbdee1a17ebcd9623f58f53520b0cdbbd736e2c60af3675317c5b039a4c36
2020-08-06 13:07:59,220 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:59,221 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@a366109'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@3de2b287' with context 'intercept/attribute-release' and key 'morty:http://mydev.cscglobal.com:80/openam'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'morty:http://mydev.cscglobal.com:80/openam' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1628254876994' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:07:59,222 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-08-06 13:07:59,223 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:07:59,223 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-08-06 13:07:59,223 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@a366109'
2020-08-06 13:07:59,223 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:07:59,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:07:59,224 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:07:59,225 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:07:59,225 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0feeba478feb3eb31750672fbd1cd069
2020-08-06 13:07:59,225 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0feeba478feb3eb31750672fbd1cd069 to Response _598d3a4718b44a6c79723cf8dc99230a
2020-08-06 13:07:59,225 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0feeba478feb3eb31750672fbd1cd069
2020-08-06 13:07:59,225 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:07:59,225 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-08-06 13:07:59,226 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID msmith@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-08-06 13:07:59,226 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to s2d40052fffe20333d6f0058811c5c16e5c46ee8d5
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0feeba478feb3eb31750672fbd1cd069
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0feeba478feb3eb31750672fbd1cd069 did not already contain Conditions, one was added
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:12:59.223Z, to Assertion _0feeba478feb3eb31750672fbd1cd069
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0feeba478feb3eb31750672fbd1cd069 already contained Conditions, nothing was done
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0feeba478feb3eb31750672fbd1cd069 already contained Conditions, nothing was done
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://mydev.cscglobal.com:80/openam as an Audience of the AudienceRestriction
2020-08-06 13:07:59,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0feeba478feb3eb31750672fbd1cd069
2020-08-06 13:07:59,228 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://mydev.cscglobal.com:80/openam to existing session 2bacbdee1a17ebcd9623f58f53520b0cdbbd736e2c60af3675317c5b039a4c36
2020-08-06 13:07:59,228 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://mydev.cscglobal.com:80/openam in session 2bacbdee1a17ebcd9623f58f53520b0cdbbd736e2c60af3675317c5b039a4c36
2020-08-06 13:07:59,228 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:07:59,229 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://mydev.cscglobal.com:80/openam and key msmith@samltest.id
2020-08-06 13:07:59,229 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:07:59,229 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:07:59,229 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-08-06 13:07:59,229 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-08-06 13:07:59,230 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:07:59,230 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp
2020-08-06 13:07:59,230 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_598d3a4718b44a6c79723cf8dc99230a"
2020-08-06 13:07:59,230 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _598d3a4718b44a6c79723cf8dc99230a and Element was [saml2p:Response: null]
2020-08-06 13:07:59,230 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_598d3a4718b44a6c79723cf8dc99230a"
2020-08-06 13:07:59,230 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _598d3a4718b44a6c79723cf8dc99230a and Element was [saml2p:Response: null]
2020-08-06 13:07:59,232 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:07:59,232 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp' with encoded value 'http&#x3a;&#x2f;&#x2f;mydev.cscglobal.com&#x3a;80&#x2f;openam&#x2f;Consumer&#x2f;metaAlias&#x2f;Portal&#x2f;sp'
2020-08-06 13:07:59,232 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:07:59,234 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"
    ID="_598d3a4718b44a6c79723cf8dc99230a"
    InResponseTo="s2d40052fffe20333d6f0058811c5c16e5c46ee8d5"
    IssueInstant="2020-08-06T13:07:59.223Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_598d3a4718b44a6c79723cf8dc99230a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>zlYByOrQT7vLmiTYX3oT7/AeuncrEoDfpA+coVpY22g=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>QlVlS+7LbhKRjfq1zNxM61CZg8X/9qOuRJdkMY5kZ5F33G/llo4oQEzskrrJYYnUKNyVu0qKjo17MpyX9VPVfEk2clxz6vi+Z17BOcuiAAPr3quNjNQjRSTcFK7eImp0etxY7IAx9ifwKynuuwBO0Ri/Tf0Hj1vJ8etV25cNxdumGW5MgMsN/Jy+05bv5vMzUKijuDadP5oFiVy2UVbA2uv8y/M1Hi9uz8G4PQ4e6ShwcexmbNf5ZBZDtdFgFASz11ELIVpfOzqI1jHgLwtXmUZ/W/N7V3SZbVV/Q0MSsKhf5zJGn75eLUzWn0vxXCk0z4OHu9CCxst6HD8E0bBdGw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0feeba478feb3eb31750672fbd1cd069"
        IssueInstant="2020-08-06T13:07:59.223Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://mydev.cscglobal.com:80/openam" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">msmith@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="s2d40052fffe20333d6f0058811c5c16e5c46ee8d5"
                    NotOnOrAfter="2020-08-06T13:12:59.227Z" Recipient="http://mydev.cscglobal.com:80/openam/Consumer/metaAlias/Portal/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:07:59.223Z" NotOnOrAfter="2020-08-06T13:12:59.223Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://mydev.cscglobal.com:80/openam</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:07:59.219Z" SessionIndex="_e92ceeb6e071022246c63ee4a54ba13f">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:07:59,234 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:07:59,234 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130759Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|s2d40052fffe20333d6f0058811c5c16e5c46ee8d5|http://mydev.cscglobal.com:80/openam|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_598d3a4718b44a6c79723cf8dc99230a|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|msmith@samltest.id|_0feeba478feb3eb31750672fbd1cd069|
2020-08-06 13:08:21,385 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://localhost:8080/saml/SSO
2020-08-06 13:08:21,385 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:08:21,385 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:08:21,385 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:9000/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="a52541b4hb8484hj1414gabb5jc3b10"
    IsPassive="false" IssueInstant="2020-08-06T13:08:20.336Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">com:vdenotaris:spring:sp</saml2:Issuer>
</saml2p:AuthnRequest>

2020-08-06 13:08:21,390 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'com:vdenotaris:spring:sp' from origin source
2020-08-06 13:08:21,390 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:08:21,390 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:08:21,390 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:08:21,390 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:08:21,390 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:08:21,390 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:08:21,390 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:08:21,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer com:vdenotaris:spring:sp
2020-08-06 13:08:21,391 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:08:21,391 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:08:21,391 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:08:21,391 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:08:21,391 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:08:21,391 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a52541b4hb8484hj1414gabb5jc3b10', issue instant '2020-08-06T13:08:20.336Z', entityID 'com:vdenotaris:spring:sp'
2020-08-06 13:08:21,391 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fZHNbsIwEIRfJfId7ISAUouAaBEqEhWIhB56c5yFGCV26nVQH7%2FmT6UXTpa1s%2FvtzoynP00dnMCiMjolYZ%2BRALQ0pdKHlOzyRS8h08kYRVNHLZ91rtJb%2BO4AXeAbNfJrJSWd1dwIVMi1aAC5kzybfax41Ge8tcYZaWoSzBDBOo96Mxq7BmwG9qQk7LarlFTOtZzS2khRVwYdf2GM0TOAZtmaBHNPVVq4y6ZnMXr1uex8oa9KqsqWetZe1UDP8IhuoVQWpLsOWBgr4XJDSvaiRiDBcp4SMYyGcVjEVZHESVwdwziMD6Iohkc5KEJvyBI3AlGd4K8NsYOlRie0S0nEItZjSY%2BN8nDAWcIj1h8MRl8k2Nwuf1X66ugzm4qrCPl7nm96m3WWk%2BDznowXkFsO%2FEK3jwE8HyzurpOJNA0%2FlaCNE9ZrsbWe6J8xfRw9uX3%2FJz75BQ%3D%3D&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fsaml%2FSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=Ork7kMz%2FFhouHbvqMGNr5XxNoB1gHUT8yzMiQH4iTS4QkQ4G389dT8u%2FKO0pKi0ta5Tw07sInDsT%2BpqcjlYfw01rRhNr3OS8j%2FcrRMfMgzK7B1a0jpGeN%2Bq6IA1HR0e%2Bd%2FjLF3Kt66ETJwZhXDgYSg%2FJUCLiIbochr3ZP9X05zDPaRotubs0aymf2IZ6HY0CPC3%2BUJH%2BvvIUU7OHfi3ZKgFhKK2Mlh4czNaw78EldN0G1AROEY8%2F9e%2BeDJGMrCO0JX7ufp5mxFL9YjJzoomq9cRCgZYEH%2FJ7VJ65X4%2BrLmO137ALtDlslR2SBVPLp1ieIH0qlCi7%2F6g%2BpKlunLfZwA%3D%3D
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fZHNbsIwEIRfJfId7ISAUouAaBEqEhWIhB56c5yFGCV26nVQH7%2FmT6UXTpa1s%2FvtzoynP00dnMCiMjolYZ%2BRALQ0pdKHlOzyRS8h08kYRVNHLZ91rtJb%2BO4AXeAbNfJrJSWd1dwIVMi1aAC5kzybfax41Ge8tcYZaWoSzBDBOo96Mxq7BmwG9qQk7LarlFTOtZzS2khRVwYdf2GM0TOAZtmaBHNPVVq4y6ZnMXr1uex8oa9KqsqWetZe1UDP8IhuoVQWpLsOWBgr4XJDSvaiRiDBcp4SMYyGcVjEVZHESVwdwziMD6Iohkc5KEJvyBI3AlGd4K8NsYOlRie0S0nEItZjSY%2BN8nDAWcIj1h8MRl8k2Nwuf1X66ugzm4qrCPl7nm96m3WWk%2BDznowXkFsO%2FEK3jwE8HyzurpOJNA0%2FlaCNE9ZrsbWe6J8xfRw9uX3%2FJz75BQ%3D%3D&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fsaml%2FSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: com:vdenotaris:spring:sp
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: com:vdenotaris:spring:sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'com:vdenotaris:spring:sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID com:vdenotaris:spring:sp
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:08:21,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:08:21,392 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:08:21,392 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:08:21,392 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:08:21,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:08:21,393 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:08:21,393 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://auth.dev.nic-place.com//saml/SSO' nor response location 'null' matched 'http://localhost:9000/saml/SSO' 
2020-08-06 13:08:21,393 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' did not match 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
2020-08-06 13:08:21,393 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No candidate endpoints met criteria
2020-08-06 13:08:21,393 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'com:vdenotaris:spring:sp': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=http://localhost:9000/saml/SSO, trusted=false]
2020-08-06 13:08:21,393 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: EndpointResolutionFailed
2020-08-06 13:08:21,394 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-08-06 13:09:01,700 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://localhost:8080/saml/SSO
2020-08-06 13:09:01,700 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-08-06 13:09:01,700 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-08-06 13:09:01,701 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:9000/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="a23bc2a1a3241iae1g7hgefbd3id680"
    IsPassive="false" IssueInstant="2020-08-06T13:09:01.568Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">com:vdenotaris:spring:sp</saml2:Issuer>
</saml2p:AuthnRequest>

2020-08-06 13:09:01,705 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'com:vdenotaris:spring:sp' from origin source
2020-08-06 13:09:01,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:09:01,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:09:01,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:09:01,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:09:01,705 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:09:01,705 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:09:01,705 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:09:01,705 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer com:vdenotaris:spring:sp
