2021-10-17 06:05:21,707 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:05:21,707 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um" IsPassive="false"
            IssueInstant="2021-10-17T06:05:21.034Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>hD+YDJKuW7ln2RJrZBFMSNYHhiU=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>O9kCZtdABYma2RQQrgxsbFzun8+py0txkk8zrIzgXQSNHzO+dqR8pNdlah8e8jIFHUzoCohM0S81FSc2dgeTgvOPtSz7/05d2IN5TCyCBoU1DMUf/HXfSZdXgmNoTpBEwkaT1Qo+6VmXcgSsz4PcgHzvFe2Dgx03uNb/HYeRZEI=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:05:21,719 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2021-10-17 06:05:21,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:05:21,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:05:21,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:05:21,719 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:05:21,719 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:05:21,719 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:05:21,719 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:05:21,719 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:21,720 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:05:21,720 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um', issue instant '2021-10-17T06:05:21.034Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:05:21,721 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um"
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um"
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um"
2021-10-17 06:05:21,722 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:05:21,722 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:05:21,723 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:05:21,723 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:05:21,723 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:05:21,723 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:05:21,723 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:05:21,723 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:05:21,724 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:05:21,724 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:05:21,724 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:05:21,724 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:05:21,724 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:05:21,724 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:21,724 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:05:21,724 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:05:21,724 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:05:21,724 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:05:21,732 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:05:21,733 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:05:21,733 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:05:21,733 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:05:21.733Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:05:21,733 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:05:21,733 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:05:21,733 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:05:21,734 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1501389500::identifier=rick, context=org.apache.velocity.VelocityContext@60e5c227]
2021-10-17 06:05:21,738 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1501389500::identifier=rick, context=org.apache.velocity.VelocityContext@60e5c227]
2021-10-17 06:05:21,741 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:05:21,741 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:05:21,741 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:05:21,741 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:05:21,742 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:05:21,742 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:05:21,742 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:05:21,742 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7b32e1ecc92d8dae98a39c239ac79dc68b1f71bce52490f682911017cd8432a8 for principal rick
2021-10-17 06:05:21,742 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7b32e1ecc92d8dae98a39c239ac79dc68b1f71bce52490f682911017cd8432a8
2021-10-17 06:05:21,743 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:05:21,744 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:05:21,745 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:05:21,746 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:05:21,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:05:21,748 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:05:21,748 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1d4a9feb87ee877841d79931a45cc5ae
2021-10-17 06:05:21,748 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1d4a9feb87ee877841d79931a45cc5ae to Response _c7db4566e23f065f385590e7b5e303ba
2021-10-17 06:05:21,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1d4a9feb87ee877841d79931a45cc5ae
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:05:21,750 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:05:21,751 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:05:21,751 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:21,751 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:21,751 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:21,751 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxHUs6NJJZgcqktJc2NF5JJtlPR9Fs+wKbMXtlJSlNvKXwKJibmfSuOFW1GeHVvrq3GemRSvj72PjzlVzXhAZH7+CFu5O9K3S9J1tmXRgE1K5Om2f8gbtT/HAYzV+SXyAkCDkMD62E42ajGzSV with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:05:21,752 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:05:21,753 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:05:21,753 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:05:21,753 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1d4a9feb87ee877841d79931a45cc5ae
2021-10-17 06:05:21,753 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1d4a9feb87ee877841d79931a45cc5ae did not already contain Conditions, one was added
2021-10-17 06:05:21,753 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:05:21,753 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:10:21.746Z, to Assertion _1d4a9feb87ee877841d79931a45cc5ae
2021-10-17 06:05:21,753 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1d4a9feb87ee877841d79931a45cc5ae already contained Conditions, nothing was done
2021-10-17 06:05:21,755 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:05:21,755 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1d4a9feb87ee877841d79931a45cc5ae already contained Conditions, nothing was done
2021-10-17 06:05:21,755 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:05:21,755 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:05:21,755 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1d4a9feb87ee877841d79931a45cc5ae
2021-10-17 06:05:21,756 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _1d4a9feb87ee877841d79931a45cc5ae did not already contain Advice, one was added
2021-10-17 06:05:21,756 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 7b32e1ecc92d8dae98a39c239ac79dc68b1f71bce52490f682911017cd8432a8
2021-10-17 06:05:21,756 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 7b32e1ecc92d8dae98a39c239ac79dc68b1f71bce52490f682911017cd8432a8
2021-10-17 06:05:21,756 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:05:21,757 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxHUs6NJJZgcqktJc2NF5JJtlPR9Fs+wKbMXtlJSlNvKXwKJibmfSuOFW1GeHVvrq3GemRSvj72PjzlVzXhAZH7+CFu5O9K3S9J1tmXRgE1K5Om2f8gbtT/HAYzV+SXyAkCDkMD62E42ajGzSV