2020-08-06 13:09:01,706 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:09:01,706 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:09:01,706 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:09:01,706 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-08-06 13:09:01,706 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:09:01,706 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a23bc2a1a3241iae1g7hgefbd3id680', issue instant '2020-08-06T13:09:01.568Z', entityID 'com:vdenotaris:spring:sp'
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fZHNbsIwEIRfJfI92AktDRYB0SJUJCoiEnrozTgLWErs1OtEffw6%2FKj0wsmydna%2F3ZnJ7Keugg4sKqNTEg0YCUBLUyp9TMmuWIYJmU0nKOoqbvi8dSe9he8W0AW%2BUSO%2FVFLSWs2NQIVcixqQO8nz%2BceaxwPGG2uckaYiwRwRrPOoN6OxrcHmYDslYbddp%2BTkXMMprYwU1cmg42PGGO0BNM83JFh4qtLCnTftxejVfdn5wkCVVJUN9ayDqoD28JhuoVQWpLsMWBor4XxDSg6iQiDBapESEQ%2F3MhaRGMZPkRIQHV9ORzjsy6EqR4k3ZIWZQFQd%2FLUhtrDS6IR2KYlZzEKWhGxUREPOxpxFg%2BdR8kWC7Hr5q9IXRx%2FZtL%2BIkL8XRRZmm7wgwectGS8g1xz4mW7vA3g8WNxcJ1Npat6VoI0T1muxsZ7onwm9Hz29fv8nPv0F&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fsaml%2FSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=Q%2BRtKjho6riZYHWbzyr%2FzdNWVlkBR8Ya7XKxHZaqeS35socPDaVrJrTmBaXsaE90y%2Fq2OE4trsN8CAmpxfVeSv25EvydqU8goWnCS8AMDqFxfG1TNaRMcm3L%2F7exkAiaiYrHIzS5sapdlCVBlqMs0xvhyatEV7bc6im7CPB5JtMhrXr1Xap2lnv3ncwNjc%2Bm0r%2FSaUwioZesas5xzIJ7KdYtdd7BHzV3dU%2BV9ufODruSZ7cBq6AdxaLuK0docvHysdfpEXBFhbTHOU9%2B6sr9Damcke6bKgyYpgalsp%2Ff6xB3Xfa%2FKdwacy2fr4DBXTc%2BRjSHREsIGh%2Bmda7oaY0TFg%3D%3D
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fZHNbsIwEIRfJfI92AktDRYB0SJUJCoiEnrozTgLWErs1OtEffw6%2FKj0wsmydna%2F3ZnJ7Keugg4sKqNTEg0YCUBLUyp9TMmuWIYJmU0nKOoqbvi8dSe9he8W0AW%2BUSO%2FVFLSWs2NQIVcixqQO8nz%2BceaxwPGG2uckaYiwRwRrPOoN6OxrcHmYDslYbddp%2BTkXMMprYwU1cmg42PGGO0BNM83JFh4qtLCnTftxejVfdn5wkCVVJUN9ayDqoD28JhuoVQWpLsMWBor4XxDSg6iQiDBapESEQ%2F3MhaRGMZPkRIQHV9ORzjsy6EqR4k3ZIWZQFQd%2FLUhtrDS6IR2KYlZzEKWhGxUREPOxpxFg%2BdR8kWC7Hr5q9IXRx%2FZtL%2BIkL8XRRZmm7wgwectGS8g1xz4mW7vA3g8WNxcJ1Npat6VoI0T1muxsZ7onwm9Hz29fv8nPv0F&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fsaml%2FSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: com:vdenotaris:spring:sp
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: com:vdenotaris:spring:sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'com:vdenotaris:spring:sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2020-08-06 13:09:01,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID com:vdenotaris:spring:sp
2020-08-06 13:09:01,708 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:09:01,708 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:09:01,708 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:09:01,708 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:09:01,708 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:09:01,708 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:09:01,708 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:09:01,708 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://auth.dev.nic-place.com//saml/SSO' nor response location 'null' matched 'http://localhost:9000/saml/SSO' 
2020-08-06 13:09:01,708 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' did not match 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
2020-08-06 13:09:01,708 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No candidate endpoints met criteria
2020-08-06 13:09:01,708 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'com:vdenotaris:spring:sp': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=http://localhost:9000/saml/SSO, trusted=false]
2020-08-06 13:09:01,709 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: EndpointResolutionFailed
2020-08-06 13:09:01,709 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2020-08-06 13:09:19,172 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:09:19,172 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu" IsPassive="false"
            IssueInstant="2020-08-06T13:09:18.553Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>Ba4EMikpyK9/s0aBcTUm4635fkY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>jmrgXAGEzIqIHvKKyNSU9gSLZRfRonU89gkkAaucb/tPmekTY/pneziJuBvZC7LCj3J+Togl1M/PxXgGEWtKIHX6Nx9USOHAcZ6PR1s0/rUvz+RxuN5vbIxSBBYrtH6TBPQD3j6B2m5bc6kCfuMTgWi75ous89CMFB0+TyTsC+w5N9Fb5XRG7M203sny4ZhU5ai5zqVfAV7gp3kc0OqzHxnXXz8q/1qgmJgiEknOZBPsflgEL4bN3PmMWXgfxvx3dshFGqBjNTvz/Z5c+PRK6gXXEdV8r4GTcrjvyPee2zifPBXWy5fzb2udiTrgR/7MTkEcsjluvBlUhi2J4diPeU5AaaVrFro2/101+xpIQc6K4VtAXCX6Z376BzBt/GQkctP3tsqhF0oPwBxITiXOdNuQgimeRSBHxa8J3YyEN2CtnLmdZj/GCO9cbJn0w5DKKdlUAyXCYMQu44YMVc3sCY5P6uaewxaWxG8ERkZMff5a4cXznF8j0EAeQ/i1aKu8dupsAgIAoSOq/Kx5YJ2Ngi1iKk4TNyFdGEdBkRiXXGivpAVNLlQgmt2Ux0mzEtj+cUN+hcIHmW+OJ8ORz0YgLMvro0AhBuL84//fHDGVOtMOzdOzP6WO6JbSPBLM9tpQ3S0GFJVfwVEkDmysHVXQ/29mn0WeujRKbM69w1CkkZk=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-08-06 13:09:19,177 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otc.t-systems.com' from origin source
2020-08-06 13:09:19,177 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:09:19,177 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:09:19,177 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:09:19,177 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:09:19,177 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:09:19,178 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:09:19,178 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:09:19,178 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:19,178 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-08-06 13:09:19,178 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu', issue instant '2020-08-06T13:09:18.553Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:09:19,179 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:09:19,179 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:09:19,179 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:09:19,179 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:09:19,179 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu"
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu"
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu"
2020-08-06 13:09:19,180 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:09:19,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:09:19,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:19,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:09:19,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:09:19,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:09:19,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:09:19,181 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-08-06 13:09:19,181 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:09:19,181 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:09:19,181 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:09:19,181 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:09:19,181 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:09:19,182 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:09:19,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:09:19,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:09:19,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:09:19,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:09:19,182 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:19,182 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:09:19,182 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:09:19,182 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:09:19,182 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:09:19,185 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:09:19,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-08-06 13:09:19,186 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-08-06 13:09:19,186 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:09:19.186Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:09:19,186 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:09:19,186 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:09:19,186 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:09:19,187 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@400484332::identifier=rick, context=org.apache.velocity.VelocityContext@2cea8c9e]
2020-08-06 13:09:19,189 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@400484332::identifier=rick, context=org.apache.velocity.VelocityContext@2cea8c9e]
2020-08-06 13:09:19,190 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:09:19,190 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:09:19,190 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:09:19,190 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:09:19,191 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:09:19,191 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:09:19,191 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:09:19,191 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 6144f8d43429b23d87122f2111875d22959d5f2d52be0b3bffcbd258faa079fd for principal rick
2020-08-06 13:09:19,191 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 6144f8d43429b23d87122f2111875d22959d5f2d52be0b3bffcbd258faa079fd
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:09:19,192 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:09:19,193 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:09:19,194 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:09:19,195 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:09:19,195 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4408273a37142f3a5d2fdab75ce3e332
2020-08-06 13:09:19,195 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4408273a37142f3a5d2fdab75ce3e332 to Response _bbcc5b034f17badfa2021c9f08e7c34b
2020-08-06 13:09:19,195 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4408273a37142f3a5d2fdab75ce3e332
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:09:19,196 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxw2/HCkQDAFlBKZcwfr53ih9XRqbkCP4FUF5UFdmXNe8X+DPl+gdYJ485ZGbakU1bUQkDBLGuPW2xPC+I7n/tty/jWTcZATfiP3mA9j9seCp8d1t/EG0IkSlcTVoCKHXyZMO9nZdU with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:09:19,197 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4408273a37142f3a5d2fdab75ce3e332
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4408273a37142f3a5d2fdab75ce3e332 did not already contain Conditions, one was added
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:14:19.193Z, to Assertion _4408273a37142f3a5d2fdab75ce3e332
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4408273a37142f3a5d2fdab75ce3e332 already contained Conditions, nothing was done
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4408273a37142f3a5d2fdab75ce3e332 already contained Conditions, nothing was done
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2020-08-06 13:09:19,198 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4408273a37142f3a5d2fdab75ce3e332
2020-08-06 13:09:19,199 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _4408273a37142f3a5d2fdab75ce3e332 did not already contain Advice, one was added
2020-08-06 13:09:19,199 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 6144f8d43429b23d87122f2111875d22959d5f2d52be0b3bffcbd258faa079fd
2020-08-06 13:09:19,199 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 6144f8d43429b23d87122f2111875d22959d5f2d52be0b3bffcbd258faa079fd
2020-08-06 13:09:19,199 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:09:19,200 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxw2/HCkQDAFlBKZcwfr53ih9XRqbkCP4FUF5UFdmXNe8X+DPl+gdYJ485ZGbakU1bUQkDBLGuPW2xPC+I7n/tty/jWTcZATfiP3mA9j9seCp8d1t/EG0IkSlcTVoCKHXyZMO9nZdU
2020-08-06 13:09:19,200 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:09:19,200 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:09:19,201 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4408273a37142f3a5d2fdab75ce3e332"
2020-08-06 13:09:19,201 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4408273a37142f3a5d2fdab75ce3e332 and Element was [saml2:Assertion: null]
2020-08-06 13:09:19,201 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4408273a37142f3a5d2fdab75ce3e332"
2020-08-06 13:09:19,201 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4408273a37142f3a5d2fdab75ce3e332 and Element was [saml2:Assertion: null]
2020-08-06 13:09:19,203 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_bbcc5b034f17badfa2021c9f08e7c34b"
    InResponseTo="_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu"
    IssueInstant="2020-08-06T13:09:19.193Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4408273a37142f3a5d2fdab75ce3e332"
        IssueInstant="2020-08-06T13:09:19.193Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_4408273a37142f3a5d2fdab75ce3e332">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>AziEXTjaEvw7qyAKlekh3IKoGsIgO/P8dzQI6OEhndo=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>jTeoHG5hju6e94LeD5j7nnqSvFJ98GCrsgCA9AKiKkIXvhhtfpcNZY8oeRXaJX/EmIhziTrQQYkReGjzj/3DAeJKDpPR8EqbSP7pbE/00qRDSdhUrfsNTLbOqmC5rHjPaDrxoOSO22Hcq54RfY2BVdatucr8BHhDNeW9ajYbUg0DtDHc1BhP1BX6g6c/Wgmvvl/BeP8CNWvgcDt71qxp4+boxHxJpl+0j1QRtPmiZPVUKfsRvYvXtBKHthaVuz6la9EpxfaLYEKu7q7pO8MoRP03j9oKHUmuLRoDxxubgk/WFD8OSzUwCQN5vK5CxrcdtWyZvdksbNCi6f5FrzqhfQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxw2/HCkQDAFlBKZcwfr53ih9XRqbkCP4FUF5UFdmXNe8X+DPl+gdYJ485ZGbakU1bUQkDBLGuPW2xPC+I7n/tty/jWTcZATfiP3mA9j9seCp8d1t/EG0IkSlcTVoCKHXyZMO9nZdU</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu"
                    NotOnOrAfter="2020-08-06T13:14:19.197Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:09:19.193Z" NotOnOrAfter="2020-08-06T13:14:19.193Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">+AuUaTOf51MaT7NNF7INHWz2R5xSWlldyG8ZpQizqig=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:09:19.190Z" SessionIndex="_d592d7f81bf9bf8736c1bb421fc5ae08">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:09:19,206 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-08-06 13:09:19,206 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-08-06 13:09:19,206 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bbcc5b034f17badfa2021c9f08e7c34b"
2020-08-06 13:09:19,206 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bbcc5b034f17badfa2021c9f08e7c34b and Element was [saml2p:Response: null]
2020-08-06 13:09:19,206 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bbcc5b034f17badfa2021c9f08e7c34b"
2020-08-06 13:09:19,206 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bbcc5b034f17badfa2021c9f08e7c34b and Element was [saml2p:Response: null]
2020-08-06 13:09:19,208 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-08-06 13:09:19,209 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">+AuUaTOf51MaT7NNF7INHWz2R5xSWlldyG8ZpQizqig=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_bbcc5b034f17badfa2021c9f08e7c34b"
            InResponseTo="_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu"
            IssueInstant="2020-08-06T13:09:19.193Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_bbcc5b034f17badfa2021c9f08e7c34b">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>XsoU2WYxbURktMp3Gla2E7y8JOCnwsA57xxY3pSYWq4=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>HtvNJhIB4DI5TwOnw4za1obiw5yXB4rzWZGHWSV6QWYWskgXjPNS/tm3QeQ9+C4a+zvrt6UDb+vm7nmjR7k8L575vuVxHm1kn0G3vkRJYIogBY19oGKtgeQEaCEZGsEm1TNf9f6lI8Qbcf8mnU7689jfJFgl9AUCQugMBNz4BIQ9yXyNckmRCI/BcOfqBmUz/D1RSmQ9AA+tZDnKH/pkBnis+Z039heNuF5TstV8ySNIzQX9eACqd8hEauyLoBCPu5f3AGKtwBeuhxtCOJAD8Vni8kxhNH3UoW4rzG3FsQptr8uwQ7AUvp4c+bYYIMDn8EbRxhEi8MPlaZlVYYz6gQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_1a79db28260eb467cf36db586916c5d4"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_a378f02f607fe04412fc34f637b3f9ca"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>LrDwuOD+lm+P1TpDoGWqiv7Ib/eNuOP4rCl/Hdj7lyuZDi4uzF+H0MDQtd01HHWnlYLXjnX5Y1vcm2LJS+WHCL05azlWRLdzDiHbnYG0Ndga4mfcOREfm2MncQUp06hPNF6O3SDIRUiiBnFAn6CuqSapWUxGBJtU6PrZ2orTxnKCOTIFRUwyauqsJaB1l47LE5nf7178qZOKsK2IHbR2YogDrfE/oE3LJep0b18IImulyIjBDF2KZaqi18YXR0tXvajp/AXgcesOE4dynr9UXGww/Ugkm3RVROI6TNeRNTxBVrZ0jwY+Zii8HWgI5DkF1YyDkHNN9Ji4Fhj28zdbl+uafEmm3V46WA3DqxARL1N7BtaXEeUFHGXNjB2AAnn1LztBP2lPBIFrPIXhCyOTellbmRE31fPBnfEqdUrfWo3bwP2/yDHr5wvlkQbk9zZhKYo0xKpu4wtCobVNbFgCmlRVQcsmPSxN5u179AJfzAqDQxAzwUkrexMoMw5sWVwYXsxU7AWhE6DQYTsNhOlpG1wrDyX93tPyVjb/eMdvEhdZG+vHV+ex2kljvyCGNR4ueJwbR/25x4gwTMocMYvYSRKNIoVldPezShpd1Q5LdKtSlLz7wiI/84ePxv/sqvh3mCrfZp4Zb/raD08I9VN6ftqeFYtvHZOCAeUqZzu0eaA=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Cpx8xXkGw7RVkQuF3jKuvozk0YfX0FbTTMSs0F3afJqickLcww3ImsNjfbqpMkjuJM3soRYXC8ujENBMhlyGaAZLZDJaqAxho1oscVY7KbHuWrNMhgxYiGvZmsp7sSnj+QL5nxaIg/1hKWThJLVE8caJGunHJ/8a52y+OPQxgYarVUERkz28gsQAQVKrALgd0WgZqau7m7nuDAjaRDSD8vBGuFDSIUlSnVHW4BOqTmQ/Vlz1Nvm9e/mBIAZ6BEiucl/3kJ5WapGPb2QaNnnZBJBBjRIpHYpMzZltIIQLHvlrfgKYJbiFvXiTMVUryYLynCXjK1zqThJfdJkU8hZPpzseFgW6FlWkO8fTybRavvsuWxw/ZT9Cx2DtfU6CjjTDG5AKXOY1xfHRP/oUrPJ5CUrghs4qRfLfvlFGu+YcRwyk9gESh1y9bNJQO6deM5ZEsyhdGwrfZck9v2a2BuQOXG+C7s9IBipVS0CwlO0CopHpawmUxm/Bfl85D2vZZTYe/iEZ8AxJLddrEyUTJSc4KvKSfpzuNOGZYYEzBlIr6tn++xUeUyQQD14Qe0PPlb/dUY9d6n9S4h0d+6m53jIzBnzzVKmdzn8M1EayejLONMKAcab65hJxjDBlwTN+pN764PGcr3ijdXiQTafZrSiW0QNnfBp6PgkAv5HahjC0zIBdBD9/YLDwX/H1P+PYDXuaPgYbZQ0ZHT2g1G29UaG9fl1hbEJZFryPtM3i+BpIIdV6RgIQYDGNQxV3SWXqGVysfoZ3ZBMGiqFu7Mp2CgKGAkfeR4aHw50AzngfOvk4p5D+KWe6iEb9nGUEfzVNQhHgHVn6eyXemyqdLKwFE6zVTtU7J/x+wMlwdrOTDvqngoG8JR50vBXEbV6SkIKLjkK/bpW7G/JEU6OW6L8WJR+kYxdDuogI6V+3yPg3jwjY8mP8fBrh58KsLL84MmbB/OGim26HqQ9Z21YwQb5F+j3VleZXvTZvG+3+bLroGITL4Dlp2tMEIFaeELanpBkY02br/ZXYOy0GDSvoWq2eM3NZPm19XpROcUx0AMu37qJ78EcjPU6+8gwMpN0nbuJv6EtJDdJOtE7hyme+IuE4DE1ArKQg3Mfltj2sWtzDN48w3oLPaPHoRa3pW3E1XH4mwM1uKntMtC1MKz5SPC38LKeTfPn4Cihd0w3g0ohyCWvnQQhoPVFnTvJZxP7usopAtmjdxOsMpVsm+xxFG61++XFK/IytrLjdteUdoSgj9Sgu8wbXciU7iCQai39tGtjwasAOLFNUDRMQVLbsP/HtjTCi+RsRklTi4bYKjkzSpgS64Uh/gpgJZrMQ1CPorHyJnV9n2ckKv3gUuL5MeAmjfIQBP4QiPKHh6z5+wvT4rfvsoeeX0WsgTut3q+iQlH/Tidfktt5uAN9XunouGU3EF4bFyxJG7jFWOaqDuApsQDUEKA451Weajv6j3U0ipWuHF2gkuvfgRA8kvXFH2oZROzucZOjDfAFj2gZRxBKIKfMYTcBxNQGXIv7PUdU40AyuTb/dOKxO9DMpeh4r14N0FTIMUBP4fCOoGRwWPUay4rH/7a8H4drsop7Tis0F9DLJUdmgLNwIJ9VRqX/SKAq+QKWO9SuV4R0B/zt9oyHiUv0gpKLhC8wJFZxxsCEnGtoMwFv3P+TVMrfxzwsZ5cjicXccwbNdW2Gqs9rHWY7tbdmDG7lfhKmjy0uPTZ8wO1yrs1PYz0mvN+M9jRkL5JLO6CHrTynAkhwC2aO6YUmiNUGK1OdeBT4qA3iaZ6+11k9eIrqXmCh+wyoExSHNLjjwC/IgqHivt9PGG6Mb1SI+TkliSBK8Mh72y+NR8b4EqnHAxIxh2176o82zsWZKY60vqNZ7wgFaoplx7p0YuNzFRYx9OxjGSFqfDRw7ljDPLO7ahvYeO6AYklLMitTM3RYquKPNptaGp3OIK/cFHib57SREN83fsJTphxLd7LXVpmdI9wFF/3H8rRD8xrkSoJ1tA0indPO5Y3VNEk+r0c7BKjMQa0BFA4ip9W9clje5e43TeTt8SIuUF6MxvLqyWdDhKcoMh/EwggK0ybjGEBvgF1OEhCPI+ArBqCqpfLBLDeKyNpG+THdpDeDOqUPYDA/m3XU7WaZiZ6CmY74P6jhFVCq/EshqbGXl6C198H2wXvrqTRWNKW2zy8PJ/dkCLWUKw4ICODR9YBX2EoZRFi63DMo1GvlxqKzi+zDEoWkfJ6NIbMdM9Zt9EuD+G6GXUu++KbJfG7nAPTy1nhatM7uk6l3MdVixQ5Ewxh2omIztvg+uUcjSvi5ue40E4fOk45FLmxspX25at8BerziExbYZ9Ldn4SyTOE88JvdEsgiQP+3Vk1Y77ZEIV29rS/XGIPuyao2dcs1jJHSnJFILceD3InnBoCUSh3grkvGVDwzVgZ577XG9n3vsf8a3NTTdDRRK4ObegH1MHFzKsuHjVx7wlIasvlV5ROlEXG0acj3Wa2fC61iTGew0ykOlhgWTiQuWGANc83kgH/ggMSivlv7IM87Ky/+oW8TrWBSY+2L3i4CL9cBeCS0iu48KhPBN8lIbC6/GGR7NU8aw2yqLpvVR+sLS7RbvG0+QO/N6DCwedmRterKs+lu4W5g2sI/D6O/xuzxXf2UEmIugVNXoaIyMhYbOxWoJyiIzFAFBz0rFfXg9hV7RnE9SZAvHdhIfjt+eDC6LQNIcvgaz+imafcvrhbOAjTqWWx3tCcycqMN69nenei7N2rDsFej9PcoXFH7l3TQHdUqzOdo3wTAz9JygeLRZ9TZ747FiBjagEzyaSTS83YywXK1/oPaQUTHfyNdmsXkUfvNh4+kxnT9GZuIAjtTqha66dyYmEdEs+MaacsML0AkVRZfRwA/PVz6LxFRgOaa8239yFE+Pacg7SkUEHFCMPF6WNIqTAoLyvNlGYBdOyTcXGPoQYCl2quwgAChlz6tnAKoXt259G4Zq9XxRSFKWU7CFA9QNt0KzxDdFYd4zqvY+C9IQ9NGH7Qzo6Yszg/iyFG62VN70deVe/P/BfgpmuF8RvvGw/fOI5CNtLSvxzfJAICf/BQluFe/hYz/HiN1VKR/3PkReKcLdQp4pU32ej2o1BRFxOes/tghtdE/25Rv5hRc0TjuWULVlLCTlTfBDvw1gvMs2t3Nopyky6IvK1UzXd2UM4xx+Taz5y+m7O3gOFcnWVI7fhJMd+0H5ALVzKvHfME5B7fBVTahtZx9/EuQRLVAcykI4PKQy2RU5QsdUh381WGlZEtJb848i7XjW9vp2iNhwM3DE0BXBRxFHNr7rqY+5LkazMqT7VQ+3kBluTnWshDW6zT28YkLcymucTETlDGLVPRAx0TRNgSfouGDZ4zETUUjorOOOwmiKQdvV8dYD1Y5nWLgeRd7m+0fVGUhl/Las+YTCST8GzfNhIVfsagXLru0I8O/YawoI3gFJYuSofGthENJbdOsI100akvb6cEUS2BOuV7nH1wP+vA/xUlMc7Xy8UEoZzF4fvBVPGyGNAsk4Buri0KqGGmotCoxnqr3Qs1Oanri8eMUYVJo/b/EirUIdbqSejfh1+ydUK3cAHz9vBHuc7jcanH2Puc0oQEyS2s/X4LP9jIbF0mg5d79orx9ID8L0HUxgTcDyL9wVqMsJVvqHMnSH91d29ELfYURQ0mg8qsrr1p5XzkjsSptDQ15ABBWBN34D0Xc66QcVRhJ/AfrEKKezh4+lnKVSwAE69rMJ/baVhF0a19/iSfR9rMkuq3iDSwGQeZUvlBVaSBQmS9xLBXibJKitsoFUGIUTFv7qjDXDJtj3lTUz2gE4RK+OWMFPhv8Y293YX12B9exLGDaiaQ5N9RJ816eJJwIRINNqh1lyhjCc/vBMBZ2KEa7+WdPVpV5eEbsq37S8n2BCwclC/PUsOH1j9ZTF32tx0IR6oR4S8x4HEf20AnkXlgWiLuY6Gc/xPfGefi4RPczH/nTGzekUzeak1tMfcxmeQbNgzAzAQUuto5o8LTYHbtund9s2w7U5Plilw5R77UEIcxkEG6axB0QFByRi01oEQvVRFon3WeBZ1Hd5Sdb+Co9Beqf3shHDutc/mXUI2Z2hlF94A6+CxfCXiqK+H8Umj9iROBP1HmbjPPUKRt5YgeXDCaC2yPvtKIusV9ocdZjoBCziwU/krcyu/qoEnWTgwbsUi5smXkXf00kwmJ9Iu7gbNYDEN/l+CqEfT6E8AsxE6bo8ILuHMRo08TAEhWmlL4Gn7KlarkrjTg2k9PuNiSXljA4PvusvIfiMXbKnQLZKx5SNkzaOJjwrmOPMRskxRKeHFHFQB6aQN5xxHfJH6JHRTLZVWUUczEUscCRC0VYcl5zFq9I3va50h9wXMoYlJt675mfAEnCnNcCpuapRS2HAwo+mpoX+gjGfldNmXV/dzIxuC8q9AbmTn/hOKl0ezoEvAiN52dTY73i6jrBeyuv9sa5iX8haZWq2yXJDo3O1SN81Nt525WUaSrATa9S/JbMCSYF40pDlwGvy93XhgqzJC3JnjEuLDfihX5fPryit5HrLxiX7KqcM7BqOr2Ba2baX+U7fdrlvY/hihxEG3aZqxfNblw+avEPVaTfn+wwuFjt+qXUlHIzDoXYjR0CN3r89xgxYiaV9wSfbjWZMXeBlLty6SYd79WDpSHrBvLdzZ0VDlHJBWh4HMZ3dBiwmwJR0GQlmic0Sqf72PXKgRmsePRwdyh2SFIkBu+Fnyx6TFT44ryoeq6UNYYz+ajp2xlS+G2X9lT4+37eNq4+NxOnFLSbRpW485gIndf0rXvqJMFYncx3WXljgER8P3W+YFxWR0+3oFfcFMV8CFCvtxjAlgNYxOUr1mwHAZj+ATiJ5NZ2IevHbcckL+6hTs4Ea511ETdtzPE2Htl6PJE9nX/LOPInO6yFNzWdgGfrfBbjme7KxsVnFJMCUbctQiFy8Vma2hVANDlcdy/hOj4tp/n5EaycJn5BsgR8d2ROhMRs+B/un17zZU+m9gzv803wkQe4pX+ncONGY7pwcIADZ5OpJY0ntIF/vwtfHrd90fhYsE5At15AvC9AG1LjXLFTr9jf5em625na3W1iNbIH5lp3DYrqfJjWcmqpuZgxi9cmbBScZ/NycIdbw+1l/AcHIRMWTy6KnRXVbWojhi/SvoaaUcMut71l2qnrsiPqAgTeZeDcMzEdafeONQC4Vt4s9c0B9VOxcuzQum4j64B2WbMtnaJYHUyuhWFdSLORsi71reR6b/nHNk52+An04BdL9MttEcw4NmKWrltaQW56KVGxsXBgzVOYjzJqvuoLihOJZecsS+UUXt66Q94sNDCbOWex7XMJ+1zcujUz7g+q+coWSbIXTDAWB+/JF8xvGwnTvNDr7COtvRly6Il6NEMYi3BWyssXG+GyePdssJpHipTBdI6sC6N6Dkh0qUcyclWsTknWZcfk7OgJVuQO4PNJMiYgoPPohXgEJL/k03InDgWfOGgSoyRznVSqfPYJIlVb/imvYEyNEPfxSVIzX/Ya/dMTVOh9b9lXY8ZM6GQJwWRyHLYPpvHMv7LTb3h67IYdu5zfaG+Rv7LKpfadQddZ226dLBaLKbyyFOLq/gd87e9NIwpxIlFgHyaB5FeyO08Gc9qyCVbrLRzjx/GOaE4DcsmcNuHBsZCgTztZXr9ii/tVXBm6NPT3xInPfNVkOkj/90U0IS1X6w/r8TBgX5xvNgJlQjXFkgPwNrvbuDlQE249AUgFoOjSaCRIrGHJAapIzLuNNokTw31n+SsuUAduCTSyMdk9Jza4tIe7A8VV+u+6dzsPLeHz1a5ZY2KOAVuW6cyvqISO7kM62lQivJfoZhu5yHe7I4tcCjVOH9zylVahw8cKjqXyB8XJUuRC8loj2zC8Hj2xZoj0tFnVFS2jhVO4+x2tVvSdgRAyKCjgcFNCaIFq/uPKEe6nVLkbWGMKdafiAPcgtpXgWUOLziR1BetRa7AIgfM8WmHF38XRjUiP2zMpvyMKEwAOLsAOKlILufD9Wdm6rKMUOEJ+rk89g1kl2PFpTDKJ1DgBg2ig3LiEb6XS9xtIyGB62Y2ZCngSzYrTgxGPxV2qgKaB5H+dtRXn6TFKdrC0YEkNqEuO5oZ9lT+4IdJBmY3g/H0Zk4LuO0iZH63DAJ0Qkxsc3uU9eBfLUdUGwRh0I+4oBEIJ7vGXTpvgaMFsZgaFviyPu+v52to3tlCwuegA5wFjjz7IqLxIVtUuqDXm9K6DmfDhEOYDl6InraNTtpkYaN2jqAwCgG5vB1mib7sNp37dTvCwP1Z/yqlUk5rIS+5f7NVdr366gj5Z+6tdpN0w/GYpTALGayU/5KStTCWQ0fNeDFFr22mwc8YlNpGOgKJ55QTzJjYf6J1s3NTKlvtUhqUogiy6PmlpL/cdUfHREvlLkzwSFwdAP79+rp/otM4xpKfsxSMaCGrd2k9cYvg5ATwYlNIRQrlS+BuMbultLv/r+2Q+IFFA15rYuC8VeL4Iwr14BTWRKfIuJ9B0BK8yN5jFG9+Z2rTthCtpn0/Ld+E/6NMX6wInMqi7xvoOL+SYhGCyZ8JYOmC+YQhhOcnUXQHe/s7wztgWuE3mq8uZyRkeelqFOqnl5dnEgOGD1UFq7Gu9EUXQbh8n/XxctNQDQX+hw2fOYwQxiRVql1gRsIYm/agL38MaUdbmajIu4leu3G7D9BH3DKq2bA61gK04+bYAp49PxAizMLFyLE48nFpnlg4QCRrVNf/Ot9gugCHIm7Agq/IhmFa/VHi/IR8rkh+KrjhPJUsdiNAgXmHtTJ5xdHyHC/CQLMz6/3secRxU90TxCT1b4pkz+ukSTnMKTAc4/b1g0LK+Kz65y3ko2NSl8pmN/7sCZPdmCMwXdD5WA1jhSyKwWVGXAsshVX/C7kPsXTD1qBNpXHjzk2qb3GKk+OPECb/Xh6PKBeilmq1JQajpqLU4kKXg925G14sz/cBaCpDTvYH9JhCABjb9BuHEMDZLjLKVpfB0Dn3hmrRY5pRGB2+tD5Gx20KWH7aIh0DVc1BCN8LNLBBBZECFM75RsHmUu+EqpAi2Apt56NUoVMAm/EsxdYaqiaOLVwVzuT7dw0nUUvKC/kR19Bsb8L7XzHKx4Xi9RS3/zNttqH9pyfncSRROZyQGvGCizD9b0HbFXOc2JhDjut5EIiYNwpn/DlwxEg1hbAoxceiVZZe373aphBPn+LFrU0pGUrWQ/qYb7aWSV03IFWNRs6jJg1JgJ+EO+bCaeKr/GgJ5qR+LOSVtVp7HT3R3fjQtStfxYuqAf62Ld1cwD6fwRrp2/ckd96HVjBXuDEmRqb0dS9lR+dmhLzWpdIcpS2z8QmfLdPaba7FKw21Y4Y8809qLJ0JA/78zgVYbbsQvwcQmTCr9ZZElE8lPVm9GURKwds+xSy+e7wLBEZb0pO68UDBxYPNWMubd8kTTFkMJRdrrfEbErgzdEfWO2eIte/vEOUy1P1qsLS2zalL5RoMKvMHXw5k0VW/kXzKkNi5AyjDssVr89aLIVWQsMImTLvwjKUZXwIeYM2MBi0r/j/QV+DhTsr8g/fUgdKRGpN8pgjhMtUE/6khdCoM01Sxp1c9p4UThvRTBB8+Zsm2f9DnC9aYFNsNLcG1D65R152M+b0lQj5LYuLe9K9V4CxIfHr2VhcL4Q/6uCTCu83PGHfCeQTQbzNv/8hR7LMkxGgAWeadIHfVcQZ6Lt8AfKEm+XziFPbUOyk6Ij7k7wudqn4+eRHI2HwrIz101uGeUvcY0BFwB0qX70r/I+NPp5+Pl6WvgWyFrC2FqbZHKHg/tJnVSvk/Je/X/fcYZEVf/lS4PbbrBw1fcDS00238uMkykaCpcMvd7dUs/5UU5LiFvj4EAb9++ys8ivB/1Auf9GAzl2YnTNeDdkSZsH96JDe8sRraZvE40aaL2yCQyrEJDR17101bKZJALoumOrrd0RnLnS5nmeedthxXtca1hJoFrKHx9grmr0bBpED+1E4KshVgK5NQ9eyzGHtr3cfCvUnBVxFUusWUJQQmLQdrybsLJl4AH9LsEMBJKHeErdiqBcdHnXq3QCC3ZWnnxIdVkGXRCpBG+uWo2uzzjkzWme8J0MgU1WT2fHT0VvFMVfAu27lM01enAH+5uqzNpxRMZprSJLNE+A72yKBXowz39ZBHN9uIshWb3uEsqvVVT0lgBiOTCWM0Ly3w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-08-06 13:09:19,209 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:09:19,209 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130919Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_3yobk6he1j7tvzk9fwg81eob9gbwmmvxnwnu|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_bbcc5b034f17badfa2021c9f08e7c34b|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxw2/HCkQDAFlBKZcwfr53ih9XRqbkCP4FUF5UFdmXNe8X+DPl+gdYJ485ZGbakU1bUQkDBLGuPW2xPC+I7n/tty/jWTcZATfiP3mA9j9seCp8d1t/EG0IkSlcTVoCKHXyZMO9nZdU|_4408273a37142f3a5d2fdab75ce3e332|
2020-08-06 13:09:20,468 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:09:20,469 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y" IsPassive="false"