2021-10-17 06:05:21,757 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:05:21,758 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:05:21,758 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1d4a9feb87ee877841d79931a45cc5ae"
2021-10-17 06:05:21,758 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1d4a9feb87ee877841d79931a45cc5ae and Element was [saml2:Assertion: null]
2021-10-17 06:05:21,758 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1d4a9feb87ee877841d79931a45cc5ae"
2021-10-17 06:05:21,758 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1d4a9feb87ee877841d79931a45cc5ae and Element was [saml2:Assertion: null]
2021-10-17 06:05:21,761 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c7db4566e23f065f385590e7b5e303ba"
    InResponseTo="_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um"
    IssueInstant="2021-10-17T06:05:21.746Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1d4a9feb87ee877841d79931a45cc5ae"
        IssueInstant="2021-10-17T06:05:21.746Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_1d4a9feb87ee877841d79931a45cc5ae">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ORdOmFbDHMCf8uenAFtkaZrnBSB9PJpKAy93iXjwYQs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>eVf3xmnjM5AtTiU9YLGi2vizwiOfRuZbgMC9ToboIMYNPOYwzrXbZl207KlXCChtvzuKerse3Uy0n9nG8riRJGZF7pdOG6RHMf757fxSMwPTmTP9xrdF0yjIvvDLsi1gh8qxhEZ+QhbL9rOROJKgG0FnOZuceru+dHmGgxnUFfcT8SpBDqn+kRQVPrtbbM06lXzwbvyXhFNyPIxtnW4H+1iSZiVijr2I+mqDtc/WhaIXwmEGrV+E10mn52XC8o1NVF41qHxV16iTP53SE+Qkc4XkBtiSONhAHHbZPSBR7qIgJbxuAgNzzRpOrreufKz58O5VtvTKIUsTyOrIe8SWug==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxHUs6NJJZgcqktJc2NF5JJtlPR9Fs+wKbMXtlJSlNvKXwKJibmfSuOFW1GeHVvrq3GemRSvj72PjzlVzXhAZH7+CFu5O9K3S9J1tmXRgE1K5Om2f8gbtT/HAYzV+SXyAkCDkMD62E42ajGzSV</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um"
                    NotOnOrAfter="2021-10-17T06:10:21.753Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:05:21.746Z" NotOnOrAfter="2021-10-17T06:10:21.746Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">e+XTU/Hz5Usz/HQ+3E9AEwSy97ajkk9fpLzTGvU/Eso=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:05:21.741Z" SessionIndex="_f266a0217cc903763b3ddddcb6ab8bc1">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:05:21,762 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:05:21,762 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:05:21,762 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c7db4566e23f065f385590e7b5e303ba"
2021-10-17 06:05:21,763 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c7db4566e23f065f385590e7b5e303ba and Element was [saml2p:Response: null]
2021-10-17 06:05:21,763 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c7db4566e23f065f385590e7b5e303ba"
2021-10-17 06:05:21,763 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c7db4566e23f065f385590e7b5e303ba and Element was [saml2p:Response: null]
2021-10-17 06:05:21,765 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:05:21,766 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">e+XTU/Hz5Usz/HQ+3E9AEwSy97ajkk9fpLzTGvU/Eso=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_c7db4566e23f065f385590e7b5e303ba"
            InResponseTo="_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um"
            IssueInstant="2021-10-17T06:05:21.746Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_c7db4566e23f065f385590e7b5e303ba">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>bPUNDak3aNjdMlckjAbLGiDHqP3MOLyObENcMEe/vuY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>B5mXZF+8UU09TSlymioBdBgpYN9uIA7Q64Om2PZdrhLw1uLpN7K9W2rwzKGAfnYY3S3nUKqVB4UaG/1FJHLdCs0319IwA+DMen7ZsNsnMNcOSNH5ZY2Elltq++jX0COwoLW6eca2ufqJIZaz3VjcWNzSXkFOb0kLccZ0zvDM6AxblTj0dLHqhNa6bZiXoGO7EM845oVS2u0F6Aw2jlvsoZKsshRAzj07BDHrLqAPBRFLU3zoKgwiUr7Zlf8dG42yfK9CM0YysNo9eCrIJvPuxzSJq4GiBIIpQmUKAfEyxWhTkan3sF8SN6YZgNkS9uUPz/TQ/1mFSVeCwJgerJ6nAA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_f67660ff401677fb1bf8a04c72cda304"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_f07d5d54896de721d0598f6e8a934332"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>ZIy2hGisH3QLQsQQOJozaZQljwc/EauOcSItBOftVDPJl8h2rjtUcgYQP8eCzFfOkuTPvP2U6pZvtpj4DvTIuNMGCp1eDe/FeWfdX5NP5+Ai8KCTWxLVvKDcoHzOLFW9umy7MKc2+j8tHZ9OVP6kWaKqXUERZaFTRL7BMurZSn0=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>F6LYy8xarrqKO6LgJfb6xCeR1XdLw3eyIBtkKy950nSNWhEIzWvNxJfKWQqorAcGZZssIM4poc522GyP64COyVNhnr6XHzdUs4Ppkit6Wi0A2yUHxBWCbftkQAZ3pwhafbW1uiiKUQIQcJGE92WZX9XZ+6iO5kC1B9COla/190ZhwmkjI7AyszD1NWaTHJcvFw83ZdKYMsFvLFKDTtXhpghKFiomtiPn0GDe8pMzsjV3tcendvE/wjLE2XQ+Z95rADZZp+0hwNf7qZO0S5klu8lJ295Wke9hxg1faki7wTlgVXWTrbbqp86aGo0TxppI9Nvb4RLG/bF4SAK3a+JZERFJ5+6pFKa1pkjtZN4kFtOzncU+62pEAn2frK+dsSqLTuhQFKapHT0/U2upIy+OBnmr1uM3zd3xrpBcip15ScaJfbxf25oQJyb8xaoaYinTB27Xz4XTNuEqYvBcoTJLbD+w1OVT/rl/2zkIdAv1b7TD1L9ax1dLt04yhVi3Gk0K75Uiltc/B15E1q3yOyH2ewQH2HnughEL9OJSaRN8Qdc42ydwq6fzmmXF/xP4COzeRUPRyuqPj+rr1kamJRvuO/lvOk4bWXDXhbnx93mmzmWny1fXpcoCo7pIz5ZrN9GyvAsrTfPBcykrPUqSFxutB1xNR+ng4AuTFbYtn+1en9RF8auDwbfQjq7KPxG306W5pKgOGm28dmijig9fQyIdgZyHXuTIFHEQ6JlYqtzxVDbocF9exPSL9Li5c0cadsQWyolMJyNrpAQW0WNVf89/WPtl3ZwRb5XjVYm0g4PwnbbunPxJflzjQNL4XYOIE+vKtuLxLmY5oRQ2JXEzA3+2tlwJrhY122Fm/4FfV4Kt3xwmdgTGyANhEfRRfvzwZVDIJrBcON1MLu4sWQMU+pbHuwXRkUv+zzSfROE/o5pJYJCpryOQEWqn7Thp4q0QEMOLhnwF1Lykw75XzYh/OcvaUfoL2FmPjeqguHTzc9ri72hxZsRpzqhhcy/IEpMtgTgbF35g2EmBrr6jFV55aCHunsQg4UxNp+K977GAL9v2Nc7xuxM5QVMgjH0Uie6W8h6w96kO5vZKWKZR/MArFCbP/Q8cJqYJks6fClBGN2q/b00YaU6UH3tIWKd1cj2dhASPmjQJOGyvzl7Nc6HkPtDXAMjgdT3MVpMRjVXp7oXEKUOQB5gqDnRZ3eCEuqEY/UYc79bHMhg6+EzjEBFT2GVhksUHabL4UYVbMvo5QY5bQScaHnBAZ+Ves0tiSvLb5jO0cANmn6/Rme66YxAwQognHfzP8+EA86kbWprnW3Xv3dJqb1BWVKf/ZmN4zZmm4PEF0M1bFWft/9HWS6IiBgi+r1TzIRdLn8hJ+TwShoPLZw6M5hhBIOp4lO2bE0PFV7c058AJ+wXNYqzrww78N/hSc3QhVsh5ln4T2t/wlxgPL57AogT8iiaNK3fdCvWPPhy3XJSLQGP1rGZ6MUkpBX+I8jhN4FlvCnjwmzeGGOLlk3GYg3ONYuOa0MYNJ/UhXkMyKlKXVNNJk83OjtirNB28IZDjdmjMvUCZ8ESclxOLrwayL5DLvB/mUNrOLH4bCKbs+qL8XWWFUPYlD4ePsNWbsk5A8l61EMX7D7q/HejjX44Cj9gDlDeKpHxbG82US32e/l6UYEaDWmCc6O2qMlFDBUn/O2M+6gvyhRp/m/QZTz2CV1MZooQkgZKXUzhTyvZMB8KKxqVnl+qOog8nP89aQbNbr8eYDahiRgTUNux3lpifYFKplv3TTMDYYkiRCaxtgx32HepdWgHUIW2w/VVeac3TssFy7pYUWsdPKq7fDqZZGOZMnuoYZIf502sPjfD8hWvh1KbsVWEpNJTjKaFptgdVixzy72UPaG7z7np8J/Tgw+0QScEjOHUX9F+cqyseO4xoXECo06ggOrZg79cMhw7RnXQA9Sr+U6ATymo1MKWEpk6oT1kvAcQefaclV81YLbRm/60peHTfaeF4Rze4gdkCNonROMYpkWQGms8vGEl9eOkesMQDbSrgV1FAG10XkDDClf7E6Mg8hngB2kTap1SY8Z+VNKfpwBCb0eEczO83rYiaHqHYsE2eJhCeTo0S9Gn5W17a/DPqC23IZILVDQ3rlboBJYKw3aFuWr2lkeorPmvLXOhEC1n3x6BpF9dZcdxTu8/8mWllJ7GoMvVlqOyqWVD0KeN2YIH3XFgHolUQg0Di520kO4n+HNrj68ZoLtm5A2E8AAQ6epxWNnkqzbsISdDalcfJn9VoXUMBGedWoI+c700SPsDq4bMnpwnq9M+bfkB0kGSjIw28CH+MX4n8AC9GDGG0GR6QmQJHSb+oylJmoFEX2p/FnZ0V0v+Xhwn+V/0S9om1QpFyhMjo+85Kq2mYlZXL+fWBk5Yjs8y1I7nY+lnm5xrjoplZEZAmYKxgikXOELztbX6kGwXKLkrT2T7SzdFMIKMObkQGgtxBX2LJRyu+Jexo4n+Ev8MpqV/whMBC8zQuxELaIoR+MDosVnDpwH4dDos/ND95N7UjUQsyOV4fjvzk/+78HOC0iKtkdufrShMrbtqaoZMqu9GEa0TKo9IamGFyasLGTll9EBMMhcitIiMraRf0IU+diq/8NZmlFZR9pG1vxQjz8Acxa6YS0KD/2Ea0PdFiX/EnW8z0ghRBLPqA4RqoLFYorbg2UlPPWUCYbaOjOy8lTIMhOO4hufoKj5uhLSXNIM09wHM1UW1Q/h7EfUxPtcE7afCGWfJVyTC+or2y4wCDTckVLjX/JBWvUEsbPOQ5FcYnRwRwDElMdbiIRcW40cH2ykoUWVwxsENY4op1tNUfH0uaqD7pz785BEMM6roXYrp0vCUFWpN24tAR99g0v2PibYiTSgFLAmWxdC+KD0lGYpWXKx0mCpOGgLnUfgi55tZGv4LJeonc9/drNmF6mUZjwY9q8laMrIoxam1dI1IsVubPuV1+MaBFTczGHbmfmZ967um51sUywPHVg9aDmNbhbmRtFbNKuHal3t2sOOB7+RFoI8ShzTgz3rMucrHz6USkY4WN7joyYPi8rKAtyo0xl3e4aHkE1Of/sMuc2SGOpUPKNmN1gDh1s85NufTi0D5HX+bFG7Z5SLQxXBLSUU0MJetBs6O+Wo8a5YDJgsAsq9ANbk7dBjxhe7OB8HGDxlfrKbsZEwbx98AmvQaG/v8yP58usg+iT7NA9EA7pnNs6pA4HVvCFQWxwc7S6JHb+qPHRchaBIaXxnmzzkDbbCP1a+fHM5RBA4Cc0f1LY8SJoXoS/P7iTsbEEum+8dLhN3zCKYsuUIWKgUat/I1Jfc9ROTc8Y9EapACuHiXsCUVIgZtG7KqlNEU3k5HvWnEXtth4I9/epEToYNTFQ+WjXkY96JAykQaOhX987t6YiPP1RboTfYejkARB3HvXYg3Hyv1lkWK4WnRYizg+HQqVfO6eBY/t6iAzI2X4xMQT76ESAUQ/fa9pzXrIlnHpMVcswWrJth5fOF2rlgX0p1FMVgEqZITVgJEtHeRuGISyDcDvThpdEzoU8lJLiC0jDjEfZlJjUeCEBVqp6Zd68D7vCly83YXHRMlemXQfBHDvvDIEp7Tw8qJj+NrJZ4jIC1uyKy/rrF+xaVG8bPjwi0ShsQaKiL9ErOcCTrpunehPbYeQ2mfId5PDG9ZEeUsHtiHWbLkB+LhVFb7vaZG4llBKbMKzRQUyiPNlvDOK+b6zl8PGUiqaMRVKqvaB0xROHxJzB25gW7R3eWgGinr3eDAFuB5Dck/p1/vqWzCwZNOYTVaRTXpCseXm/sOSKpfDuR86NzQpeZHFU3v83f/LujWOVakgngFlC6i7+qICYDKFvduJR6FPa75j7JU7LjJJxGyXRwXdMKQacJCWL9rUoJltizVN2Rndvhb+BO4A5VOYclj5LVd86jS/N2FrwKo2jnTczl84iGpQ3YAV44SluAHa1kd2Gq2hhW5iiCzeyP1/3ssgHfwR6jC4cdgjCEcnH+7c/XJb0Qe9HhZEs4tPap+HVBApKu5N9UVNzFKSmUoYHDHZkaIdMHOxiWxrFczqjwWaFAx2z34oETXKdW0bvd3lK7eOGu9hPlBqSl7QrHz9S6esqBklGk55M1JFgwOvEoCwxTz0vPH5/wkZfMLK3xH4ZGLLo1vU4h6UopmYGOtnbSviPG+StE1ldEiHUPAHe+9PdIxjn+gYX/ZiZb1V8LjJgXgElJLss+dvr45yFY0LAb0VufQD5ZP4W5jGBEZ6zQxdGyfTi5GYAzDXVHjZXZlpT/C7RdH7pymtRXaWwIuPQj2QxgCVUaGMX8sAFwLFyRh3tbPTDr3zOAq1Y0p2NLFuAZgJjhMEpIsFheq1rxpU7yu+g447R+3YcviNj+cl/aSF91Hks/TOda1aGSnNTMYq9wkEfoE9xZEGxnx8iQiz+TD5awe8H2kgFdsgFg+V3Aeo6JijO+rALSH4mRLyqdMLbLlcQl+ucRON2z3QKl9OGqP32CezX1PlcfayaOgMkUC849OO77wyHnC8H7eqSfz3iMAxrJhFQJo5tl7kVIZbOkKhSfdvvYCsFu7PrUrwstjtjOrxPOUI4aVZrO17+G+7tvUTFJyQtMdkLQsnvLpMnXExM4fWySvWK8EfMJxOferrTtEY+WBUTUC/J8SlbnVvk6rnB8fAjzX1CFQBTzCv9JXMfem1o/u0vSM+4eN1oHQptW4apT2BN/MNcwyxihTZwv830sEX1r63IjfDLLIoMRHoq/aXqb4MRVjZ00efFdQ8/BWXGGyRBzCJYPJhgn+uETpNHnX/PDng0Hr6GH0iXAmbZREyffPHZfMeNdFbtYz0taikW+5XAjEhabWIyzfklIRXJpkzc9A2f0qAYcZ5+n8/aemgyfLUB4e0ari1Z/0V5+hw91FSzboJQzrvZTXaYjuUhzrcJEPFpM1yevQUd66BWgU0dBCFxc6uR52ypdId26OoJIiMFj9DPD5np9h2R0dBPa9PteloXPQb28Gpbak+QY3PSFxYUv3L/QkzcoR8dcfBB6dYIII9ngYwxF+FnIG5WZgq4jp7pTic6g29IcBXc3Ylpw7EDB3iQSqMGgCbXYDbqtEIcyf/s5TfXckljmQQNcccO2xobG7CFTJUpLHZR8+s1Ndhbr0OuPOASXSRH7+qI1gh8RiUOAAMw9VZ9+PKU1nig2AS4+FAD7TNAUPgGNtF5S8ht/YPFaImYlGtIwMOB1ttStJZDGViODJ6yFfu2g9sIrXdUmvjNdpfj+2M57ZHD5ZEf1g9Vf69iYeBubl+Y4QifqSNyFoGLH4vBFmHEyV0yb6pesTHJA5zYGyh4CPx5bv/h9B3sydPmXiO1vvUSGKJBPu9CpgxY1FcFzVnjk0kbVjHyjQckUCFB+uIwlijRUaml6/iWxUIBgZSeInGbjV8D1FoGVnLH0RAvNvMyxm003u2pUOsqhWNtGWS0YOFgsmBDmzRgZWk0pChDguolKw5kV4B6y/5Icsz5Z6YOeoU4J1xuvuJdOviBbVcSb1uSlxGY+zRcG0QFKCmedSEHYaASde64FCIgoUOz2nXPIWmubJAkuiODXlZP9xUKStIRDM+/moyxtHt6/9UB1pLmfMLuO7MfwE4w6mkB90uX3wMq6T3frSz5Q0mggns0L/ogkjJ1UPtAL1q2W6XEahiGcoyXTxl1j6n5IH2/oKy5vCuFUdy6ndszN2Rzedvhwr8vt7W31lLbBD15joYvJ2qaalArlE8HDwvS9ZW+esWvdrFnm/AQEiYsMzFEgFk1lCwKnw7OhSqzFLhy0xSt5Do21R5JERKu/VSUyu4DIMJIU2wJ/2A9UgkqsgLSXfyhKELQrTwrHmJLF24k9rOXtXqP7Z0GbqPNJoqsWteKOloXcDFscLEBlveB+QbxIMIptLWk27cwfGhBg3jL+xlITXvzqM72BB6sw2Q13SGi45cyYWyN2EWtc5L1CL0iPc33EiA3BUGG46pvcTfN2CZT+e4Sp2xuoombS6TRvHXB/aR1tYnEmTf0tXEu/cewrN8SRImMpZpOlrqS76e5W4C/yeAyZDlT3fgvlu1ysQl8SwG+ooTx8q9cqZrWDbMo5x3OtmvEIljsOg7UyQWxc3i6xtQPTCJPiS9LwqarS4dW8P3JNXAocoGqkHSVFdRDuGjoaawEQo4ozkj7bBQOuGHgT9Vtk71DfYIU9tAUQi/1ilUtj+EnPnFEfhYXufSCscFL6Wzo5SNgKTgN5kFb2MfOH7a7R3JULEDSVur1PoJxi3HQrxyN9QycDi/ZRhUZGSF3jgWHVzsekI3MZCNPOUkrAz4vFf9BfCVw3eQb1sxMkW9FHIDr5ZPiqNApREs/C5WyAF9jWeUHsfK7/V/u6uTnyi59/Ko9rZofM62rnMEyIKu1yvlvbRTP7uW65SJls5oYNvHifgleqo5zXab5mI9RWf7Hf1OVsqnVG//biif/rJ60Lr1SYAg9qvHAbmCeMIi81JEoKddmoaWMeOyM2IeNkXL09X/s9DRcMWCxnOrdYz+YmDzeoIqaZUm74DeVV9e6aCuSoTGxQxmn4RRSpQes3bFcihUIHHCE4CWdlinDbr7d0UcnosK89HFoxIZ42+OVsSOAoGx758KhRJNXxyt6l2lffsBmeDyITQwVkfSpqxLIhRx1RmnaVKnOqkE+/Q/KMls8jghS9QZdYMbXVazoRyStzyK+ii9ybglHdHSKvPbXKZ9J/9b1+MLzg14B+Qt41dYr/wwJujl2o9xepgT84wDJdjV5hI8PpYEvfdj4PcoI8Wq0kjnLg1x8T5K5/amL0jdxh53sug31IXFGa+eCXi4W1QOMW/lMRjWEE569T3OJhghXFk7xRrGUr279yu5jxirOKbQt3kPMiCJKaRPq9E+r9P7VkM53LERng9ZvrVlIkoYV6MVVaTHEjnqupGfISoVfUgtXDAC7tdW2VvR+sMjoGDC1DkXa/qxORgbjfYlKqtlnWreipAmvWNmSsejPWdzvH0gaMdizV0CFTdPOw+/pG6x9D07lpdGCRtWuzd2+8jfxVv5EewQEc69aj4IHzb48qL8cL3Wv1e1aTluoljVw7h1AMViE4Cjkyebtz2pFFw9rB9DP37jhrDNgK7s9LrYOdgKKrlxJFOamoYSPfUFt8gXcWOt/5qzitt09idC+Aj17o5pkMU3zO92v29lS0wuL95wwXZEzcYhQMdLzn8pzySnNWt3VpfcOXxJWMwhUcPTFJZECrFAlbWBOQwkzeX3He+4bRE1hmpOQ5Zr43TnQG785FVfREgEDKELaiazGiOqGcmyMbhTHG96boTorUiHfVh9bSes+W6U3EeCivEirCbmnBdWql6iIhgN96LNRgJxADYWp1WM4SXUv+UvoulHhfBpv4r4AqDzJfSrl3CQYLl28kiMA899LYXXJifRYR9Lqak95Ui6RA39rtsj9KWupqHlK1ifJvmaNWRPq0MWXp6NR1dhOnHpcz/hsQSHMduTs/pPx3tFPFSGszDq/z56j6p6HNPHuRIpr/Gydfd3xd9OfqDa+Xa+68EB9uuK1I8NxhKPh1qvZdPjq7ZQT2VBD3P1mFZjqRQKGYbW+DYhoIidUi1m0Dt/kI1g0YiYsDAlnT9qDnpjI9qMZQ41Hp1f7EC8qli3goyRJzcONJ+ppr8F7Ng/eBt004BTRZxIl3Rs02ZbBtOyB/ADAziBKT6VzGjJZCI1W08nNuJAT1jKPADaRlbAOED1UA3F7apdK+RXf7sfEvxnIW7kVt5sIPi5Ixh0e6bPbpo6nTLyUecJ85o8GLcSuNJjg1DCC9NQxk5+eQ7QkrrslffHIzcIQM1BGuAGWcnqiJd1U0g/2t84GVnKkgJfUOTt7pTzb/TaXUMzbb57fhTC0SZ//ydWmncoY9VwjZaIk9rfrwX/FSCjKG9OfM7V7foxaLuGUoX8jFdl8Ch59zvRCSgZ7EQtlflk0SNHH0z4d2u1dlikcu3QDqk86Wi7r/JDg7mwppxWXCGfB+EbPGaSaGLDd9DYRnvw//s9S4Y33ndZsZgj8CEek3nS17WPHbY/29LsHfKhTWz8YqloOAafBmTkCG6OcsrH8LL/zf9tIsMkKPupqLAvYn1496EZ+vU4fCS+nrtbGdTLOhubnUFLw1X1cB21sRFANeJRjtiMNkQ0JKqoWc4Ve+hkTJcQZUSPYqxmOV2NQ+QL1jvp7nWdWLuiMgdRn6J6AMgUvO8V/801uJEixVCCIiPedfhFV48p9qdl2kz+lTBht+qczrapCCxr1lFNSg9s1vDkJtd/ZbTSxYvW1nw0eNeGYfiXY1au/VJB9x3Fl1xbXH+5Jda1kefDb2M7Srmox9C5HcL+ZWC6HsdU6lMdg6hpbNF+l9zZLgb1CSuGibsZL9ME29RD2NfLCyXHIKkFa8AJiqp40jbhYhzzDZAfdlQqeuJ6G58Kbn1Aj4Lo7r5G0NNRk0MYqfv0Vhfpr4jSDtNLjFjIF/1i+dtVx0SK6EObidUNdPubSjj8iQ/Wq5Z5GCgM3d5NugNuauy7gFTAkCxC4XClvakmrZoIIAcwLUaH8QAQkCPGyo8Shx8OqrVhJa09cRa4NRt2c84WxA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:05:21,766 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:05:21,766 - INFO [Shibboleth-Audit.SSO:?] - 20211017T060521Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_9gep1fml5jlfmm9cvybzrxk6k7ru9ebvs6um|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_c7db4566e23f065f385590e7b5e303ba|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxHUs6NJJZgcqktJc2NF5JJtlPR9Fs+wKbMXtlJSlNvKXwKJibmfSuOFW1GeHVvrq3GemRSvj72PjzlVzXhAZH7+CFu5O9K3S9J1tmXRgE1K5Om2f8gbtT/HAYzV+SXyAkCDkMD62E42ajGzSV|_1d4a9feb87ee877841d79931a45cc5ae|
2021-10-17 06:05:23,627 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:05:23,627 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w" IsPassive="false"
            IssueInstant="2021-10-17T06:05:22.925Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>AVjDV6xd14nY2pqJsiXzxW+DlBY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>stPTDbNGGUuPEFJULn65biFtdoUSHUAVki2f7i9Pikcg7YWG+EAwIyYYXhuOJlQ61qbIS6cftorZAryvKtruSg2zuPizUX96MKo+k7b++OHC+rQe6YTWpiG44T/ox/XVZ7eoabGMXaqJJbXzsnPjZe2bQrgXvijoBptOHrUebbE=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:05:23,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:05:23,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:05:23,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:05:23,628 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:05:23,628 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:05:23,628 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:05:23,628 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:05:23,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:23,629 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:05:23,629 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w', issue instant '2021-10-17T06:05:22.925Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:05:23,629 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w"
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w"
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w"