            IssueInstant="2020-08-06T13:09:19.870Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>BV9HDM8nU3vRGn8RyBaRx6EByKo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>uVOyjN0YH0PLT40JHLPmSKpoHdVu0zuZcGFyzWLpeJE4RogD2oKt21bUX+Fy3fc/GXozW1+z9ep8azo6VMiLc8I5oouhrX0MWOTZaFbeeP6sBRxgw/Mc8xo0xTDvdsexRbf1989ZLIWyuQcw57DRrzvHkDdsFhMX02l41eN/5LUpYnz07dJeCaGC78ubhbdy37BEhuwQ9zOlSV/c3zGWBofgAqgkuR3MWAznUuEUIFBO4d/tHew06o8njM+XiRC87kwY/oZuAn/fVDV1fxBu5rOkKSo4Ydtuh2a1nUvBeRmaTd5XQVFW7oaulkFD04iIC8lB8pE12XV7hfPlLLJUnKpbHR8LwciUKVy93cMfLKxRKZGsSvnmEaQeL+qY6I5ODVzr4wfz9QdtowZ8YohUA7UPhz1vf8dBuc5hJouagHcAnI2gUYuxYMNMWmK88XcKQVWpNvwKgv99+qD7PnLsKZx6FVVbuKg2p1Uh4OWCAlmT4X+qn9O7XmD9fjIvK5xsXxAsBGKHIC/p0GU2wfBmlnbIxSl6TDJ5KmtzFCnl1HLs2nrK3OZgJGu0YgADyjRFGsWAfhgnQzPZ98M+OPFrilyLaN+Nr82e+tUMDuI7k2pIyJxQClY50nQQLXa+5t7Ai1zuMnmZBxCQJXr39Nw3vJH5VxiLxcaQv77HVOL6Rtw=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-08-06 13:09:20,469 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:09:20,469 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:09:20,469 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:09:20,469 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:09:20,469 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:09:20,469 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:09:20,469 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:09:20,470 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:20,470 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-08-06 13:09:20,470 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-08-06 13:09:20,470 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:09:20,470 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-08-06 13:09:20,470 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-08-06 13:09:20,470 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:09:20,470 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y', issue instant '2020-08-06T13:09:19.870Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:20,470 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y"
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y"
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y"
2020-08-06 13:09:20,471 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:09:20,471 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:09:20,472 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:09:20,472 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:09:20,480 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:09:20,480 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-08-06 13:09:20,480 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:09:20.481Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:09:20,481 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:09:20,482 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2020-08-06 13:09:20,482 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:09:20,482 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@466061389::identifier=rick, context=org.apache.velocity.VelocityContext@5eb71d6d]
2020-08-06 13:09:20,483 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@466061389::identifier=rick, context=org.apache.velocity.VelocityContext@5eb71d6d]
2020-08-06 13:09:20,484 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7a6b36a559a6fc7f030953a29fb9db2360fcae2fc35b5e66e43c039ebc11d32d for principal rick
2020-08-06 13:09:20,484 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7a6b36a559a6fc7f030953a29fb9db2360fcae2fc35b5e66e43c039ebc11d32d
2020-08-06 13:09:20,485 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:09:20,486 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:09:20,487 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:09:20,488 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:09:20,488 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _433a2619048e300929e1780fbf6e58a6
2020-08-06 13:09:20,488 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _433a2619048e300929e1780fbf6e58a6 to Response _4989a72f69ffed6648fd52a7978193af
2020-08-06 13:09:20,488 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _433a2619048e300929e1780fbf6e58a6
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:09:20,489 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxBTPTpAeetE/D5B/PNrGnXeHcaL/56FhtF3auNIqHL9hOnDKcl2jvxuOUTeE0O2VtQlrXDX0j6JeCR3LO2r7E4qJ6NmuGceWHin4niM5irMb35M6wZiJ/xWGNoLtrp3nvxH7QDJNB with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _433a2619048e300929e1780fbf6e58a6
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _433a2619048e300929e1780fbf6e58a6 did not already contain Conditions, one was added
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:14:20.486Z, to Assertion _433a2619048e300929e1780fbf6e58a6
2020-08-06 13:09:20,490 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _433a2619048e300929e1780fbf6e58a6 already contained Conditions, nothing was done
2020-08-06 13:09:20,491 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:09:20,491 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _433a2619048e300929e1780fbf6e58a6 already contained Conditions, nothing was done
2020-08-06 13:09:20,491 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:09:20,491 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2020-08-06 13:09:20,491 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _433a2619048e300929e1780fbf6e58a6
2020-08-06 13:09:20,491 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _433a2619048e300929e1780fbf6e58a6 did not already contain Advice, one was added
2020-08-06 13:09:20,492 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 7a6b36a559a6fc7f030953a29fb9db2360fcae2fc35b5e66e43c039ebc11d32d
2020-08-06 13:09:20,492 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 7a6b36a559a6fc7f030953a29fb9db2360fcae2fc35b5e66e43c039ebc11d32d
2020-08-06 13:09:20,492 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:09:20,492 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxBTPTpAeetE/D5B/PNrGnXeHcaL/56FhtF3auNIqHL9hOnDKcl2jvxuOUTeE0O2VtQlrXDX0j6JeCR3LO2r7E4qJ6NmuGceWHin4niM5irMb35M6wZiJ/xWGNoLtrp3nvxH7QDJNB
2020-08-06 13:09:20,492 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:09:20,492 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:09:20,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_433a2619048e300929e1780fbf6e58a6"
2020-08-06 13:09:20,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _433a2619048e300929e1780fbf6e58a6 and Element was [saml2:Assertion: null]
2020-08-06 13:09:20,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_433a2619048e300929e1780fbf6e58a6"
2020-08-06 13:09:20,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _433a2619048e300929e1780fbf6e58a6 and Element was [saml2:Assertion: null]
2020-08-06 13:09:20,495 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_4989a72f69ffed6648fd52a7978193af"
    InResponseTo="_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y"
    IssueInstant="2020-08-06T13:09:20.486Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_433a2619048e300929e1780fbf6e58a6"
        IssueInstant="2020-08-06T13:09:20.486Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_433a2619048e300929e1780fbf6e58a6">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>pmrHpcO4rllIYxs8HYWD5eI6Fqsh7sLrDNWJosmH9Ew=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Pd3bNIOER49pd8s3DiuFjOH6cUrXQkxvt38ZIM3b2gN/SxLEQg7+80wiSLdYldApmh9Z7mKgpZx137IXiPvF6hGpgtDYf8q/8PrI8dym8lOS0VVur2ZCVdiF3hrd5e3cjIfCFGZI8ueLxi4/rAAM0JfF24cn0fXjgumD4Cq+HQMj+wW0es8LxhcY5DOT3lDqQMPX4p8Z+nYqXwjkk+ZTuOmYAwqvPuTmE6pSveYsLwoH3V7zo/UuSdSqLIugeXY5BZIKfSVyEb0N+kiDSwVinXjUyWn18NYUEwMJu2+UxtCn0XyvGIcFTnL20LdyOwh2VXJx5wEtPQe21gz0uoUkDA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxBTPTpAeetE/D5B/PNrGnXeHcaL/56FhtF3auNIqHL9hOnDKcl2jvxuOUTeE0O2VtQlrXDX0j6JeCR3LO2r7E4qJ6NmuGceWHin4niM5irMb35M6wZiJ/xWGNoLtrp3nvxH7QDJNB</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y"
                    NotOnOrAfter="2020-08-06T13:14:20.490Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:09:20.486Z" NotOnOrAfter="2020-08-06T13:14:20.486Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">ACAMvVVUjd2gZ5YA5ceuDa7eMkQGo0wohaeEdEUmM8M=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:09:20.484Z" SessionIndex="_9b96798b7cc571545e335f3a0ef84c8a">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:09:20,496 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-08-06 13:09:20,496 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2020-08-06 13:09:20,497 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4989a72f69ffed6648fd52a7978193af"
2020-08-06 13:09:20,497 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4989a72f69ffed6648fd52a7978193af and Element was [saml2p:Response: null]
2020-08-06 13:09:20,497 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4989a72f69ffed6648fd52a7978193af"
2020-08-06 13:09:20,497 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4989a72f69ffed6648fd52a7978193af and Element was [saml2p:Response: null]
2020-08-06 13:09:20,499 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2020-08-06 13:09:20,500 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">ACAMvVVUjd2gZ5YA5ceuDa7eMkQGo0wohaeEdEUmM8M=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_4989a72f69ffed6648fd52a7978193af"
            InResponseTo="_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y"
            IssueInstant="2020-08-06T13:09:20.486Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_4989a72f69ffed6648fd52a7978193af">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>flHqkuBRJnsxyoriTqqVpcmiQva3VC1dmxN6tp6M564=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>DCaQmN4HNjavwVFc47bk0WuQpUQQ0mxqNRUR36uLAXx0FQ9I5g9VIe7EWu3KGb6m56oR3bPLx3SL/s2CEfYGbXuhtTKqNsXGQVKWEZPtR8+iwjEtEGaVlUbxiG53UCOIBqwSgb95C5+85CGDqTqq/kRojZsoyPyyH2+CHHnNY/5wn78qb+pwJfeeI8Cr6+hKpauq02+fnbp7GV57HqqMOhUCrMqUWCuS3hzN3fVVi9mMA00me/9lgqZ4j+RkBBDAyDkwFG9vbgxwmRvy/JpmHPwdVSTkoLl2Rv/jjE2Lv7hFvpaK/42re+d8V0F9SJZ1+oizoWJcylbxWKiakT/yUg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_3a53d234e2defa0cf5aa0ea25dd5fa30"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_2cafed12d73914def1e900a00fa422e6"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>WKbIl8Eg8P4ItZV3dPwmf4lcW8sJ7VzQghKEZzE3uxiB7J5iO8wk5SKmfKxUE/pNUBIY8cNiafjuMVfV8M26+rx23aAFDPdwOyjzITGmS0S0AypsUtoNDXAzk6EP87Auz7NU+G5rK3uP+0QHRecAlE106/bU/rBQdLzZ73Hj4UZnoAq5vhVy/tUK7fTzixe3g0FoCOkQxWjVH2V87Xf3vMMsVlSHgCioa0wWMi7s/gZG+0ambR7iDfZOiPSw1QWQjFaHwQwV5vrhatEDEjW8CNYJj3f0f3X31orMDf03wz1Iky31hI5DfQxoG8JQT9obdox4e1cW+x9pX6r/3Qw++OSm9DVY3BmmaOSxDpDTT6MPI3MgL02JWPvGd2eOqjmK9r0JdnFexzb8C9n/HSWZFCe8BlALpEq7UFBdgQXu7LztN1PAn/JVDMpOgMsMDGKkC1z8LiWYOPHShqaR3NhuhcTdA0IM4aCrZeyt0G2rxUuepopCPs57HN/wm4hb5ZLMOw8eVbogAAEYpc72vnY8JWscKPs35VfGeU77SdfMyLCVw/JNBeTJjQk/LZ2hBOW8Ej0+W0Dv6qsuP1FwBXITXn/4SCYr+tdn+FtJNe+bFEWDAaltHw5iAoqEBEbHWsVnKSFmcnJe9hw70e+LNk8e7dzCYtFd12vxxWb5dgtHqEE=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>NulIHoPGhHHVRQ+MiIBNlv6VRxsNKnTAI3HqA3aCFl9ooEbRyZbmniKRh7bwQbafOyoLm1fCExZK57hWZHjeinQzAlW7aIjtuikRGzRwylV/d6LW3ZvhdNOxUU02WISSFwanPFLS3ZLxFOxGDB42a64y/nmq2tHfJ/CWi51DRYSgg9mQAvp26HpPd/fSa4afdydqFyO9n6Odyh33bFj8hX2e9ud6QCeQafFYTbVtUgjJgRj+OpzFWYafKAfSM6Rvu2w3uEaMtRs1P0YnqQFPSjliQxvLlLSUoMwYJ1LczCVNPy8hfR5NbI1pdvy8h6tzScu4V16dRRZBxtR3Dqi8GB0MN9CwBg14rPVk0gmTGgRJhlFDMOcLp70Ik2bVe2uTQZzNvPA2Uvit+VPVfkSh4yXzKFA+eQhfgmT3MNTljDiM6hf/I0UN23gPmRJ+mRiNT9T60O7rW7TmI1IU07Nopw64NS1nHeUsWnysAmqxoceM3IN1gJ4h52J8RpeAMfpyQ9GZrz2e5wLXNC1lgZx8xG4Eal+OWAwk6r47V1zLuNGn4KFqcZxpR9edLYEpWvH4QoE54Q+P9TMPuGZtQTcIH+wmezz8jbfH6N6dB8jTrHJfW1y1upnYx4dQnfHmxslqiP2yIZtzBzvnMMFbcpG0utxKKSJbutmYvSqlGcG9c+gYoX2H8A0Yg2OxykGhWx6eRgC2Hw/yAPL8yrWwOL/uLXHcMB6epYZg0CSAQJ6XsrqOZt4lXxX6k3pozACn+DL61YIpk2macSkz7MmyX76pT5SAPbWWcjsvp2Kj4iXtKoTaNGzm1MAGl7phsLlt/a+AVSEyKgAhBAQ675AOKWAipha47/wluSdxe7jD6aXcHSKsZyHXt33zdBpHhKloT7sp1t+7KGeZQzDdO1aiReW5R3MVapbLQl5rlq9f6TQH5H9bQgtU9R6wYDPBT1ohvd8v98y1ulZ+QKFrt/8piUC/GYNTMLBvx6MWJiHLDsNpDW1nUlHKhRhlqMkR3TLcyLWqiXcjI77CfObXR0JItPUHTlkfap6vaRaTGPxKBBy5XKwxlBiFULqeqcKDBuTFX2kWm57PhMH2SR/MDt4bK2SNtYf6Gt+DgELoCIQul3WdBPH8FsCUICJkE2dasaxQz+MlHjE4/wn6ujNmqW63SDzeDIJqX6WQhXny9ANq1Dt3iGhcqerKpj2+NLq0dm4Hd2MLmiQeTtehsidrAU3NRiM0zNJMwasTV1VAQsyBrC+wnPQRmEWyXB3HwzQE9b1xCspNhBtUImcLnOiC6qnDLQKujr8WsohiMz5We1f2oFimdsfxmtLs35JRlK+MTX/1yD1lFTnW126Uup4Qbk8LjT3RGFiBkPq7HrQXm7xAlv43HCTD5yc9XKtaPiRtAvIY74uxleZDP3YTjfcQYULmqhUDgc9MNdPGDH+YRagVF7Zu32Ye/aSH1gaH4CuAyNm8h8/aEMXBBq1o98vtqcUbQ77Rq7dFRZef1beRobgGwPAlnjGj1cYxUwYYfSjnzOk8c7yqfSWdHCLdE6WwQ1F7bHWF1Bi/4OsQgtqBbm0AbAYQ28A9aJrub1BLKGedI4c4RNiZT2nSSik3FRZMv0UpSrUOQPGPYXOaDZwnKQ+CcWMF3lNI7ENGB4m2yHVuX0+jysSSmwits+zYaaqC8ddFGYOUwLtQMbXpVC0fOYVCRs4dLyeFu3HRZAwxpfhP5nK993W65EgIpMBUtKoDD39H9rRitRAT/v4pJlsj+3szKvvR1Y9rHe9tVF7iqKu9KO+cjdbb4wrTBtbIXdJI16S7diIp3YOl1tDHPS5FrMiPrplGcKv60lkUqqBvlHhQofCCGrQ9iRPY/SWrLBF/omNsT9QHoxTjZWJtxQz6H6VDNVMtz0NE3uCSULYA85c5oZYET9iFjnGuIILeTNWotuqCO78kJT6sCu14QUKDWze5q67oLCG1jM/qgWt3QKPz3s+Evm0xxZMvZ97fqQfxeSU3xUayKX6ZHg6UKLgqTMkoRJkoDlEwUmxOPxwQZHppmECjOEHbhPTqYHwC9BBjjbq0hkM7a0zykrpS4PMCDZxnFMfkto14erbJWm1c3QOTSLYmRhzf8SYpR2mrV4ArxwtUJ7La5ef2eQFcU67t3QCIa1YSlC1MsLIDwelw6AKg8eKNSm6lN5+HOpYsq0UwxRbNbffmsSnCmWup/96Srvwm9fMHSiqUvPU6DKddvDnP1Q3gqn+FGMDPyLlX6kBFiOfJbiufZRhkLnkQxDDo5l5ZSMIhP4g114uc8X8HxTXyk0EakUGEGHLfK3jgle3QYRad1V2Xn+r3OXNj1aWFQ4mj5LM6W+l7EF1pAtoqs8+lj9HEgqCec7bXF6gJySURL6oW5hYewUyFqZnJbUSG5VvRhmGFJzGwGZy4OiwFg+Y1Ps9Qcz8I9HQU+ErU+Z0DF2e5yCmD8xpMlxoKkreJDhQGm5QLgaC/xOFy4eP7mLiyRSAR1gAlY0FdO2W+rDNq8uqmpJxWTyFl+7hfEoY7v4lnyF7FmXjZiiDiD9YZxab3mAPBb3Rqnm2rJdxpRfcPu1ihhnQEv4eYowroOkj1VZijL2QezMw0rlW3lZE5NdqEYw640owov0ngRJkMohemygWKXo+Ermoj4ROE5aAguMQg2RE6xmeoNgacriH3yBqbik6kk8usLGpRBOmK6dgvtmg3JrnVv6O7FxLM+ahyUtcNyh3zsxP2RLU77Rnmigsh7RZrGft7GdSV4tPPya2T8ggsjo6RlgURGZoAF8F5V/taMzBE9DE12NitptzWU8cOfNTC6XwZjUnBXkbJ/dW1Gg71D1gDzL7Zh8XdJFhqHHbrjcL8sPnIe95kt1z8vuDKq6T0OVhLLpXmekbMB/mrQKdKTkIC7eDjEbOJCs1OFI5WT2iqp9cP5iMLuPJkZvr5jYUDdKxxb+yV10OSC7yEqMLYrrAO8ToaenwxSMTsIJc7jqbhrHZYG9akcbN9O0M+Rl5qu/+6MgLKylA8budV7/FmWsfZt2gMIBCKQD+9jXZ4sJWDNovuUZrO8ugY1tyXO+ziKvlcbWZqoHuiDsj/RQho4y+h4HxwVimi+obUyYIKlW1oxD9HmA/zleMVMiHiZ8y2lDjzxbTp4o8eOkO5bKKxc3eUJq8oXrnhm05S3BwpOk5q6r0H6N2PsIauPGx9GJOjlz32wNFS+HrjxYFU/81E9UL9UarQnCIGW9iqSnWV7/vg1byhVDDpYTSmZLz3J0zOtTskaaWuP7ECuAxw7nJYdKqOT6+UtyAw2rVdFRwEkj99SmR6HkDkFQ726L7+T/8H3JgsqUKfnp0qzJthppmFR8up7E1rRo75zsqqXvRiO11SCxIi/vyICs2xOZfFUskjNQysfbKdov28xqShlOxTbQd0CM7jt1iH5L3bPgNY+mhAXlBOizmyNv1yKMKAZFUufJg7Pipg4tLuUkb5YSGwdXDWMB2iII/si7k8n/HXpA6IkXInzQfMjtfSDGjUrolNAkOcu8Pc22i4hF7nyKvjWcsWyifXnQ7gh23vJRRqTWxvX/lm2asWD2924hA0hYZ3q7v904Db2HMwkd/OwWnZvm9iCAuBmPFCU6932MLdWv2JoJFJgajjnKPJC4VKX4EVqwZv7F0ErmeILaYbX6rAepr5q/H0Iu72UUF8+u0Kd6yfIfxOV0obkbL0B/bsD4QqYsHin0H2f2oqPKcBYw5XRxbegMsVXHDrdgDY4RlV5u/zamExTyrHPWpmepbWyQLrw6+9cMbMilpu7XhCDQfkdhIz9W1KuXgBF10OCrAoY7+3GPt2aAH0EjopKJLScGyyKE6QtZz7u1K68m8QaSIOLEuLdwKYjwDrecmOdYS9B+tyULfRCN8M39dueZFSI+F7/5TaeLnT03+gcfkqUlbEMudKoAO81/M4onQsJdhiAXPocGGFyvRvsU06zrKRudzc29qhbpFVz9ip2z32MNbLQpgkTG+g6hrLjdorXvZt8puTG21clrtlfr+b+x0Ir5hRuMo2tPYWmtL0xwWySP/rZ1zJMpFPbub9XPcFE5u/eMW57zTFYwFmgaF3u+RGIhTy4Z7urYVL8FJ9X8jI0i61RYCdSG9XFNaotXwtuXz5zzpfnxZSaWDtFTu9CYkh/w5x6+Kb+PA/RZrwJR9JSu8IqNEHdc/pnOu97qEenIHWr1By8oHk3VDN9LDVlCt3PHlbregWn5Lgl1HZxyhxkHy4Tp+HzBSMMo/AEz8DALLloNK8YZDXyo5BD5BnsWbsmE5mmRy45xBppueTSFplSSAiDQIMj3Zj/H6mu9rH3f3RbnjwJGZo2L7olpMDplVIJNoVJgV+Hkaqz3z8rPpze0hntdZORRqh3/RxMnE7SWxB4puEtM/sqdQFbYEPjldF5zH++Pa7W9gIn7xC0qHZzwaA0p7mFijs5PwTRJBS8MsAOEChEwB7kIKqt31vdrVhD7Kwiklaaj5StIVMXy05AOnogzyQ+SRkiN5Xe/Z2i4rOlW22NoQwCG1gwx7qZAeGtEfIJaqQAtJT3PUR4LKLXe+momGixlvnt0KGZ0VrWAY0nQBjcFHQmrb7qdXVyTAs+0/RZyFFEkk6Eb+6oni7qUeAWHc/11bhP0jrLHezFXf/xiRgiw392Ey9g/iaEKBGlkMosWKMwG3xKqg/LKzDMiG6KdbUOF6qKMW7Q4m6cZi8GaxIUM3wqGTDhCq7vPy7Q/JlWGNd/GyY9LrDZvAloUONtgrQ84u7CcZK0rr4Fk2s1uljW+qhofxCtCx7V5Ta+mHR32EdHYsnFTjtQiMwZqzLQuM+VnFC9K5a9RmWYy4zFpBpR+9MXl9ZnkjXukaJ5xsZk6Cz4YjFw+IbyYvdqxontr5CmB8uYkoJmdrEtlO73KdugrH/cU74nFVHaFKbXikyagTYPtWOVqyRfjTjxH42OWg89nKJx7vcAmaTvZ9V7dw55WHqasAVKdeef7CLdKLSR4mLuxdrBxDWsUUfAUcM2BsG9VMWxBsSPKwQpeCpGMsN28PNjyzKokQF3YNPgTQykNPTj0qAset9W3CBi5q6DB5PiDW04FIZvPUvBJIXWaVle/wc5Y2DtV1NzHDAV9UCjDNxkRfQXdL/l5pLf8Obo3Fr47wCa8uGKdCggW6hJgmL1KBZbWfalLCGGf1rrPsdHm/n+O9QLR2MPE+ZzgwUetr7MK5n9Gr5YivZa/ZlwZ2QXVF0h9OPdaCBpxZrHd5xMK8kI88Ko9AyLQTTaI24tVFzyiKgbMBAmTE5aSrEc+YRGynAVdbRD0HumEeFz1mkx0KZ6KuvNCDS0rYnZCYjKwKGZj0IWKES1lElFkSwuvHZTuijsRZymKiunyRbny2ZVcfpWCgA2oOUnKMQ5svK+jr4UwyTtUTRbuiHHytySLWdkyewTtT1EE1h3V6segVWgLszHT0ca2vPGL8nPMFvV4xqGUUuQV4AMUFoJCzPpHoIrOWfn0cDdZ+yD0YjPvTeYv7WbShiumsgn5gvSCFdYfnGBA+WtgzyoHlYG0LDR3rRHywI8bqIkK4QkBQVOBTHjxhbqtjTxfCUttmEFed95IanTTvdYrWLY0BcJyj1FGeenQEBp3lWF5ECFqnPfQTxwBLpMJC2czgwzrZ0VpIun8qMEyqyz2EGKKW5m+Z+3xQUE+fJ3YM/hw8WqtUhxjaxKSeUR/vEPKf8UvKsQgfRZrveZuKzeHSnnma2EjDUaVdtF5cGuJum+w+4ho9zpg4fC+cRwTSkdj6FiVZOwyiag7aTGzaifCfbxWAKMa++oYwuPCjINuHOOhsvH2rHuFOFVCGOv92Z1rPhyLPISVvnZSstnYsaOv1e2GA3Bc2dHh8SVodesu1FEZSSv+Tem6s2sUM/p9Y+lEBjHgjElLFwn2R8B8FexcTeQ0U/a92RKRUd5nAk7nm1JrbLc68P/9dUZkfj1q3NOZk0CRI2LQFtty0o1fiHBajbNWVN9OR1jtnfyCY9HyLwpqwkTtoaY0+MNMBJRsWfTR5bj+TZxeBqsU0e2kK0xDnXyarGMYEDa/4I9EGF5JBcg57ZrbeORv+zPdOaMJ6X0Uepmqqxd1L2ZWMoeduEOndDkJi4YszBRDyH2ZG3c9wGKCL2wg/eY+eKUlNC05lykfZ5sz9GszwTSD4olkA/UnUDLjv/5T2fRmKAmGkNzw61KGzOTVuYr3JwWOYJx4Vg2FiKDE0F+V84F8EbWngTS48QZvXuUYJrkv7gGSm6DK9kad/1KVQOwiajaB40KgIHRDf5uQbCRiITYnP14jMrvGSQNOynrqpz2bjBPJdueE0gvl8HF6K/Rq7hNTBwjtAk9JAAGj6Mpwvd06v8B1TybJBqE/+EiKVTZQ7qZpC58kK3oAANMrf+QmVsi9ZVlc0txqh/YxYpUMdJkRYKIcAzgwGSwl0OhLobrheq7lt+pKcdPqX/FHN8i2qxdaj0VH/XxpGxsKtOiOYGRdBR/vHo1BpGzfZI8eH6ntAn2ocNmjo+vT7v4+pZLpND9+GFPufJQfh+WycPyAhfaphDBIyKbHI1f2zWjzDsbuXkUKGpXrv8AJlDQG51ma8WiSiDhqo2i5XQy4KS3dVTno+JogcdZ8Rphp8L2o9e8PjSEsd3ZuCgXCdxntn4HfBBeGebdjz9aaJWA8ej5NyvXnJMyonZ70tAxnUjulwzSK/oTxwafzydvQLfywAE97bxwgPgbMN7GexJrn3sN9CRT+wACCRuehD4A/atKHXsUCQcRZ34mXAzaEAhqAuHb06g87MFdAT9cFsx/Qx3r0w8XeK2y0Z2gq82rk5H8AUsoWNvmxAuMVCWd+emYULIcQjIZAMpWDoYM2KC5M1G+ZRRHEZFmZxh9qJ1IKRQUxrcGVVYcoEhnLY747weHHxVo0GScVfBEnaTc70o87q71Lwj5Wv+z6HuOvz7dq1hENCk1kkKp1sfup/RpdKPK92Hxjpom+4umn28+dw3LdiMpQcTGAhH0XkuiHgo21QGWu+3fu7FGaIc9Ub2YWjjmCNQBoVxZlSJYEZd0u4oeMpBmmLxKYVGaqpaVtHvOubSw4YftGR1JKh4sB6H6ILNP95ePkF9/aFerGGm18Fyq5GC5qw+0XUNb7iMPwocymVqJxFFgcPcfNbC6Z9I6OBjutXypAzFGbS9re8582AU5wkGJxY/rjMMSohI690MU0WQ+Bx7eG+61U3FDEjo3wH4pldiaGAzNfbjeegsAc963r4U3GIg1XtGByGsflvcMXGZQRMMZ78M15Ktt0Ev1CEUmRJzFltLbAZm3HIAxcH6V5MBTcfnFYlylW6MIeqv9vW31XY0n6PE94o2naTJ1P+YBY9HLYWctw0hBPo7xjHxFKe8Rmex3Ki4wjXDX2AIO5THB/jXi7V/qgVWYTpilFxOjXfsxBJ06p5zwZ1vobDRsyul/UTT7xTpFKWauZhmIzU2ZXx/JlXwBVhBh2wyWpQ6YQrvR4LD+RMm6SRsEMM0ZQ67A+QxTocXTo83Rn8k9mGBFjnN7WAfTPJ+ADuq8n30LIAADT29B40wYfBnZsJxz/gyj+ieEpwen6TplgKlENuuBzzKD1jy8L97ynes+FdgRl5q9iaB5hqACIHpbDOylu+K02FYBa9uEelqnI+em9R8dO5VwARdg7Ui4axvP3qedIeP6PS7TPegQsrXco6Oi5C8DgfBlH9totgtrP3Mg6tUusvtsT1VW4pEMLxYCbJPz3UtWgW8Ogi7z1rPXWftwG3DFT711HviL6+0eAdDrP9dSyj60pbfE+H+SaECwMfRFW7kYpdnlwund/hfQJOgyy80IxY7+R4aZzfSkytXtquvxmXqKvUF2hVkhHUNcVoKNP8I5PPjn14R8FtPf07EFrd5CIsb0805MhsGzbPzOe250L6ew9hpCmZoGO9613E2OhnagUDLf3rkAA2gq9cwCEWiP64JQjZJdcA/t3SpZpjEeA2t3L9irkIukRPxVURF41PV7QkuvcylvCtENK4BY1Jq3L5aMT0zLREix8h2IDIhjdpQuwf/ML79Jph9eM+AE8utSmrX6SzoR5jMDMjsa55KmgnLaAwkS/SWm1M8ruzN05irgrXjTWuHeFZFB6uiXE9E7KZCfdoQywh6IhXKb126xzT5O2XkQ+V5FYMPnqOPHA0v79l5aAENeRcOGMbE7ysBGI5VJDMCFKSVAyMbsBqmDhygsnkjvQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2020-08-06 13:09:20,500 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:09:20,500 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130920Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_elo4mmvtnzvzs4ljtj6o1hqnjus5an7zs93y|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_4989a72f69ffed6648fd52a7978193af|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxBTPTpAeetE/D5B/PNrGnXeHcaL/56FhtF3auNIqHL9hOnDKcl2jvxuOUTeE0O2VtQlrXDX0j6JeCR3LO2r7E4qJ6NmuGceWHin4niM5irMb35M6wZiJ/xWGNoLtrp3nvxH7QDJNB|_433a2619048e300929e1780fbf6e58a6|
2020-08-06 13:09:21,795 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2020-08-06 13:09:21,795 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2020-08-06 13:09:21,795 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-de.otc.t-systems.com, acsURL=null, relayState=null, time=2020-08-06T13:09:21.795Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_b961da7f-4e85-457d-92a0-e9c67c304976"
    IssueInstant="2020-08-06T13:09:21.795Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2020-08-06 13:09:21,795 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2020-08-06 13:09:21,796 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:09:21,796 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:09:21,796 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:09:21,796 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:09:21,796 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:09:21,796 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:09:21,796 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:09:21,796 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:21,797 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:09:21,797 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:09:21,797 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2020-08-06 13:09:21,797 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b961da7f-4e85-457d-92a0-e9c67c304976', issue instant '2020-08-06T13:09:21.795Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:21,798 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2020-08-06 13:09:21,798 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-08-06 13:09:21,798 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:09:21,798 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:09:21,798 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:09:21,798 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:09:21,798 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:09:21,798 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:09:21,799 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:09:21,799 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:09:21,799 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:09:21,799 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2020-08-06 13:09:21,799 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-08-06 13:09:21,799 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:09:21,799 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:09:21,799 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:09:21,800 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:09:21,801 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:09:21.801Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:09:21,801 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:09:21,801 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:09:21,801 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:09:21,802 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:09:21,802 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:09:21,802 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:09:21,802 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:09:21,802 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:09:21,802 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:09:21,802 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:09:21,985 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:21,985 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:09:21,985 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:09:22,358 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-08-06 13:09:22,358 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-08-06 13:09:22,358 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-08-06 13:09:22,358 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@997069051::identifier=rick, context=org.apache.velocity.VelocityContext@4587a2e9]
2020-08-06 13:09:22,359 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@997069051::identifier=rick, context=org.apache.velocity.VelocityContext@4587a2e9]
2020-08-06 13:09:22,361 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-08-06 13:09:22,361 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-08-06 13:09:22,361 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-08-06 13:09:22,361 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-08-06 13:09:22,361 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-08-06 13:09:22,361 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-08-06 13:09:22,361 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-08-06 13:09:22,361 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ee4d858fa104a5b611c031c0fd059df6ca744c2710d84f87adbe1b486f90fdcd for principal rick
2020-08-06 13:09:22,362 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@21c7433'
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:09:22,363 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2020-08-06 13:09:22,364 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130922Z|https://iam.eu-de.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-08-06 13:09:22,364 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-08-06 13:09:22,547 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:22,547 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:09:22,547 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-08-06 13:09:22,547 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-08-06 13:09:22,547 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:09:22,547 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-08-06 13:09:22,739 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-08-06 13:09:22,739 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-08-06 13:09:22,739 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200806T130922Z|https://iam.eu-de.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-08-06 13:09:22,739 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-de.otc.t-systems.com, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1628255362740}'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-de.otc.t-systems.com'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-de.otc.t-systems.com]' as '["rick:https://iam.eu-de.otc.t-systems.com"]'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@21c7433'