2021-10-17 06:05:23,630 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:05:23,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:05:23,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:23,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:05:23,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:05:23,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:05:23,630 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:05:23,630 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:05:23,631 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:05:23,631 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:05:23,631 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:05:23,631 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:05:23,631 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:05:23,632 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:05:23,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:05:23,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:05:23,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:05:23,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:05:23,632 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:23,632 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:05:23,632 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:05:23,632 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:05:23,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:05:23,633 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:05:23,633 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:05:23,633 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:05:23,633 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:05:23.633Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:05:23,633 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:05:23,634 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2073123503::identifier=rick, context=org.apache.velocity.VelocityContext@791c4a69]
2021-10-17 06:05:23,635 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2073123503::identifier=rick, context=org.apache.velocity.VelocityContext@791c4a69]
2021-10-17 06:05:23,638 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b67f445c15b467fd70ef42cade8be297c94ca86aa5d19a70cc7479687a248964 for principal rick
2021-10-17 06:05:23,638 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b67f445c15b467fd70ef42cade8be297c94ca86aa5d19a70cc7479687a248964
2021-10-17 06:05:23,639 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:05:23,640 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:05:23,641 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:05:23,642 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:05:23,643 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _013a83e968829a2aaf091685c8a2d9ab
2021-10-17 06:05:23,643 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _013a83e968829a2aaf091685c8a2d9ab to Response _d221cb64e61603327f6d7aecefee3387
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _013a83e968829a2aaf091685c8a2d9ab
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:05:23,643 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxHmvm6MkcIZ/54sfHy3FNlAHI1kx5W5mSfPSmiTQqwRuyPm+BPXJ85OB5lL4Qv6kKFFwLtYHLyGbEgJegWJ1H56WABzpqy9nTetl9fxbkKvWQrhencOekaIk1LThRfz49NKgtY5YKtK5bdbhv with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _013a83e968829a2aaf091685c8a2d9ab
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _013a83e968829a2aaf091685c8a2d9ab did not already contain Conditions, one was added
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:10:23.641Z, to Assertion _013a83e968829a2aaf091685c8a2d9ab
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _013a83e968829a2aaf091685c8a2d9ab already contained Conditions, nothing was done
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _013a83e968829a2aaf091685c8a2d9ab already contained Conditions, nothing was done
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:05:23,645 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _013a83e968829a2aaf091685c8a2d9ab
2021-10-17 06:05:23,646 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _013a83e968829a2aaf091685c8a2d9ab did not already contain Advice, one was added
2021-10-17 06:05:23,646 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session b67f445c15b467fd70ef42cade8be297c94ca86aa5d19a70cc7479687a248964
2021-10-17 06:05:23,646 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session b67f445c15b467fd70ef42cade8be297c94ca86aa5d19a70cc7479687a248964
2021-10-17 06:05:23,646 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:05:23,647 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxHmvm6MkcIZ/54sfHy3FNlAHI1kx5W5mSfPSmiTQqwRuyPm+BPXJ85OB5lL4Qv6kKFFwLtYHLyGbEgJegWJ1H56WABzpqy9nTetl9fxbkKvWQrhencOekaIk1LThRfz49NKgtY5YKtK5bdbhv
2021-10-17 06:05:23,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:05:23,647 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:05:23,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_013a83e968829a2aaf091685c8a2d9ab"
2021-10-17 06:05:23,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _013a83e968829a2aaf091685c8a2d9ab and Element was [saml2:Assertion: null]
2021-10-17 06:05:23,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_013a83e968829a2aaf091685c8a2d9ab"
2021-10-17 06:05:23,648 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _013a83e968829a2aaf091685c8a2d9ab and Element was [saml2:Assertion: null]
2021-10-17 06:05:23,650 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_d221cb64e61603327f6d7aecefee3387"
    InResponseTo="_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w"
    IssueInstant="2021-10-17T06:05:23.641Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_013a83e968829a2aaf091685c8a2d9ab"
        IssueInstant="2021-10-17T06:05:23.641Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_013a83e968829a2aaf091685c8a2d9ab">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>iUkvuj7LxLaCWT1OWA5UqNPMXs5dVNvIJOPsJkSh8qM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Mymgr/FlesyXePacFKfM15H7cp+azy9NiRflHCvlnuohJGDC7ux1nAhWk4RL9vueanl68H3dk5ea2PM30nXpMqB9KnSj0tHDTk0A2j5KB/f2D+JGN8/3JF+zV5LAqz4OD/mqOQJ9ALbYVMwpIOTJ0mXRDhFnH1WgXID69JnRyX9otIIVf2cljwQEVBueh5RQgsJK60QtBYY3PozaQH5XbiiQEQfO1cJd8fB7U2/CQVzF/Nn8bT0ayu96Thsl8rAYqWdEOmcVoI/FrvziqPzkx8cV63UcFuFQQNhGy30POGdmO1pUNYICEEMCjSSeymmf6C3fs4l+mwGw9ajDTIZh2w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxHmvm6MkcIZ/54sfHy3FNlAHI1kx5W5mSfPSmiTQqwRuyPm+BPXJ85OB5lL4Qv6kKFFwLtYHLyGbEgJegWJ1H56WABzpqy9nTetl9fxbkKvWQrhencOekaIk1LThRfz49NKgtY5YKtK5bdbhv</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w"
                    NotOnOrAfter="2021-10-17T06:10:23.645Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:05:23.641Z" NotOnOrAfter="2021-10-17T06:10:23.641Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">WAX0XiVyN8IhriV3KyEl4N4Xwb+wx8U7+HUskOcQDSc=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:05:23.638Z" SessionIndex="_c14e1befbfc07bc2fd392065aaa6f301">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:05:23,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:05:23,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:05:23,652 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d221cb64e61603327f6d7aecefee3387"
2021-10-17 06:05:23,652 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d221cb64e61603327f6d7aecefee3387 and Element was [saml2p:Response: null]
2021-10-17 06:05:23,652 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d221cb64e61603327f6d7aecefee3387"