2020-08-06 13:09:22,740 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:09:22,740 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-08-06 13:09:22,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-08-06 13:09:22,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2020-08-06 13:09:22,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2020-08-06 13:09:22,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-08-06 13:09:22,741 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _67aba8ff4e174b1ef2758e642fddc0bf
2020-08-06 13:09:22,741 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _67aba8ff4e174b1ef2758e642fddc0bf to Response _5f642501d24ee4aca656580bc0580099
2020-08-06 13:09:22,741 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _67aba8ff4e174b1ef2758e642fddc0bf
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-08-06 13:09:22,742 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-08-06 13:09:22,743 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-08-06 13:09:22,743 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxEDpjyTX9si/7AaOalM80nEJRJi/ggFhxAKnMpTbigP0r9jThyPOZEqYXSUPSMZGhijX5oUazAAWUqWPB5LCCX/WAIGozJ5ra7wNQO4IRu1kjXkXVavvaCgboB8oXqTD5jTpGeEAm with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _67aba8ff4e174b1ef2758e642fddc0bf
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _67aba8ff4e174b1ef2758e642fddc0bf did not already contain Conditions, one was added
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-08-06T13:14:22.740Z, to Assertion _67aba8ff4e174b1ef2758e642fddc0bf
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _67aba8ff4e174b1ef2758e642fddc0bf already contained Conditions, nothing was done
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _67aba8ff4e174b1ef2758e642fddc0bf already contained Conditions, nothing was done
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2020-08-06 13:09:22,743 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _67aba8ff4e174b1ef2758e642fddc0bf
2020-08-06 13:09:22,744 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session ee4d858fa104a5b611c031c0fd059df6ca744c2710d84f87adbe1b486f90fdcd
2020-08-06 13:09:22,744 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session ee4d858fa104a5b611c031c0fd059df6ca744c2710d84f87adbe1b486f90fdcd
2020-08-06 13:09:22,744 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-08-06 13:09:22,744 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxEDpjyTX9si/7AaOalM80nEJRJi/ggFhxAKnMpTbigP0r9jThyPOZEqYXSUPSMZGhijX5oUazAAWUqWPB5LCCX/WAIGozJ5ra7wNQO4IRu1kjXkXVavvaCgboB8oXqTD5jTpGeEAm
2020-08-06 13:09:22,745 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-08-06 13:09:22,745 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-08-06 13:09:22,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_67aba8ff4e174b1ef2758e642fddc0bf"
2020-08-06 13:09:22,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _67aba8ff4e174b1ef2758e642fddc0bf and Element was [saml2:Assertion: null]
2020-08-06 13:09:22,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_67aba8ff4e174b1ef2758e642fddc0bf"
2020-08-06 13:09:22,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _67aba8ff4e174b1ef2758e642fddc0bf and Element was [saml2:Assertion: null]
2020-08-06 13:09:22,747 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5f642501d24ee4aca656580bc0580099"
    IssueInstant="2020-08-06T13:09:22.740Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_67aba8ff4e174b1ef2758e642fddc0bf"
        IssueInstant="2020-08-06T13:09:22.740Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_67aba8ff4e174b1ef2758e642fddc0bf">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>HEx43wMmf0+LdQvkSeybPkTc6kErVzSEOzc4wQINM1k=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>HrudP4L5FdQo9tUUVqEryDtwfnhZYFFjSxlIHHCxyAzfHU5o4K5ygqHt6SdP7BB4jd89CiqVp+Em2l3h07yYycU+zlyZAY6jvUZcNzTlPztadH9BOtv0ylBwnussSMaynoaTthafikMsb/CfyFijq+7FcmGELxbPZVB1FDFeDWOTWND9zWykOhzTSgpAIfTvW5prf1gPfQDtmSqCz/o1f4OyUg4LqUaPvBVfkSp7xbWgY8yqCxpauMDEz8U9AEmNvk94qoZ/o22nXAFZBt10K4lUugbh9huPC+iDCAVj1+OGDuZ61PeW3cFrf39wbFxSCeA1g28ja+5jMkeg/Wa+OQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxEDpjyTX9si/7AaOalM80nEJRJi/ggFhxAKnMpTbigP0r9jThyPOZEqYXSUPSMZGhijX5oUazAAWUqWPB5LCCX/WAIGozJ5ra7wNQO4IRu1kjXkXVavvaCgboB8oXqTD5jTpGeEAm</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    NotOnOrAfter="2020-08-06T13:14:22.743Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-08-06T13:09:22.740Z" NotOnOrAfter="2020-08-06T13:14:22.740Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-08-06T13:09:22.361Z" SessionIndex="_fa37a3885934e41e021a0f4a6da896a3">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-08-06 13:09:22,749 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-08-06 13:09:22,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2020-08-06 13:09:22,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5f642501d24ee4aca656580bc0580099"
2020-08-06 13:09:22,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5f642501d24ee4aca656580bc0580099 and Element was [saml2p:Response: null]
2020-08-06 13:09:22,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5f642501d24ee4aca656580bc0580099"
2020-08-06 13:09:22,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5f642501d24ee4aca656580bc0580099 and Element was [saml2p:Response: null]
2020-08-06 13:09:22,751 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-08-06 13:09:22,751 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-de.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2020-08-06 13:09:22,751 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-08-06 13:09:22,753 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_5f642501d24ee4aca656580bc0580099"
    IssueInstant="2020-08-06T13:09:22.740Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5f642501d24ee4aca656580bc0580099">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>nUbnxJq1znQteWT8Tseu0z0iwdkVHpMkxjEH14aEjWI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>hVA1C1Oc+ynpv9h2CjTB+VV7ftOOiR+qWufx2WBy1vDFfqo83miAfIZSdukZJFEcf6b5RKyT7tGLRAocWQPBZX8GPCABIBlH2j5BJY5fPxmL1DQ28iK4Wh1xT7PM4F0kSUjkV1r1oS8ZU+7AdY1eS7zeLuqPaj1J2wyBGOqqx82Vx2ss9BMfp1ZHTLc8fBoKjNK+THkoWROzg8FpGs3C1KcndXmpm2R6eogW501eXt7naSDnNzOpmqOdl3QeKkpvIgUJjHGnugwyNxRg2NtJJ8WYL5CSJ8ZiF3B7VX8Tkqbqrnuw2jVkXYwcughl9aSbg//PV7FWhAeUrmaX+YKgqg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_4a101ec07641d2b0262801ff0ff23e0d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2cb548c7c71cf6f702ebdc729ae6162e"
                    Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Cv59JgbWCpd9bXIGpNpltmPIaBI94XHz5FRFrUnYTva2NGyEmsr7CPZ1sFhTdUGs+CzSVDKtKmP7EiWG3DkwRO3L4UlAhQFxGCw14wYkVmSJ9ju2XhLxGgLczNE6CdsNqN/wejRiHJ0XNOXIlxTRFoF98dwyqUxKvDstrJf1YhEqHMCH4QGX2cTpqM1zbI5772bd7WdavbW/Ym7KEXTVJI0fYDspZ4JbwIjCjN6OC9LFRVit2ePk7oz42DSvesVKBvRxFf3u2WZRj/dtLSF8dZlZk0xOFeNV2fALDam3wMi2pa8+TbKnfObzEyo0dlFq2PeLGFr4kRuT6uxMo089tyKsXHwl/rVUUhgpbCmE1ZZ/z48fEOVvGrlxwQPbpEZfSs9zzTI/bNRkR8oxdVkabsq69TvCPlA6m019Zz9n61RvHhKdkCqVTEIdkcFS1Dsmcvgmv8R4hRk7nUEk3MqwsJFisWQAlgH26DgrEIKX00AK5ZdTx1qu7x4VbXAflpdvxTGWAi9LWU1KzkVZvq5JIm5OvFDei7EMiynmYE+/eUAisf+yQWZD0OH84+SJJLXEkiYIRgx7h6Ww2q07bhj7wcxtLMRSBF3vUuc+nHFTngpuRrXmttO2QBzKhMS7GhhZ0dNBNM3OcJal/0r0y6wJiSqNRC9oQsa/pAsEkoJxZQk=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>q/q9a97M95gdtjcLqS8h0B91DLd8Z0bTtseGE/qQ6sMUHWs08iwI79dipAHIozA6yo+v5LqQEkODXltp4W26E7bBV2XnI7cpJIX1SpfT8Sw279kNDVgMCtRbGEajvwb7PO3XJiBCpBphgL1GjsOqblzQmEJ/q+BILS4SMxjW3KeQuGYvr6l9t3U7BKYTt4Wnbpi5kXu+/40GbqoJbvXSE1iwvktVR64JPlbHiGB4VSWZPsN8nrwBDF8aawlOHdPQdjKvNqkryd//zJllqzm52sIChkVeqg8v6doa3Do7t4s8d65RJgjvwPw4+DOpMuKbiPtIf9ldJ7hB6etmsuIbfqDO0m0LvmhjiXUWHpOJtCoQ7FljFXD0YL1iFc4VMGV6w86JmyvnCpu0CBTUqO1b9szIv6tRSrr6VZTkeA1QIe0kWN2WiLhDEg1vOP+KD01B3hSVyr7UrfqWIDvDtnz+adBMUft7Cpb7p0Fsjf/mlRr0RG2zkoztOyhHfs9DdfX8YWRJkpFa5nZbbW3PTTaKBZHfy1oHFl2XcsddBwKX38g+GtNsEBbVvrxUp8Vr9E9IrVU8v2/YOErpICtF9sBVD4VUSLj5pjyBiJUERulzHnd3RgwxA3MgkGA4ItZ975sHLzWplfQhKf9gR/5cbUYwEdxrTl/zWBeSGuAEjHQuioRjgkVZoOkszfZ0xaG8M+Qu4o3nuyfzJkfGjZGVs4UNDjtEuyAXGWiOA9TtmOuwVwEWmqySFXdnAuYrwxL053UJDDxpQd1S0rxOwjNA0N4h2zCWSr11mOSUliHmJ/BVmWtfiwLY/V2jYfMm14ebZOhI/lWCT7uYy0+pyTMk6tSQkkV12d1u70SrxyVWVvikze5dSwMuMqiXinGQVUO/HFFPMdPliUNidTcE8LYmyrVIngdvrICHdbpXYG1d3RUMPx1/sf6fe7agpUDtd45VKtsvU/CWrf1rgDqIWqBMHUGhsr/tUKdjMcnonZ6HgkI69+lUT+M179oZubBi6FtH0mg/5a4xS2fh+R6nIk6LZzooS4bGFeC2Aj2vvBfALeXwxNc9VOsxgTCiZoKmLce/5Gu6LvQ/JhjXtDwEK9+jvAJNpfkxbo3zTWxUoxd3yKEltcwQwRnXkwUqjCt05wYTCWhH2tEkKO/TMCG87K6NXqY+NsaCia5UwngvMRY/I/tE1dRrgloEDe6Mvj7Ddn2Hl49b6BaGQAPJDX6YzjXK5ZKQsSFMQ2tQJrI+be7V3T6UA6y9uC19Hmj05w7TkeMSHuUR4LUpr0xNds2Dwf1sGmJTCUD0Nrg1+ymn+IlQPgrrnJW/MBtCRJK1QFXFU1191+fjzLlz6nw604TZEff2TAL0O1XKX0VKEo9+sd0T71Fp2NTB5hFenRFw2/1cabr8BdlxFLPj/YP2rPCJjmjOUhBhfXXhZdpmpuyJPUHin3SEy0IKQQ3m9mqK1+U7itJ1mLR/ZMZNMIxoovMIrkzhdSYNoVXQMOEgV+8biM/LRu7+qNkrQRvMYGTnAr71UDUaa/LVl1NWqx0Om1HyOhozJ5huQyFVB6mGVw1NW3DTxZjIvypSBVWRvBhQdw4TxHHyPRghkYOjdOZsVXTKnuvkdUOtV8wlJxAsyVUL2I+PR9MT+3kwYImW+47Vm5UL3CxE1PcR1IsLJFGr6k1uezmPvGAj37qsUMMclL/gNLr3FBVMNmo43L2OiqZVN9Uck+To/5fSgJD+AQZy+3TpkVIwCGBhlEZHsXniJHSrdMmnhrFe/wdoeExntVzCtSjAO8A+M9Cra0TML0QbmftN44Pj8z4BcHK0f2pHrJ3coYGfMRaDUFrkr2SmlX2wMA2MK4515FpJbNDLKJxBYmkPzSn4O+p1Knia8q5Oma5qOZUbPuDLKaPuL4Aee3XaOXPe2rAhRJ5xjK+Jt8aRMuAp7xUNQDp8oYe7ysAMQ3bsyv+3oyoCHEuDiVp0Oiv4NeL4MAuZ/D3mbNLAvpQVDJjlPIRJO99YOGzgUAvxN1X5QTTe/ujsFEXOf6gbCBVzPqJMA3hY4p6XSjeyuG+2lF1tNuS6L8NzRLkWHKQwe0VDi5SqoVp2bckV8YZ8h9ti62e+LRtWWLn0AmRjJ6omxZddoiZckL8JDhzsKmaUTzatMSuS7BjiI4x4gpUCusP5Wqx91Yx/LaZ+kLoHG4rad1stsaeC2AtuXYTXAbSJFlzgC0G5Eky9mW56yqbNLr6iRCJ8Rn/toAkwZcxppgD5FnSrQCwNSMShYlbUy2LOYKJ40et6ZNQhsIZdYtBJeRnPSm0dN2HjbJ9fESZL3w8FRtaBtbHrshM8laYxenfgb1U0aH821EXeLtmd47O9NNHhlJUE4+VNr1eaP5OioLE8QgRiWHp1Zi+h/6VfdGwIVBTXizwrXShzl/o0qpKz5U2Z1tdWs+v8GV+s5eqxsgPw6lv2F84F2ZVlm9ovzSGDZlnJuPMlmsH+7gvxybHUUJn3jAyUQaV0PAQt2KMlulvj8vDYHbykLjjNTRexScfXDLDWKlbvHlW/Vze4tHsBJFeO05G0W5f3pIcG8+Xtl1UvRd/t1QlG5PuuYaIDeImKCsYzjD0b8Luu9kmmyqhwoAYobZrMRYI6CjSFnbNnwqAlGvPMDI6EJB6/DI886csCerQCOvxQx1Gb6uGGf6YSYPHiBtvPzgRNTlK2CXaW4Nf/1IEv4Mg7OxJJ3tmecs7L9u/6B6ksUtGVPB1DeMyAcgSnIudlWQUEagvf90B8eufkkVV5qF3v3t5+ypqx3qBuHg+EQBd5NZ69zic583WLRFT78e4U5KkQa96VmfTBRlqFbK9JTeQUP67fbXjw3ollY/JFSxKp1JGsQTQblqS4gYQRe9UatQpwo3ikoBVa/mSTKX3DadR+D0Fgge+X82kDrTeVg34GXU1DRtprs5pneJLj/WEVRQomTH3LjnxHKl3oaa0j0Ta1P8kaGnalJhujO1/j6HOhfbUzs6VZr6yVJ8mwXU7o+2Pu0zUMbWVhBBALvHrdFLO0yt6pjd+cZud7kLislUuAvSSq5xHsoY5gDGUsClaC+76VsAigqwHtxocF8nkuLrhktBeCrpPGF2C69+sCdiVoJcXl4nLz9TP3qvD7Ngh1h5zg07NwItGWYINgNtHyaJpzGmIsQQMsN1xwTjEVny0L+fbBdkY6mK51M7vgMw+ZVSvBNxW1KiQP3GBFX68MZH0znwNBolncgPs/Z++G8WyutsnFHqG0RQHmP4gzDWM2NL2MWS8dyQn4N20rN3cLk5/X7zdMsXIO2BZ8ZwqE1NxWRScckKq/sk85g3pwtb1dltPlBeZL8b8XDWBOLiWGR+Z5Nq/R26sv/mhGVcWzDo0Jv9wwnzCPMwTDMrweO8lqvcXiweuTMqewv6cvaLHoZwU9YmlRrMiVSI4xuCzIziB4Nd+kDoOQ0cG+XhQv/zeJcenwh8VHQd3QLbNlqIORh6L6sJQ1TK9GCUf5Pi2fUetX6GjeZwFEeljxK4/Ktlx2xkGzwjPJ4Z0ndycqU7NQ8nkc/JU2/gnBTQ2LRjMLlukHGk8+6Y8C4cDE1mdN9bgODq9flFlxIQgpROcJznCzLNSFWEUfH1GNgCegUH1y4SL2cJUtLOjMdIJ+E+n8eV6ZuzszH0lkzzNUWJVq5r46Gg4npXLzVBQwpVkDE2Cc27olfuZxXjt4G5VUdwlv0QAp9eaczsujG8fu1QANc/Dsa/IRRkj9CHXkS0QV5nLSOViZBIki9sKgsKsPVtYGW604hKXU8V/2+dQn910EEqLCtwY35znXJ68W6Jg2sOb20oT3nR5iuygSaazkkL+FD5ubLZef/tirGNqIAm5h8D97h/DgApz+4d/VMj09mv6OvB4IIdyM3MD71jZF0WowMj0l4wEKJuFgOEwegm/cjLoqoDs2I1MoNZxdKOmrNZZE9ycvmSurx+5/3f9Bj0sYpXImNUM9KmjdeMX8xWCZ+FuuyX4cDQP13jmbAAvtKG1gzi7yyzwbl5zsPG45Wz8QHthW3tn2f/vWxDhOBYcqrLwuE2sjCUMvrX3/EkxWNBSngOaGxf520Uk0dj6hxcxDS6QoR/YwiBDnJ4XxrR31vigby3rdUnfgoJxpszHMLUe8/wGA3NpflQtCIlgcAlqUCqGcHyfVvB4O/rnuEXDU5eqKOYNbCwumBoxK7h0SM2Dn4/brYdRFrUP5MxKLSySUbRZ2ui7s45Y4lr4860aewfA96NTpCKNhdYKTy0qZxoJPbLEXX7iYKsXI6/BzJeQ3OAzEey/VSBq/mw0ryvfMOEDw/EWLvpUHUgArlkQ1RtWF1bJ6lFzZI7pP2yHgoGOAfGSwqvW4QOVutbpH+Egw1QCj8VhyNZyXii4gR0ykO6lj8zdxv3PjGAR6aoOJMqwLX/RfG+FtEANZ3Va9/PwMPZsjsH6QGhDkhXTfUTlX1dMzdFm8ypCB+BIF+pqm1WkpbKmOsNr1CMM2j+lp6e2ZtQJZQ5btyC07aLHQOxuL5gaNxz+wu1ljAT0tPsdkgIX2qDTbWguLXI1sORqmQUs2r75PiIOGdgLfw7zRKKMBLqLK6J4W6DonUmg083VdbAW0VgF1WPZG5ND0U2kGY50KhyOpA084fr1LHw9ij8080O10oB3Fm2D5U7fcFAOgaml7FJVKja3kCklL9N4hmgCoQrHArQVnuAPYxFM2QhhhhQfEiZk1TVUjw2cHNhYbhv7NZ74V9PF/M8EPLz/083oFZWnykrXqo7U2hpXPJW9Qx+fWghJMvJvIEqHtoPfsaPIi5u3Z12OMfB4OFC7SGhMn56WBW2yPljkW6v5QqLDulWV0ZlvyCpxEUb6wc1k0djcckmm3coh3iJODqZhnkfFHJRuDEgFjoQMltYTPHBL2S5KsOlYhBoZgse6h4dK7oRmVkOIVnFOzrzytoMiVw4Piq332M49J5OVLNMosztEkrItqb/pdYBcsFWGj3m9Xg9TsPeBoXFDJMhZcseD9oTI7ngjxdZxuMrWzCSJZkZOcT6b0/JkiiVGncujVNlkI2vWap+NnTy2Tz9tKa7tJbkZINGOViFyaQrbb264hQ1u8NRB4uKuGQ826w15IWs5PrQZF8KmkcooE3Nf5lCG+EVJnhCUALFGUIovIdSKntwtDGZqv14muouerpXnfxTSymGpnzpVHDbt1n2Uh77e+PjMMJ9JKSXYV3UOHJh6csfQoAq4NNIhuB8ctTQaLGbk3UQGX3H8Nq3wae/VMrW8hhyeruBrfx07Mthb5Cr5L1kGn7yS7+QCBKtYDrHFwe6cIw6m0ARlq79V0Z8yYaz3wrTOtDWGe9HWEFqVg7Mg1R63bxF4++grsvOvDoa290iU3xah+bTbeeCBNzII7jcqGnMTwc14eUbwsrcMdnrhxYfn+ZL26kJ7C/EQaq8qO8NtdRouVBvR9Ew3L1bo0JE9Cxqq4y+qVqsYjSstPB5wniylTKdvAZ0nvlwTgGHuwcGi7R9UaqLCZFNBQY4Bpg2lwUguS6eNGmbd+rNEFm2UcJIr2J2eMkmd86rx1mOP4E8QWi6Wyt3/ylg1ZP7gzisjqTusJ3kC0lxyhvQvRe2Vt/jUOpOf0n2VQ3aAjvCRlDliZOmMVs/S3xEGkbtD+XF9kQMlWltuVTpmzmMnY/Z7MnLddqb2Qej+kL6a6RrUd8JVB9n4ja1EH81Waz7nelh2ZW/bBRw/w4YpUqlg+aDZyT0yk93oBHnHVD+URYDQagPDARdpO55VJOKSQxYf+nzGCBRY5Uk4Ws5expprQ7w9wC7spBgfML0eGzdHHqfN1MxcY50ZmIctLjk7VgRKeBd3J4wvS2ninO0t0N0Ee0d77a4Fwghnpqujle07x3RxdOPC3+rJJkAj19ubzcwxRd/I7+YIZPvcqH3lcGOSitaQqCgfEF9UT/iuwusQTFnZqhW6etF1pdeLoE9R5BIaeTBR8vF9zGQag+ZkxxWfAA34TruEZF7515RqgARlozA8t7RzYp8h9L7o5SO3nQSV87Rerf7s5UWxegsZPu4vimsxPKmsv+QQiucPfZbz0QeOk3BlHU3e2fEp2oKUzLYCzvSlmzFinR1b2R/KpwOAFsdjYOvxVcRUfalJ0Svlipp05HSu/20LyXhEX/hvd9MIFGqQM6L74cv/r5lhhKfs4e4TxnVEk6l4Jwe1ItXFaY3cUJlV1rKDxlh2BGElmyjg3ogtodF63fAXex5dLTeprB4dPjgGPC9XPJY2jWGUlcHChmcK0pZWYsd3vauKg6uudXLuLvL4aTp9zA3KfKSoBg2YPeH80Rnf36B/klGOwnObhwrdYEeBx/o63QXV+DqcImZbSrkVeQWu0alaTg6r0c+ZPg54DlBgiw/+wDMfsVmMlKcLXfxbAcm79Owx/+j8RUCC9DNNsGtRYWHiFh56eTYi29yLGr2TxjgxRWbkTVYt356H913fFJmibC2sFs4Vd7ckQBpjE7BM++cgevpwW697DB//r6MVJZwjG2nBL+wzxWTA/G2wg6XKcxn0pKulvhUVf6is4DvjELMT4y6SntAF+yFfHI8Lj7qMrjmXcI8nz298t2zgK08NAtGuxuFp3QsJ9hHYx0vqdY083wTglVwHwP2xWPTbEXEu/nqbjQfI6gAcmqIEr8lAng3I/wz1e8z5LoGlJLyXawbR6c3UqnTGkHZDwYS3J/TFGbpjyp8r/1oSc79tsccacoY/2/l2O1580Hop92Vj47+zxb//fFmELuqTxi02ZijTRUmDoUf3EQpmp+sMeiMRX0dJ16USSEJJ89pBRAVLg1xKOShJei7Fs6LaGAV5zn2h/0HDR3WGEKT+5dSgkrirN/58taBaohDZYO0PHy+kNkeYKTW+YLy5zXlzhkEyXPG5BDFnkHAdN0wjxvQ16JS5d4nDOMzdjAE2X2glsWA4X+4Stx90Vve7oBRPTzPwCZgH6DWpelKnkMyByBOZamey6cs503fzfUor8z46FjDiyb7YLYZ0AzgtCRpyiZ+VUB3ZBI/jPIg4aTssxejpgmNGmbBC2SK1lX/T4ECu2heXofGQwCQfVzmHg3mNCcmvnrmSo/Zwou0T/Nz2gZh5q8538QXCJPt5M3/lOw6kwejoMoqxgE0gq7Ci8O+eqT95OgxomCR2q3cWnW5VNL83xHUENA8pKdWHCCEZNvvr71c9mhViI76pszT+u6APthmWfWjkRVlSDwl/uRAwYELPDl9oaegunqBYdFcaHXNUqp1nxKdbTQSOmhBS8tXkYOSFtuXxzBrGERKxiF7Oy9DxH/ewJHxKoK1XVvZ1F4UWvVziHK/Tt/sq6f0TXiJVr+btbfWSzf+J8hEiYrf5qfhJUV5Cx2G9e6HLeuqnEKTTRiZH0yQMqAcZzWujxJ8IDE17DCC513m78KVP/QvpwZ/wSo8EAyF+Ao7Icjb7J6SnJz0gRXkROpMfBQTxOWj4jnxr+6xYrWGuTcVQGN9xD8K5nI3QrwfXwv4ipVDNBx+XYTXA4lAVGRQVW5SU/pVoaLvXHBywLoiUaAanlnm7iVS0BA96SE4Ci2BI1KV9WOBWaqXZav7PzL17QpHQk+1+TFm8oL0iwxINjHCnXHQ57sSO/sYwEIXOyq2IW2Mw2k3GqzUkSnDtlXRbv1cVOCf4N4j3YADeVLxyIny+lgrjGkTT8mhN2o/OxjWzrwJp1fnk8zl/q38zk6q8r3j+WpxTJR/hw7GPOudxFtx6n03WbfuAgw2S/9e495e33O4aUjvGZpANwar6MlghMrWCru+7FSE04YU5e1CkgyVaMnHBoGlCJTANzG7nQlmO1ie7rVW0upd2Mm1QAv+tB5ceMrelwHDMfb+OcMRubPXI6a31lPcrFv/SNY+/VzCHTWC0xq1lYCbG1LSPx5PxiP57T82CHxn/V8XM9iGKXkgazJ1j8H2Y+hz44I+WSkkJ/</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-08-06 13:09:22,753 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-08-06 13:09:22,753 - INFO [Shibboleth-Audit.SSO:?] - 20200806T130922Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_b961da7f-4e85-457d-92a0-e9c67c304976|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5f642501d24ee4aca656580bc0580099|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxEDpjyTX9si/7AaOalM80nEJRJi/ggFhxAKnMpTbigP0r9jThyPOZEqYXSUPSMZGhijX5oUazAAWUqWPB5LCCX/WAIGozJ5ra7wNQO4IRu1kjXkXVavvaCgboB8oXqTD5jTpGeEAm|_67aba8ff4e174b1ef2758e642fddc0bf|
2020-08-06 13:10:45,618 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-08-06 13:10:45,618 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:10:45,618 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:10:45,619 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="a2he5eed7ha6jdjb4a8d30470c2abcd"
    IsPassive="false" IssueInstant="2020-08-06T13:10:41.973Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ottosandboxb2c-saml-sp-poc.azurewebsites.net</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#a2he5eed7ha6jdjb4a8d30470c2abcd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>nxHgomsw0cDJ6NTDR9meX9d9Wg4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>lPDfNoCbsc/5n50keMp+ksK81O3vc9ZdbVR+pVxkO9iWnC82XZbLrZxxkNMZcSaInfRvEDaS8FoRag+R5oal2qRkRgqoPr+154krOIu9Nhy1Vcghix0vv08mmYVSIAnQe7SkUgdi8aZAqHJX2PCnPwYnDWIUHXmaBY6qHR+9IVgZ5Tatec6vPd69qdP8WAZIlJqy9Xaya0urUGu2h4zIvmukUpuSePGc2g6bCLC8dnKhNQoDzy/DeeHGyBQV6FvXARvGa9FMVVq5Y47tjL41K71wturFep/Qt1YREE4VfpDhfUrr+80dclY2a4/jRpdovvVjPJywQKXP1/Dxa2CHjg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-08-06 13:10:45,623 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' from origin source
2020-08-06 13:10:45,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:10:45,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:10:45,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:10:45,623 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:10:45,623 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:10:45,623 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:10:45,623 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:10:45,623 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:10:45,624 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:10:45,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:10:45,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:10:45,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:10:45,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:10:45,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a2he5eed7ha6jdjb4a8d30470c2abcd', issue instant '2020-08-06T13:10:41.973Z', entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: ottosandboxb2c-saml-sp-poc.azurewebsites.net, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a2he5eed7ha6jdjb4a8d30470c2abcd"
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a2he5eed7ha6jdjb4a8d30470c2abcd and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a2he5eed7ha6jdjb4a8d30470c2abcd"
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a2he5eed7ha6jdjb4a8d30470c2abcd and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a2he5eed7ha6jdjb4a8d30470c2abcd"
2020-08-06 13:10:45,625 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:10:45,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:10:45,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:10:45,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:10:45,626 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:10:45,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:10:45,626 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:10:45,627 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:10:45,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:10:45,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:10:45,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:10:45,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:10:45,627 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:10:45,627 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:10:45,627 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:10:45,627 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:10:45,627 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:10:45,630 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:10:45,631 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:10:45.631Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:10:45,632 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:10:45,799 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:10:45,799 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:10:45,799 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:15:45,707 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-08-06 13:15:45,707 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:15:45,707 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:15:45,708 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="abaa47hd8a3dd7110e0d41e04ea9b"
    IsPassive="false" IssueInstant="2020-08-06T13:15:41.980Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ottosandboxb2c-saml-sp-poc.azurewebsites.net</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#abaa47hd8a3dd7110e0d41e04ea9b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>Wv0efMkZJi39ho350RAHIngHXh8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>eBDJI2N7H5iejx3VPfZTzq37k3NPn0xLkNGopwnAcpof5k9B8HKx7vZaEAoHqRSh32KmuvB5AcNO0bKQclpI+x8g0PEQ0YBTWpyeF+qyljdaBa6ZBBr8/v4E3iWB+LrqGMQFyFHj8fJI1E+Yu1ldnMRPstQXBZo7OHLHAoXFJwQo5pa3Vd2rRfJbdO46clDE4d/M2EEuoVqvngkLmxX+hFyFisgBugu7RvtnJ16uL2TVOLhSUcj+LLPPpvQ3QKr9K5Ou9bE7r/TS14Z1YQMl3SeHlhcses7EY47rgtGlEx2M3Fv99qokwvlIQd5otchk0NYwTp7rEAjSUMF6fNyW4A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-08-06 13:15:45,713 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' from origin source
2020-08-06 13:15:45,713 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:15:45,713 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:15:45,713 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:15:45,713 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:15:45,713 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:15:45,713 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:15:45,713 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:15:45,713 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:15:45,714 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:15:45,714 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:15:45,714 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:15:45,714 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:15:45,714 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:15:45,714 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'abaa47hd8a3dd7110e0d41e04ea9b', issue instant '2020-08-06T13:15:41.980Z', entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: ottosandboxb2c-saml-sp-poc.azurewebsites.net, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#abaa47hd8a3dd7110e0d41e04ea9b"
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID abaa47hd8a3dd7110e0d41e04ea9b and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#abaa47hd8a3dd7110e0d41e04ea9b"
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID abaa47hd8a3dd7110e0d41e04ea9b and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#abaa47hd8a3dd7110e0d41e04ea9b"
2020-08-06 13:15:45,715 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:15:45,715 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:15:45,716 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:15:45,716 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:15:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:15:45,717 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:15:45,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:15:45,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:15:45,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:15:45,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:15:45,717 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:15:45,717 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:15:45,717 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:15:45,717 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:15:45,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:15:45,720 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:15:45.721Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:15:45,721 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:15:45,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:15:45,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:15:45,889 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:21:42,831 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-08-06 13:21:42,831 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-08-06 13:21:42,832 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-08-06 13:21:42,832 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="a5gcc0ibb18ij361a6f4bd6acc0266"
    IsPassive="false" IssueInstant="2020-08-06T13:21:39.150Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">ottosandboxb2c-saml-sp-poc.azurewebsites.net</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#a5gcc0ibb18ij361a6f4bd6acc0266">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>xpdhzeL5RtFAJKuVZMuZZNdZ9wg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Sf/jRbgGQUB0bekzKoCjJ5/LNGjSYI+UdvAWzXzHk5Cd7/luaSPE/AkMO1ValN8+j04NiuXWuS/wPQytQwKLGrhGqiDdQxa/3KH5NdI2vnwidWmdFUJZX59n/WKe4P2BIwNb+e4oAfux8g7YGjlXtfO30/VXaiSX+ZdoHyjZ0Kqk7X1e1JBdynR8KMwRfFSc1ivpCdsQPcW3EOChNzWe3V6q5O8q+4Erl4Y26/+jA6iq8M98Um9wYQGcgDrOA8kUwiJtVZARnauoW85VeQh/4AOB4M4bLzuuJmgmDrFRmXOUPsTUNQuMxBJy8zQzvhsUz6AiH3vU9pG7w7hKWx+cHA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-08-06 13:21:42,838 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' from origin source