2021-10-17 06:05:23,652 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d221cb64e61603327f6d7aecefee3387 and Element was [saml2p:Response: null]
2021-10-17 06:05:23,654 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:05:23,655 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">WAX0XiVyN8IhriV3KyEl4N4Xwb+wx8U7+HUskOcQDSc=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_d221cb64e61603327f6d7aecefee3387"
            InResponseTo="_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w"
            IssueInstant="2021-10-17T06:05:23.641Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_d221cb64e61603327f6d7aecefee3387">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>XVOGfU7bAlCYAdz/axwTjc7O6UmKgmbmwil+edxS+Sg=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>N8BwdHEIXhs8ujM5vXGflORZIwjR7nuKPQLdyq6dboz7Uo4bU7Z6RKQq3P0GXNgU9r+FqtMK9u8j4OkXoRxxQoM98FVyhK6mtG7N3vfDcjKVfPyVvm4Ot3OAWIR4fkIaRSLLaQMLOmnpSWscuwccx82lVzjzQ9pI6HsV67PsASYrJNZ3IPx9LsWBNNwkQ4RL/QIZP0TYGu8iHq1oyNXrU7v6GX/djDohNCmA3g6zVKaK51CtdA4gkB68k/P7r86N4LC6ZhAjLlqFgZ0b4CkLwIgWdoUdHFWqHsk9q+SfagUhMWttQqYXmLYNOqOEp9A/pi4K5l+b8VRHUiP8S1ciTw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_a7bfb4891e049ef2e489f142d5120d01"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_bdc1d37b686431bd83bd73c0a0ee93c1"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>Di5OqnD/fETPKR/wNyE0o+nAZ+/4jR/K2cb9LK0eocOI2au/WcZMjdPlQQbCOpuFmyr4fzi3Bh9C1Ze1iaM2gyJbi0uVGYePY7XxNsS64LZ6w0yHvD7Rk+lZ6+FAHp8rlVHW7wM6t2Z4BZhrxkM2AwwpEKR6bvYlLn8neVq3kcI=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>WK50BN0V3tsu5QRVC8gMC4ACpdMlVwVwovbc8U/1RrgMi14atSB/GWCsQqu67HM1Ij5Pe2180GuAtbeyutVn3AAyf/qndoXFdebF97JNh+x1p4kGPex3GOFviXjM/VWwm1dnGtSYzKaUeidxl+uxIwHC4PbLR6OmoRdcWOkKMWtKumSHqeL0qOq+vZ2kV/J7lTGCNhhefwJI+grT80JUyldGWrYHLJxbXvWhcWnNJfosoBCP3l20q0Z8G/bNVCXMylBgp6gp1KV6qbSJsAWB9Wdzw07FaQpzZHLuNl8ClZUeDeGjCBk5jiFE+QKc7gxXb0KpGltDxoue4fjPd7kFACdbcKuZGQIG/jiVYcl2q5W0bCVLBw3VfeT4raoPLLBXAQ/e7bOqy+BT6JQDVI82axv7Kz69nug7c/3W3iS8d0C99iA3Ek2AGyf/Q4veMbvOR1wyUE6SK/7K07nUo1GT670VAkwUbfnsY74X/HpbhgMQkJYX+HpjDbbbaf3QXHmdCv99P6zSw31+wL0WPk7AzlyDzqV4c2p20a/ISMmccBRVG9+T59GJThRA4BgxsKOT5MtCiMY2iWcvyygE5CuebOs8S/mqskf9wCDBjR8Wv/pbRkKBtiDt8EjtQEVfiJ6D7+q/PQDCE21djkqZbvmAFGnC2+xpJw/9Uvw6moN9cEn065NPfeJ1jNItFWlPO1alI5fyvroTnZf9oDJgj9aJ1EuJHjsVgBaBY9JEVeB5DZ0mK3cZEE+5hGM2sfqsNj861+yEbXsg8btYIntt0zQ9DObzY8hWfLzIFXOEpwHiuf6RXp3Xv2vqFMxHjhXZlE1KdJVn9hj9BUQ5Zsw9cLv8zS8UyMDI8WyngV82rMaVhGaAefKgRBW8WWk7/KKI6RjqKewWDjOprpMskBu/qo8N4GsIu9n48DFa+ZGKEgdPpK3UVxD5jkVS2ruDWCHvB3L+NwteNyVrZYFvuErBzICXXR0Ld7fa5MiHgUh63AK6+dsnMXR7NKEChEOShBVyiTLJNaCF81iW6c3Ao96E4T4KRX2JT7BoQN3mdcKNQg7PHiKm/lXte1wYi3DzSX5BEQ9M6b/pJ7QlKoF67OitxV/ys1/Kn2MUkMCXMK+QmHyhl0h3o4+0cYLYwmUHwNIiZpwD9ORJmHUoVANzEPWS9ttDM8Xpq/VqVT8s6X6Qj2aey2VV9pDUQpGdxRqOXF2XyIdhmCtSJqnuWM4NrvlDxlOh94HsUzJy2dsE2gT8w9Ldec6ZM5PXig+5CGKIZmBZBDi1/fUqLYJwM7w1VDjm5IkumsFLwB8w9Y4TMaHIcdM0/p5ac5WsR6kmHIqLRO1tscehcAPcMcTxAlaGrRkfxuimCY2WJD5X7ssy88wCvk5Y2Us9Jg6jTuQGd2pf4ERkTjKotajB88S4fl7UmebV9V398CC28V12NI0okPy9HYywnR+Nr+WtNwatyqJ66UrDXBhYiC44d2NmtPaDH44WmTHUCd1c+zdLaGDWdG9tV7c30dHRXlKstwYlyH+c4QWs1mxRmqa3eeoXjqHu0E1CNkyWg0Yx9GFXOCDjFPihFc7bh8Z9g6y0Qzg6/UtKIdtcGkQ6tCVwCP68JhmURfnnYqlNKEIZKJJCGufcR4B2QpwHJ0mUK9w6gkVHU6kLgX7wQSSQrM2gKoj2oEOMguu1TrMaxGWWRNkgGdSpHFFPaeo2hlxrs4jqaoZQ77DC7+qmNSKFkRsYjhncn7WdTa7m8JQV2/gVT5oHqYAtW01W80dVdKvX2Uvrp/EGAkPY3D68b/34nySJ1CHSePu1vVPNQgyNIwHtYWz1HI2nTEzs9F8DVcJz/xpCjj5G5YLiKcy/Om0y3W5dxaz2XKL9JCs1F8hcxA4kZIhWD86he1QuoIYg/0hseU/Mx1LLyMVzKFHRxhgRcEqASZwLp/YTOS2hqmmDz98I4NsbEYyVKvhk3/PIAfNB26/w17LjGOta7tYPtS4PU2lFu7PTdDbMcm92XLhiOGHUezOrtty4sgPAeF/ZeHI60DN5CiW6DMZpIrUNzGwXAF8DLyk0XLtZ/MdKo85Eank1GJRhqD6OU22w71mP4tM8i5TocF01WvInEdO2qeiyprWP3cEYiYebs+vknuoXakIeO0tv1XZXxxRqoY4mFeX3vSxzCgz3eeV3t5DZXUf4axfSozWhbUoTKxiy0JCod2k/DWgR92bKvjGMHRGzO+L6ZBK0B8ItHiUtkaU95yuMIrXmxF4sgeAoTHSLJ8ywsCsaMynV1/O1YSGUu88EmAb2f5LskoN+Y6gkB4r/ymJ+5Vi57wdCSSjjxZR+5zRSzZxT8X5Y+V5O/yHexDEgn92r4w4X8xxV3V2QwSv8nzeTiY1vi8q2okgNappb68Ezge2oj4ozS4RwjPexj3JWp2aWdSQKa6AZgLSDXo1nGV93rqziL3sAkLKM9j2QH1qTPek+KNEI24v+IX64D7pLd5JuET/rNMGp38SX9iMzpBtyo7uXmLCD6AZp7VKPESdx6W1YHBjOh+ViycUOpCOmH76kA4XrHVbeOzpyO6iv6yxIFGlCDe443uSfzBpLKl3x5B3Gq2f5XVjN6YQdXSEdYxRNpyES5NCyDM34bOhAdZHljk8OmWydIANSk7DUzAtw3DPrPfr388PMixIwl4DJKWxEPvvnnk/f5pjnlhGrgE8n7HXvxjPZjFtHXXhvH/hc7D6VF5xfbdR6j28k4CJ+7mFuxy5/7W4D4XEiF+k+jrn9lWkOoHnou8PodiyVLA3tVZzkiZkxD2g2XEAvzPvksA1YLt5N2pMX5y5jcmlmYnJ8EeecZe+ew1YEkHaQuJvdon5GR0BUpHJnfrCwhwu/l0yYsvwSw90TP4q0s/nMYSY+yfiEbe6G76VJbv7Z+2AISqPp5OBW/xt2WyEb/FGLs6mDIIWElmFiZWspYb9kDG/WrNVgoqDJ5zU3MFCVfINc6ix2S383NjXTW7AZ6fhVTJ71k3JKOpGWsXS6jU1uVZxk8R2UJdcJG9k6bxT2gIoGkfNpqbI5JTHYvUaNVNtvcerNuBVTtKKgBY1FozIqX0CDnUfRGj1EtoQsyogg9Rb+4WcoZjOMtTs1m20Kats9yeqqr+fmkKIXax9EZ2fJf4AQGu6HnzskVowz//ThOMs5GBEwSG9LFemsbUk8mtXy+ezpcRDeVJx6peawddtj6bcypziuvhiA0Tu6G7/xEHUR8cFWWRrGrxBNp/or2SnLoc+6q8C1NZ1wwEugmXjo+B0KKuOPPn5QlvCsywt99epxVX13GjZ77QSSqSkJVWziod/mQBobqyosSKB93E6kYN/rTWYRjN7ALwsPuZRsEROMkkf2HfDV2o7Mqbz0AY2KAENlxJJNNJNPVr4w5nX9RbpJkQh82ekuRx6kikeyyXdwrdA5jz0yMBbGR57tZEgXCLw7ivFDvs/UuvXswNc56yY3GgUs+HQq1jAJDZ/CyjNc3TxBZn4kOV84UWc2ywAGHzmHg9KaERmv2EToyKBJje8eRHPckXnCNfAkwErfIXt8sDK9N7zj5xMcL8uYAMlO+58+i+sx0iB41Oa0xiZMeqLA6Fx8V9Q+UrkFzKzzCT0qMgFKO8XJNchM0AYUEgRbRWFpxCG2i4VvDQtXDoXDbuknynUz4OUMn6Kzg8MTVWXRKVGsHukFQ5np7MwEaRTly7lP/you2JoSbWLY2VeT8ADzDjlY4Tq6w2RUruNgCGXfhfoXdVep+simRmQrMWoURGAr03nhOEFV0T4yxnslVYN14z4H6ylh7riaTTNnMBiZjlPhQckk1aqdsW54Q2/m0rJA2GG80pz+etAPwdsZSM4psrFPM116xE/8pnl79NyCcn2CQBFUpUvI/AC87C1ecqVKGlfeSDa09ezT8Pw68mNiD5ZjGJEosiWANHxizHPti4P99Kf5l5FV2SaBqkH6qYRykbNmP8OGBABcHJt9+KT6SfoJkcxa/9PYsoql/ts/BcdhBUN4aOdEt6jRlD0TYClLIsJ+mGxcsKowujFyq71q/7Uix5HitlsSXh0db9Ca62J+5nMFKq5EtsIbzVo7VfMEzj31olbMEA4lerGL5JNxmPqG1rxvVDJkFZ6cpgPsMSIBvYtS1kmqrJPMKzZ2o4AqEPGWbsIwcB3AWBSO2PKrJW/2OfGWJqSr62WkvwcfeEa99E4kjE+DSPCcdYtcpRSmyMNNBU2nop/b4hrZo3NDM4ymwFnmgTXOfzj62U11zhYx/+n9+1Aeob3yQAUf/eLw3D5v1bGIVY4Y6javUatQ2UJgIUd0Qhcv2oCAtLa3cLnUIlybnvN/1pk/cKZQxfd0oDk+G582hk4zK3ofTC/KNV7w8QSumuINcXJD557Yw0+z6QDT+mYzQzQmro18cnWY/EziMSt7OjJFsI6VmK4izySOvIRK10AG2/NLyaSHlmcjSsOSOxuHLNtD9PewCXs7Hn1fOlB4Ig/OfXUYAPQ3Ikxt10ppTRpyMppyEgi4DT88s4YTNcaEMUniV6rgpBiygrjnrAPgLawzMTXicyR3PomJBjZbKZovFsmu2uw5HXiehjhiMXkP9/2meYsKy5ukXSVG371wx31XvfypCpxKSa3vjjkEWYem/YmpxaSF3ttZOG5QnJ+outzwpwjGfspBRWRezw0HoEsTX9T0DP6unEf/P9bVmJIqodS3XFvAf49WFdhV/QTggNZ+11X03oQX2pWwRawYfngqO7v5KjTctT+GYTFxJOFRgkb0RfZSPYhO5W5BLBzIW0swNW6kf9M4Sptp5v+Si/L9/8bG68uJG1Txtl3ocaQW/OxGPDGqfngqoTn20vH3Go/aEoJ+K8zPsZDQjfBPXyeVQf33bcgG6LAX6QzX+DaY2EGHrL7AYOag4RXx7KQq4Yi+s35QYUpkJVzMTTzPA3HZr0kW6NRXCtjzm9p2HxebgJEeWd1B0fTW26y4h4Myf1rN17e/RIVoT3erRN0FrLqyKdB50ubgzN67SyDlEWbD6yi8fUxeqQHL9qiFh04qsIoEr3Wa+l20poyJlwnVBOr16644u8tUxxUeO4g7fyf/Q4gevz0uprzB5yPQs6pES06dd5ijvevJ2I/KCnpRgkE2vI+HZmibJwJlvNdAFoiG/TvWiFmahHXf5eEOUHUZ9m4PQISN4enMVw3HjaVxMJDB3D2Nlb6+pTwRwcQdGeYUlSO8iOll08nLukt0myCS+KBk6Au9Fm6mWw7vY6uIsw6b7Nt12EYkOU2pMBRHV4ptRLl3wkyzA4cqnPn9pKc7M0AJZboDrpsoLkiA3VMlP5MhswUn8lag5vgkYBezwDt4gX4MlA45xcvXR44b0pCg+TFtHHo61XGB8Y3nFGKsDcIaCEJYDlP1xKvOt+PITCdBIFAHS2s5U6Fhoz07b5tIgVJvv706OpoOPHREw2cvS9I0twOp0LC72GyIQwVdkea313hxX8VSN+vxfhl8t0au+jLi2cqZzQHjJWfEiRJEDX8ZRywT+z3ZJhgHQnmbn8kvSFfo3krKQ3sfL+Mw7peNyrXw0+y9YdNncUy1zSkg4HF7amJkC/OqPmA9tBBS28c0IM5jsY++8f4ccJFvGHc49RSUkKg/lwX3ZI9R69WjbZYnaaW+O/qYTR7Ktg69988giYteEpQqbyFI0fRzMtdrFMpnZ3hDI9RLK6ex+2YG3VfEMOmTVdYvgZAdZkG7bpS0dWyQ+3JQInR+8o+Kenp0EGn2ZpW9j85bnCD4FCAEKS8wWeJjYjf7+BHdPzltJGwMIBFlnKvyXL/qePmYEoQIIp9JHtk6tPs0LCzbxV0PBgu5WLxPpTOuIlPD/uwoof3AvXdo/GS7hiNDyIEznTPq0tXES6G5/79qI20b2BCbICPwBDh/y7jNwSV9obzVHBsmxbmSjp8eTsW5M2pa7jDQcLryYcENY5Ls2pZDqY4sCPgcIoeoTeHTOST9pJFOJ2W6vJrVQkju9fxCYm+Ug8KxSmW900bx5HyYnRJNf3Br87i+6yGW4+AX6bBl1Dt9BS0h/yJqVHQJhSRz+eqZZJ1F64YOuzkCe35FKqv45jJJb8lEaaL3Zq2vkokT+IX6bQYjhGKLFfpfyFeoFTSavGEaufKHdpER3lZmmnOgQFjxmE24T88b6fRxvPLAfnc+xmAx6YtmZuRcHrr7RajLEqEkoRhJfzOvxCZPahal3HFnf/cf4iE2sLef1Dp8sUoMCNBaEElphGzosnW5Of6zTKCsyzjzfQXW/jK31HV1sf+qTouFLkLHDW0Bz1fUfq+cg5Sx1Fkz/m+vfg9Fs0mzmQ46YRmYaQLb/1Ze418xx96xDwAs6STOxmUCcvET+ucSEdl7rMHtsIzfoTYRAbFf3ESGX/WI1PpT/A6K29nSFXFgvOXQpw/O7X8hdH4ll34rq3Z+sHKTpCDAgsg2rTrk2o/8uwxveF3y7+qXaTuuLcYp8j6y1wlbdxyqAWRqvicP6Hg2WgylQH/FpvasJgJjTAoltm23n/blMo43cSZ1lv6Hi3EEw4bfl1wKjAH3WX85hjsYg83IKExa/pE0b2+O8MbBpmvg75RTyOmpBaD5DPvT/WxBWQk5zmP9t3GB8RFp7USkv9bT/juRmQEF7ItZruhyuBJbc2LPijOoTzUJNh4Gb37LPmyDnhbOJMS5b6w3qy9bwJo5EF+4fQj61x+zBH64OuXg+RhWNWZxeeAEZWwy2cdIF/yxXlBi2wNdEYvGhWR1+KOISV8yFKSeYxJXSZ75YyT8zh+PCX8QuhpH66s9bTsUviT+XDW5hEjybViKbBX27Vgqyd3SPvJE790hyR2TnaOOcfFyZ6cdttofsb7wEpbjssatlBvriQwQoeUJhtAH7f1iRdlK8+oYVlBoV4Wy2YYqeHtTkoyV5dhQ+ydARFMNp54uCnM/GE4goEDV1dYxJtZhEuLNSWFv/kAxOw7ZmVraFFG3WHCVL38K1QPDOK2JIm61+I27GSEjvetqfyl65rYXCdclcS4Rpcf8fhXhoGGcPm64Hox4jJhGIZIkfyc5YSxj34vAm4Zzm1uBBQBv1UIepaJMc9s9aEkiCqzqzB1E+gTaN+0qdUxtqT8RAjIFqeH03hkIneCDID8TyAuk+z6XmPuoQl4j8f2GLFim8mqenYj/4dVPkpXooPL3DSaiJj/ij1zNeUA6rnNFK0C9ttum2Y0JCJh+C+bWIqYRVx2C6DDGlOKYD+/vK8XusIuq58bvotj/FB3mrkzhip+DOighNDerZuymVDaaHpjTNq4RTbr15+QgJKeqydJUJeVe+T54eBFEfis69W6ZrA6e0XdKiCa7hFOzLVZwm4ACMAz8HYunMwmsvUAdXnwhES5/nm6fSjcL0+j7Xb/CglnZvCENoFapK9m2ApZihSgrrbQAHMoiyJGH6wkoXhAgHUhccZuLQcwksWZLfPXIeg7RU0P63ozHyLYVaDZXYNRBsXsg8vZ5K7jbvBeObRgbfBZEiGtPgVpdQurT0Lq1Kcg0aH3LIgBvv8FBHYNp+wrSCDon74JAI8SIhOxKAjpYm4VFP9jU4EfOk3EET2hLpwiG/mlvT8WPsx9ZkLvsbdhkLyXutUcyPq9CuaswniYOXEwbvbWU6ApQUdFcsyj0XERfOkuAk8LaTU3KL1utM8IjFj6OrNIuWDk21bPHGxsMhiAA8LySoGS+hWc/Q/7NUDJumGcmH/L8ruKdJoasYY3TGXfPZK5bpJMjP8pe3A3kEbMCXP7E2Jn+5VcuS17w3fjGPcLf8nHmbAcuNOK62iwegNENeLhtXAFUSJrh5QeShC8+4dRJ6kCAoyNPP0cmpIxn9j9sxfJIr/kblDOmA0KZC+EVenPUQMmKV///glKr09Ha813VdxaB3nVe1Mle3GzWesrL0q3YXRhFJFtivZxXoz6fLASq51SyhbYaSMNF+PezWkXV8Y3K8Dn4efbhXtexiSW59yiRJc9e/4/fPANJ3mezct4jic19IM6S6q8+HT/L6tu6TJ5CvOO58gFJoB0ShOfW4NrbRO7f4N7GOSHg6L/IaKBS4U6eTNiQ6fNZ8Cjg3d4DDwizFmY+oVIBJI64LIO+fQt71CAB5JVfgrK96opOK6mr2u0NREMUlALyhZrRl6iosa/MUvGfk5ab/bPNZHYJ+Z/oJt41fB8I0VrxcovXq47yH/rqOSoZPKnAJdNdr8iDOjGa/hKWE3GqC8UgRXk3kg5LbAsiZTXxh2SSnT8YhkfbTkSjIjRs9X1M9dGeDwhb2OZnUtzYq4Yorc6Ww1su2EPvECiooKsB1RdFyRREbmGVjhY8a1HQ+tLbRMIiQ6fUwVSiJPXGxCOpSXgM2T9qJtqYKkRYIaEGXdcHeADl4zmFqfYmbr+pfuzTcgc+qCoDQg3Q0ZriIJRGCtQGQB2sNmkBXoVil0UtJ5vhAlJtVo6ctovwRq6PeMLAmYwDcaPOzEKYz/QdB5Evcr97/q3x/PAtA2G2lzhFuwcJ4R1N6z9SN5Yf9HWptik1K34dlMJi3ijuh03YTsO3oPSOiPm8WJFQIHr9PQ7It8BzrHwv+C2KXHIxUaSe3IGEOVrfh7Fp0PYEEwCpLnZ/MqotDgxC0tB0Xw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:05:23,655 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:05:23,655 - INFO [Shibboleth-Audit.SSO:?] - 20211017T060523Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_pcdgqrdi0abwer1gaqo6caqm48tj1i9crv7w|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_d221cb64e61603327f6d7aecefee3387|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxHmvm6MkcIZ/54sfHy3FNlAHI1kx5W5mSfPSmiTQqwRuyPm+BPXJ85OB5lL4Qv6kKFFwLtYHLyGbEgJegWJ1H56WABzpqy9nTetl9fxbkKvWQrhencOekaIk1LThRfz49NKgtY5YKtK5bdbhv|_013a83e968829a2aaf091685c8a2d9ab|
2021-10-17 06:05:25,275 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:05:25,275 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:05:25,275 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2021-10-17T06:05:25.275Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_7b4741d3-9a46-4033-832e-cb5419d8712a"
    IssueInstant="2021-10-17T06:05:25.275Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:05:25,275 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:05:25,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:05:25,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:05:25,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:05:25,276 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:05:25,276 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:05:25,276 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:05:25,276 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:05:25,276 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:25,277 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:05:25,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:05:25,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-10-17 06:05:25,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7b4741d3-9a46-4033-832e-cb5419d8712a', issue instant '2021-10-17T06:05:25.275Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:25,277 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:05:25,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-10-17 06:05:25,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:05:25,277 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:05:25,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:05:25,278 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:05:25,278 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:05:25,278 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:05:25,278 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:05:25,279 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:05:25,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:05:25,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:05:25,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:05:25,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:05:25,279 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-10-17 06:05:25,279 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:05:25,279 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:05:25,279 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:05:25,279 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:05:25,280 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:05:25.281Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:05:25,281 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:05:25,282 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-10-17 06:05:25,465 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:25,465 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:05:25,465 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:05:25,834 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-10-17 06:05:25,834 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-10-17 06:05:25,834 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:05:25,834 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@760509879::identifier=rick, context=org.apache.velocity.VelocityContext@190233e1]
2021-10-17 06:05:25,836 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@760509879::identifier=rick, context=org.apache.velocity.VelocityContext@190233e1]
2021-10-17 06:05:25,840 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:05:25,840 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:05:25,840 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:05:25,841 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:05:25,842 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:05:25,842 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:05:25,842 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:05:25,842 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session cf196f910a5629bb27c282f1203f5666f51ccd5fe6db0d1ae34e3fb3b653d000 for principal rick
2021-10-17 06:05:25,843 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:05:25,844 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:05:25,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:05:25,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:05:25,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:05:25,844 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:05:25,845 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:05:25,845 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:05:25,845 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:05:25,845 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:05:25,845 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:05:25,845 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:05:25,845 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:05:25,846 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:05:25,846 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-10-17 06:05:25,846 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6e643df9'
2021-10-17 06:05:25,847 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:05:25,847 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:25,847 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:05:25,847 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:25,847 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:25,847 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:05:25,847 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:05:25,848 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T060525Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-10-17 06:05:25,848 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-10-17 06:05:26,031 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:26,031 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:05:26,031 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-10-17 06:05:26,031 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-10-17 06:05:26,031 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:05:26,031 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-10-17 06:05:26,218 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T060526Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1665986726218}'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6e643df9'
2021-10-17 06:05:26,218 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:05:26,219 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:05:26,220 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:05:26,220 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-10-17 06:05:26,220 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-10-17 06:05:26,221 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:05:26,221 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _01097fbd627580ca60db9df67e7f313e
2021-10-17 06:05:26,221 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _01097fbd627580ca60db9df67e7f313e to Response _e71e7cbb8987f15be46ae49ea5ed731b
2021-10-17 06:05:26,221 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _01097fbd627580ca60db9df67e7f313e
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:05:26,222 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:05:26,223 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-10-17 06:05:26,223 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxhtHh0MY+KFjOv3IeqHfZh5yisJjklpcE9twsdX+5iiXy+Fjn7aIiNQTKdQzlZWiji9nH05ppDuGPE0y2X7/1HcDVrBm3KEZQJk+4shaTiVgNlD8uPCzl4atCO2OdjspxT1jRCm84eVZ/t+5g with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _01097fbd627580ca60db9df67e7f313e
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _01097fbd627580ca60db9df67e7f313e did not already contain Conditions, one was added
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:10:26.219Z, to Assertion _01097fbd627580ca60db9df67e7f313e
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _01097fbd627580ca60db9df67e7f313e already contained Conditions, nothing was done
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _01097fbd627580ca60db9df67e7f313e already contained Conditions, nothing was done
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:05:26,223 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _01097fbd627580ca60db9df67e7f313e
2021-10-17 06:05:26,225 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session cf196f910a5629bb27c282f1203f5666f51ccd5fe6db0d1ae34e3fb3b653d000
2021-10-17 06:05:26,225 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session cf196f910a5629bb27c282f1203f5666f51ccd5fe6db0d1ae34e3fb3b653d000
2021-10-17 06:05:26,225 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:05:26,225 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxhtHh0MY+KFjOv3IeqHfZh5yisJjklpcE9twsdX+5iiXy+Fjn7aIiNQTKdQzlZWiji9nH05ppDuGPE0y2X7/1HcDVrBm3KEZQJk+4shaTiVgNlD8uPCzl4atCO2OdjspxT1jRCm84eVZ/t+5g
2021-10-17 06:05:26,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:05:26,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:05:26,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_01097fbd627580ca60db9df67e7f313e"
2021-10-17 06:05:26,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _01097fbd627580ca60db9df67e7f313e and Element was [saml2:Assertion: null]
2021-10-17 06:05:26,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_01097fbd627580ca60db9df67e7f313e"
2021-10-17 06:05:26,226 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _01097fbd627580ca60db9df67e7f313e and Element was [saml2:Assertion: null]
2021-10-17 06:05:26,236 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e71e7cbb8987f15be46ae49ea5ed731b"
    IssueInstant="2021-10-17T06:05:26.219Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_01097fbd627580ca60db9df67e7f313e"
        IssueInstant="2021-10-17T06:05:26.219Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_01097fbd627580ca60db9df67e7f313e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>WPweYOVb8XsoQOqB1GM/qOMPy6FYxP+IlZWmbWRZy5Y=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>eplcwHWpn8Praf0RDzdCrLR+V1uVde6fEBjDp1y1dOsIYA06LOBGkr8akbccM1vHxKVySDPSJMKIJIBUToVrfoazUcOXLRqgzLWfg32E6bdwOq4oJvOwUiYWJE9ML4xoqLmeH3j9wEYF4qEtKnf2vfWTWqPt5K5AI1h2MjPhzDvy83OSvx7VoUXGHlRrOXMo8wYzO5PLDfifO42MYOfBNg7f4TfjOlGvZs75Cm4wImXTVc4QNreVYzrJ04UlA4mTZTdydJpYFKTWm5hCEhW2EGtDUihTtVg3okdpe1g9jEoym+8M1YIivgLJKGy9txhx4LX3up+UDckuypx55PFMHw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxhtHh0MY+KFjOv3IeqHfZh5yisJjklpcE9twsdX+5iiXy+Fjn7aIiNQTKdQzlZWiji9nH05ppDuGPE0y2X7/1HcDVrBm3KEZQJk+4shaTiVgNlD8uPCzl4atCO2OdjspxT1jRCm84eVZ/t+5g</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-10-17T06:10:26.223Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:05:26.219Z" NotOnOrAfter="2021-10-17T06:10:26.219Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:05:25.840Z" SessionIndex="_8fd81d3c4de43cdc81d7ecabcf5f0f8a">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:05:26,239 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:05:26,239 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:05:26,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e71e7cbb8987f15be46ae49ea5ed731b"
2021-10-17 06:05:26,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e71e7cbb8987f15be46ae49ea5ed731b and Element was [saml2p:Response: null]
2021-10-17 06:05:26,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e71e7cbb8987f15be46ae49ea5ed731b"
2021-10-17 06:05:26,240 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e71e7cbb8987f15be46ae49ea5ed731b and Element was [saml2p:Response: null]
2021-10-17 06:05:26,243 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-10-17 06:05:26,243 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-10-17 06:05:26,243 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-10-17 06:05:26,248 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_e71e7cbb8987f15be46ae49ea5ed731b"
    IssueInstant="2021-10-17T06:05:26.219Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_e71e7cbb8987f15be46ae49ea5ed731b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>70VXGOcF6T+8yU5FcVUqjl35J5CXZUgHbCT+/g+yP94=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>IZKi7i5SsDzXvgMoHNYj1m9cFJZds1FH4yDdpvMeXo4YQ4hbIb3Sp2OQcAhxJ/VNWYV8jX2FtnSnSn548X8Tc2Wz/+OVOOjHoaF905PuMUa15UpqKyrdTWwu1hZzxSpdw3bTj5bFxy7PdNI0Dtl23qAn0ED2/2wICV6FCGCPGuKmFSHvQw6aFglyNS291+UkU5sYvySVJpR7LigZY2Q/PziDkxRDXxwAudJfTivOHCHQi0GswCc1M2zO4EF5sZXXvd58Wvy2WaDXzBMLPbLFKROQuzWUbCWqavfhYFhA3aHlI1NIq41Ge2joN+RSZArT2INXbuew9PF9xdy8mDuFZg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_88a4e69387af10531eaa507100fc13ab"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_f613f405b641a0140d5dc5ebdb55441f"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>IsnHrfTQXwUcEtELmHM1jMVzPgtPftHYuFK38fVLZ5t/iiIS8P9Li/07F2oDwuFDSKsEaXbOUvz00Sxd9U4ZEpOj8tdKD9ahZXEIbtq2/317nlGxPDXEFWcpYyu333KkbZ/d5ZU62eJrPeAITfSmKmPVTjXXY6Ag97gRsxLTBYE=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>h6ctPlimLU2i5Vkm+vqSL2n/GQ41ISvaekU3IquLoxDNI7I0dK7qnSb3VtRunxaCSumcVrPy+9ISsRIITbxXDy+APV1oiJVVdtyX2uPyV0W+2eKVt5xZmIa0g6B48cgweqczLcVBMGakYDsnGycBlt0rXxI1T2fGUovw/W/hfibLV8596xPtFta5eYZbM/fBJ//hEqnkSIDJZrWGxy2xNmAXigk3KNkBe+k4To020B6hEJ8AzZdG0WMges/ykk35sDTDU4KVLj+C0oz598MM0wq51C2BcQokRgEtzbPAEyHRli4/QOfueWQQ5lDc4Bq2YzeO3PLIsAZZrrHo2rlTif49duNQ5YUoslmLf4cCbKkIfk3hUFlI3apFyBdYouyT+svkK5AzWg8NcyhfJBQaiOq02sngfHZUSdozKCtqQNQORHglEAlcvtKc/38kQu0t5yemzI8svnFH6VFH+qGDincOwnAAZSMR1TGovqLp+VRnUJSkaAHf971RUwqOgwvQKjy9U3DzLWBdu9uiUvYVqij/DZonT0+TQpBtDDHmZ8mnTGnYosG2mTwtf3ovwi3FtVuNqYr5enyRR8EgtsykhZxR8+IzfpZtNsb+ygSzuFbQWaZvlBJeoUwOyO7BzPNYOU093/L+5NiBAr4B3JRVQUhI2l/qMG1NTFprES0xSAQ81zrEaEAzTPag1Q5pO5XGcVmKlJOF++97EYyTkZ2IAuLXKxx9krn4qvY61NBMezUFoXzuc1p+TiUj6UHd3fzCDSxvJr5zMJg0F3PbxPL/Nhy+8HxeGZQCaAFOS9VgVLOQusa21uYXTreOEPC//6NNU5fGg4vzD17o7nvKd/Sc1HCvm7eUAs4XvnaRm2k6Ismm0sWeM3hVl45gsbBXUVNs8VAoVC4ioa1ynvj1li02DRUTcrQukKWf3vipzZyuFjN8hgI6qYt7hz7kk87JD9DSSV9mOcgnZJCM9EThBlZmmjxBMR0+V/qzkufdHgxmsSJG1dVbh216YHDWUNWAjJ+8H0b5S0ljQ2TZ1vbH9VoSptjAyG9tYbKi22/saIRTwKGq+eO+LTpOimemFYnewAo2Q/RH9VYPcv5bEL+o99+9nZ7dbFZu3jmLJVPN+qMB6N0SrNdXVmOB/Vf0ZcbYiVRd9SaIEPYxoBIInj69j6CZZ7ObsHSDPIO5XpY/M1MAAjB8R3E1KsFozuAmqaDtk8npwR5Hu40zFX2SQOxOdODLKEDsr/GRQMqad21BFIyEWGRQcBDApuOcu1tsw8wBMeWCt8AsT9qGL2TBXJmP6WSCxVC/xVIEsfqm6rLVyB/IZYcJsHdD1deNm53t9/pKSKEG/Pd0PHpAl8DZ+IyDAn2DdhHCKpliFxx2pqpfELmigWfha4IWI7XBmeGr4lb67sf7bCQeqjQQQbNTVgUoG4wU92W1vw78rNfjJxtoHvnrxryz8ge0KG7pY7C4+OjVyZfrkrueSmRUl+zvJYRJJBH4Pe3xdh9rKON0kLmZKNB11VXZlBxOurB4IHXVHxdfwaE1v8Uj95eYInKmAmiC9hFTv93eKVK1L6SqWbU3NkRT1RAHjozDjK40v5kB7BrUnTxdVut2UyL2O/Ekj/QP45rhk0vpf7ciwssEZF4virhHMJyV5UUnrhP+5WoArIvXI3pNpvRc8MpfauYgCu5cBlOv2CvKn0g66ZcwJwdOsM04ImN6Jp87EQcZu9TG7GVH7b6fqGj0MeeJ7kQftzLolKyqBV+nZk9Iwy8iYUevLBG19nionA2vVOJ2vrtFg67kq25LHeNWoSkinmTU65m7P1tedp9AHhIaVIQDY8SBFIU3FH3Wsu84ov1rLEaHUSi/IRmTLneg/u/wXr+JqX9va2TX72WLPNNKV3/SoO+FBPU+kuWT35Ue1XQrOUM2ID76cp2mMQwMN6mYZ9Iy39ucjciRmEHVbf046bQJ2ljQ6cXEv3B71O+qXq98AzC3ds2QEdJl6RZ2SPI0johTURGyVoigh3s2oiBP1us+br5n0soOT6UGXc9DlPYG4jFZNu9z3o8HhpXUoKvrjTiLEb4Ror1sHrP4Vtjs0DLW2i3whaJMrKaD87QSVzWFjtThZHkaDxFocEjVK9VDJJapg8EBgx1mOqt51wV21RasAo2t7drhJjW/QSPJyKDtNYVlUNV/0UyJWG83MahcU21QyQV0UdnqILOhv/XBktt5ARxx6kDDcAr5JRdcrQYYKofMH6tnhDacR+Dt5iQNEaOBrXxvg3bI4QzrO7yDnYOzDxPTA/rqpEPAAC8uswrrmrK+b8lbXaQN99KGLMFktB1cN3lLLmLZ6xt0meTdyGGFGeDjgZhBqshsHCgcSaIo4QM7sjw7n76vrTzmGDi5Fhsmf6q8KLN7avdl1rJfj/qy1bn+s6jeuby+57gLPxOYqvjcrBjoLN47vWP+ivJJgh5nfg83sT+bYl2S8yVxorrprzrjYvD+132rtM+vOytieL5tta8WtxVrsUts87mJbQr9MFyHsOkMusnOUZnbtsrAYDz+NlXf9eJBRJz7gE5bFVgnQ7ZlvyY+Xl3xOl5kvlde2hqwKpHi/oS/2L5Q1dZe9+snK3q5Owz7hkph7qHdwaLnfXA/7u8FaqtBpFSRrHUyThxXc4L4ahVdtSe+z+T/YPBKJDcY3yp+JBHuHyD4X0z5U7qfae+2FYmEfAQNUL4Cu4ZqF4tcrVafed6OhmHVo7se75Nzpfyeo2pokhTBvwMR/OafQQGoQlzpHl4a907BpJ6JOFIOPwUzn0Y/BrC+LbwAxNkSZHqHObyZCXX5dQhBxlcsTs67u9iUwtkNnd3w0DHCQ7w5ihRNCeHgDe3Dx8M5tD1+0tn6U5Ta1IhgWAdGcxsJYx7qJJ3v07lC9CkK1njp30Rzrd6hG3Yt8jzxSMSO94Uu1UD1xcnGeJ0osVZHLZotBGGsk+Vfcgo8LOLT1aVXCCRhdu8WrQ7Pq92FdSheOMPUAOGAXDPFwasrT6Fz0kLDnIhhTyyl2cm62RU6IvNFRm4mD+KktqBQoNEBbC07Mf9fY17HdCCIisNBsVySYm67rD9xbHqHgswsCSgFZBiHv96tWETIspiwLspvjzSge0738Cg2qyk6qnC9VNCFzs9YP/YbsHSclr4IBy+rI+QzAHkAb3KJgy7Z8ac/CcYDedwbPsdXD1HB0SwrV4vVXfpDJCBL4kp8mi3PUs6fvJZZWzsLQqLvwRDjQr+HGZsVluU5sgacBnmn5BVW/HYXPSHvwmx9+iBLhC9DZr6tQu8i2+ItUhymdA8j40vhzHThVIxPqKFCj8+GBkI46UJN45YAIZoKp/AQasswSwR8yaQfHb/51rknRsRdDiIilYhpcpKy/cMbW5VYVmrVBdP3FS8quACdxpi9LarjV+F+lf3JEQWn+w4LX8ExjSR1KHAnBF+Z2osj4XxxAzi8vu/k9cC9K9sZ3pZpg7XCCwBIodeCiXj8jmWj9ZExg2a9dYGKMcDRkQJ+r5czKTeMCU1vcuRalHZA2Ll7sk/PI+aRNvVkAC3jtn/vTYxtyb955/CzLXnryrDgv5cwu0udoHWMNT01XWzinitS7BXbjqFpDQ4hUJr3EuDYSLVXFHGA0rnGlkedDqxbRygz7zPlLevaliA5CWzO1qENdkZUiZjSP42z6a7RdsARRZzbPgTxBH2dMqVcJoMMJ/Fwg+AeeTZIUIcuv5bYRXxwWmzM0MnMsPkHHkIKuq2mJvrklueL+FLVCowURV85NgEwFCR60bb3vMVa4G08xVpxDDDmKarFYiL27/pj8c3zUOflQvl1Ai0XbWzH7cteBYUqEmxuY3UuD7koP2JPVO9WQrZUdpIiLCs4mPvb2AIeZEm6Fxmeb4SJo6uasHDxszFMLHeglh1/IeeoMOnr4S8u1lRtd0d/w9Dc+1HEoWxxGFId6UvtcpsnrwnTWCRT3JUAk1duHmzG9ETvgeMJeF/+jLkOdH7JNOPuOwEPoxMHI3vLjeSvQRTHFSpr5qdvRNnuMoltOFog9VpqmKYFAtN5Teg/Wi/dfCVir7GbVx9m+kVUyL7l1SIxWDp/lOtXWPSXzDP9MTug0RyKneuFK2aCq/BN0rSkGAC0tmfCuc6OO8hbCts4EaMyAGj5J4vPnkTp3b6eTSVvSn9ck70Ixrp5KVkqIJhauPp0p9G10ryS+tW2P3yX+VOe2GoajSNTpEhdB/AhPCvl2t9x4R8J/QiQ5XTQ8/epPKviFD7Xcx3DmpMjp2uedHDQNXimFKUbE2hfHsdHWRBxE60PLHTCwcos1gnY85ELfC84cOrvMNcb2rZc9CZhU9i/yQ7fclF//GDIGtx5khZahVF1nJRW6JM7Y2YsRV3Mz66SsfDm1G9H7CvEiwd7oomOEHWs0A1gRiJbCyBs+djht/tPPJs7+J/vBb0ZOJeJr4shfvMv7UIqygdzhntDrTygieDnYjgUVv4BDbUkqZNDdjKhFIdtWYL7ArUXoQRpzHnfB73CTGJZiAgOGvMi+uH7yTj5/LLm4azQLwpx/rmlkuV4krH5spyd29BUvUH1bPkucrCKd8XlxZUSNtKzTgLFL+TnegctLG+kiezeQnY1Oo/FPv8olox4lWdQ2idFT8X59k5zJD9+xPNYM0BCvfvUm/gZE++Gopswh7sPA6hHe8EA8knYikKc3BRdA9HN/RALyyrfl+i5KmxwwhVAM9s5gS5T1baDBUW7IlktD0JsD/u+hV6kJgyyxl00faI+5gqHYmezkMQDW1p0Al7BNQdTmSHFv92IsrAuON0aDnuJ3jvbnFjsaTwYv+Dr4U/nklwDHkpegfrkk9L98YnYwo1kKoeA+2aQU3BvilKKn1aO7GhWJkvfLe1VAOHuXT2bP4i5WNzH/4O+PQ/KHaWx+D6aqQ/eYANur+WOl4x9RItV8R+0m5vpqk/T7ehUhrTXfrnJ0ezl3IpK90nXBqsSHJeqAhPwJKlfVsR8FK7d9Ubed7TMTBy6Pz7bylx5x1lGMjkzNn+VT4EfaRyLf3yG9A/Li3agLn4N8CDe1X4xpCUvHiUuB3Ng8NMR4DYk2j2I3+t2RbheCcJmnhlTC6+QkAznkxfnsWYpWdSnLadlI2PcOYz6tAl4frdqOX8xfnOwXP86tzR6NgVjvHExQJGKTdML5I746hRiWFK0g/Lyx6Y6HxfhuhNp2oE5MxvE/jk6qgZzru8CQYXMFrFgwxtDmqYuzCr+y1zvxGySUOVe3wK0ESY7C+ooX5mNbMafY/FzU/25Vbbx10ae+ghsur0up91MKFID6jxzRar4vK/oLJgeqcgQVstNtqQ1umJ7zdMGC87f3BZ5OU9/KWwNQ+x0NQTPKAmnOb6QMVm8WQWeUbOD6CiAWLR8LDgUgL6GbCF+AmIcWJ/EZwFVLsjUV7dvtjHhNkNgtgDXejqSW9pMLdubtWeg/XRfdPfGExicNtaJtBisRgCjiNSJ/09K+HKw9rF3bjPHgTx2o4S4EQuJ+oEySWSrClGzLZMTdQs7TO81IvOsRtqA4wqkwAAweA8yASIhMOue7BF5T2WO+QV6w8ROXXkuPqghtGu7zw5oseD7HOKLq5Zwf+5vVlaszS6hKGOZUgj34oAJb51MxMVtPlrELggAIFAs+pSiwuKMT8T+4k2eL+0f6DYXdEdS0ml6OD+pb25QfRO2pCUVHcYzrWazVMJAzuvRQmZNjt3Fj4v7zWzSYjecHE2u7Y+Csaw8yBKSM2P3kNe0ZotGOaPSp04CWtjlHRwRKrxjfKeF78L6b4uyJlX1CdgBiJIM3/WB+LJ62zaxwXFoWLPPJ09P64R71whvhYOU/CIFReK5e8yo+WvAL0Ajrc/1qcT/ORZCitqAdvYstYjQd8inLDEEzVONUijZ360QYJvlXWd+YboSgDW+075IdLXY8inhXVbVH2Zp+say04rA9BXm9uU0hFjcXmZj+/oa5GSNlDvosaS1JscLPfD5nu/wNIuYPZ4Px1h0EIgdorsgbqnf1+ysapz0F+pdHBK8zjhQXKXFbRcB2T217VJ0fqW8GCTQE42GwZNuCRgt/yAAYt8o2xQLvEz8oBhkdy7zgyHx8whDc2lppzGkUC0T7OtXRzSXK2B3xSDIYmcEaLKbskFArkk7MLv3Gje1tVvsM+2VdsX/pN4P82FAR4PG97Jw/ZdpMnma2jVbU8j+j4SDsXsKE/c0pxkNRzN1o4NWb2vdX/HVTKyQ+N5p6m7FrmaKZ9Wtz72TMviEkJHj2k2NB/h3nXyn4b4aLc8y+ASh5MnyL5BIkivW6veMawyTM7YTuS65jj0Ne/xivNkguQiPcT32HRjvQ9y2zXF5mYps8cdwEsV3Ve16IXBi/tZssMmI3+PcNwOU9MMoMUnabid+zXto1XH9sUo7D03x8m9iL7+CRWzu2BH4GRan8ic6KO2P28XSoL8c2L98Y0z0acr9QFomEaQuqTlXDIWW3GeAib9DmLPnrvLIeOF6AkrTe8VIrou1TS1J4EL8v2Osx7ce12rUusqO2Gbh+MaEPQ8