2020-08-06 13:21:42,840 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:21:42,840 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:21:42,840 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:21:42,840 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:21:42,840 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:21:42,840 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:21:42,840 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:21:42,840 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:21:42,840 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a5gcc0ibb18ij361a6f4bd6acc0266', issue instant '2020-08-06T13:21:39.150Z', entityID 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: ottosandboxb2c-saml-sp-poc.azurewebsites.net, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'ottosandboxb2c-saml-sp-poc.azurewebsites.net' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:21:42,841 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:21:42,841 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:21:42,841 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:21:42,841 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:21:42,841 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2020-08-06 13:21:42,841 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:21:42,842 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:21:42,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a5gcc0ibb18ij361a6f4bd6acc0266"
2020-08-06 13:21:42,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a5gcc0ibb18ij361a6f4bd6acc0266 and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:21:42,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a5gcc0ibb18ij361a6f4bd6acc0266"
2020-08-06 13:21:42,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a5gcc0ibb18ij361a6f4bd6acc0266 and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:21:42,842 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a5gcc0ibb18ij361a6f4bd6acc0266"
2020-08-06 13:21:42,842 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:21:42,842 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:21:42,842 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:21:42,842 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:21:42,842 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:21:42,842 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:21:42,842 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:21:42,843 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://ottosandboxb2c-saml-sp-poc.azurewebsites.net/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:21:42,843 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:21:42,843 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:21:42,844 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:21:42,844 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:21:42,844 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:21:42,844 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:21:42,844 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:21:42,844 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: ottosandboxb2c-saml-sp-poc.azurewebsites.net
2020-08-06 13:21:42,844 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:21:42,844 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:21:42,844 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:21:42,844 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:21:42,847 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:21:42,849 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:21:42.849Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:21:42,849 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-08-06 13:21:42,850 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-08-06 13:21:43,017 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'ottosandboxb2c-saml-sp-poc.azurewebsites.net'
2020-08-06 13:21:43,017 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-08-06 13:21:43,017 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-08-06 13:24:38,152 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:24:38,153 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_pdk4mquovu9jhe9fvss7493xruntsabwtjpg" IsPassive="false"
            IssueInstant="2020-08-06T13:24:37.511Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otctest.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_pdk4mquovu9jhe9fvss7493xruntsabwtjpg">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>tJ8V9epvZVV9IOxTE8ALjNQx0NE=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Lbad/i6UvFbtVu4NwYNbyGqzsYZtrG9HVat1wRYtiQdkXGXKO3owbbVRZXlafOriEhZKzju1Je/uHlrOuZ3JxeHKuZGOY1s2XmkkLBU2/MA1kSh0eB7L3cPeRvuWAClGBFHKA8TwbPaEcb4hYT5FFP7Jy5b9L8csV2YnjfnSr9anfADsRyNmX2Sd+vVQUtaFhh3RtwlXZ+xtnTfYSsYXTxaVrvBi/8tiFfYC0dAQe0mTxpSl2PFwI5TuENJJv0GgDpWzCZhA2U6kKR5XfW3DB1R0Ml1PAKXOlBbQ5NmXV5koGu6H6+FLTD9U2XLP5bE9kdYb0t4RMY08cu9ZNsBgoWbXNWqj8SRSvZbQCw2/W7H7maVgcFkT7kc0YQSylUYSQJjghQy4vcefLCkcHR/Prc8rCOqWL8+upl4rAzwWiBjn+92ZTEYV/WBQ27xQ9bdrkYHXPi2pneLEomwRVLdPBw9JLko6GPA6LrssXv+L+jbnYmfhdoCNzTlphttnH/XNdBL9/8C8yBIu1dBxXOF2UZfLBpDPWLb+H8Rt/K4raAnqTkCRAT+Qvxtht+4x8zil8v9JqUc+pVdmxleIDJPKH2Z8EYctuEQCP3LWqqq6ZhH6id6c8imv7AaeBu7yPXbVsOoJTdz48deQ9WPTCL9k87LNL4SJ3LiG3bcXz1UG2dY=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIF2TCCA8GgAwIBAgIEMALy4jANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVt
cyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lUIERpdmlzaW9uMSMwIQYDVQQDExphdXRo
Lm90Y3Rlc3QudC1zeXN0ZW1zLmNvbTAeFw0xNzEwMzAxMDI1MTNaFw0yNzEwMjgxMDI1MTNaMIGc
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFp
bjElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2
aXNpb24xIzAhBgNVBAMTGmF1dGgub3RjdGVzdC50LXN5c3RlbXMuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAiP/plDoyfhL71EusJ5OW2z9kPRLgtTrESIVJZX7lxAciSOTpHO5e
73wv0sufXOj3WK+rN044qQd7NyXPzr7+r1xaIqtWmmj5VWr8/GDQSu/cNQMBNzrzR3kaJOI0b/PI
bJjinRjAGGH6ubHN5IDZUGmTVwBBQrX6s1uhaidi4izUdJw3DjRsdQ+CvNrZH/ptUsjbZvsMXOHv
Hp4f9RItjQsQ6XJiVgI7Y3WlU7ydlJVLMvDF4HjF2aKLryabSXQH3T33DwERW70UTn8ibXP1fKCM
0m6orEffBMsqIUaaNiL2X6tU52Ohev7y590mnbGBv5r2JVKMCXldS23aXXbgpwWfqTRYMKlGCMPT
O2kf//GBHwU0+AdBYouRfIqX5hpX4aD8rH1b5N/UsW3YgptRJ2ifTcODcxi9dnKGPUXZ3EijOGP+
fAwpeNOkGfDLh1rPH/7DRsYhVnHXkVAcLVzoIyhIKw3owcsBSPG6dKjSn3Y6+InN5QkVrNJJeJuy
O1dixR5PzLJZ3xzYp84CsvivVbiYQUAA25yqVUAJeP+UVw2gZf0wKNMPWlcS7W6bAR9ccP1VEn4w
riA53ceeQGYncp3Waqq2XhpVUAAD4l4Z7J192rFCRJQ55MeaKDCpZqF624GhmKnhN5AB/3uu1VVN
VML1BHmpW1zOH8T81QNWp2UCAwEAAaMhMB8wHQYDVR0OBBYEFG9rJ9jCauVzkB86t3Ygp06vqptr
MA0GCSqGSIb3DQEBCwUAA4ICAQAndBou9ZppyXFwaW+dZ4MwIVqpXMzBDfecfoHtdvzJAHmXKO1g
/ZM5s+qOt/CFy90Qkj+S+4Od2x3ef8XzARzY/1W7nGkEOWYfs8+N5HLMI66m9mzVnN8WQx15Wfkg
75REb3bCL1KjespFKlYGi5p2lVfGvVxZ0mBs06sZilGlnT7aatWAwMWFn7yhktE8bpuTSGkSzfVj
LEVTATQw6Lvjc8EfnHEoj4rmaR4w+uVjxSfnfcIyL/Z3tht5wqYnuL5fooaZEP8XKInyBT5is/IA
VkTEozrYNooM7n8Fj7R7PD2p8ecw78nu62UEY3NQaoMyu3vr84Fg4yNv9G66Oi5PwXFAlVDMfms9
gawz5kqoiEEWupBytg08ok/1mseqzUCDRwG/DC/tG7Xf+PBVDNXHYuG1CiaRw5HGC1r0vnZgHPwp
ipvz2EigNJyJVI4LUjLn8bsWkB+YWRF/bQGtvOjA6KwNNHCmjm8OUVzYG4IRqHYs58fMCguOXdV6
RGwO4Wc/fqiKaeczgad4JKDB6BqVuo82+GWtl/1TQ6Kug5MbHiWZ50v9oxF/fBwwEYnTqu/5r6GQ
jbaXMBsEXcv7xiewSJOQkg7UUXhgEE8fDl8CL8k1bgLDr7Fs1ZrVaS8uBUCx52InKXrdFwMSa2bX
ys/8r8pohSInId/RNObb8bcD+Q==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otctest.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2020-08-06 13:24:38,158 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otctest.t-systems.com' from origin source
2020-08-06 13:24:38,158 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:24:38,158 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:24:38,158 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:24:38,158 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:24:38,158 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-08-06 13:24:38,158 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-08-06 13:24:38,158 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-08-06 13:24:38,158 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otctest.t-systems.com
2020-08-06 13:24:38,158 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-08-06 13:24:38,158 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_pdk4mquovu9jhe9fvss7493xruntsabwtjpg', issue instant '2020-08-06T13:24:37.511Z', entityID 'https://iam.eu-de.otctest.t-systems.com'
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otctest.t-systems.com' does not require AuthnRequests to be signed
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otctest.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otctest.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-08-06 13:24:38,159 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  modulus: 558909841602715300853386431854256443582788191008825420675229761154683371758531971314168116589305799189542636640769238391788496151983865308912511899302135693073548611588716587861337563495871385604985361331701068928003959762896224193776379955968899997745116500971634996008058773081067392649583956488496520904383960474482950406873759803679074608903027366105911426638306915948276332938791715312029635185243678997045596357233924095288029129896693277017385386712444938742497620968863383210766704204611514541932410400196822984132046043121403024403284685084374310151354609578649256252424587289717881285068512824112696686851030244835582845824694723812822409283822050926334669269216118808292983784744157424372506712070880900544808423423944800415908126689702555365281418033366879992673487698840550668699161183649233395652798929497077523285038863927724189224577753885192595486614080320977593681256275737088929131087687948049111350769906242902003698697402638404033013917935980946640135769278536738613242267222159112907239446742140237473765218295502979562882475411534565836393655870785924761164526112155615310450228349783601285276809848076157830247476710442674795839837415004279427216801877250611158202095975120888227576878835465006286654844348261
  public exponent: 65537
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pdk4mquovu9jhe9fvss7493xruntsabwtjpg"
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pdk4mquovu9jhe9fvss7493xruntsabwtjpg and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pdk4mquovu9jhe9fvss7493xruntsabwtjpg"
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pdk4mquovu9jhe9fvss7493xruntsabwtjpg and Element was [saml2p:AuthnRequest: null]
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_pdk4mquovu9jhe9fvss7493xruntsabwtjpg"
2020-08-06 13:24:38,160 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-08-06 13:24:38,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-08-06 13:24:38,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otctest.t-systems.com
2020-08-06 13:24:38,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-08-06 13:24:38,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-08-06 13:24:38,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-08-06 13:24:38,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-08-06 13:24:38,161 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2020-08-06 13:24:38,161 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-08-06 13:24:38,161 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-08-06 13:24:38,161 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-08-06 13:24:38,161 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-08-06 13:24:38,162 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:24:38,162 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-08-06 13:24:38,162 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-08-06 13:24:38,162 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-08-06 13:24:38,162 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-08-06 13:24:38,162 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-08-06 13:24:38,162 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otctest.t-systems.com
2020-08-06 13:24:38,162 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-08-06 13:24:38,162 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:24:38,162 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-08-06 13:24:38,162 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-08-06 13:24:38,165 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-08-06 13:24:38,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2020-08-06 13:24:38,166 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2020-08-06 13:24:38,166 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-08-06T13:24:38.166Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-08-06 13:24:38,166 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-08-06 13:24:38,166 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-08-06 13:24:38,166 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-08-06 13:24:38,167 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-08-06 13:24:38,167 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication r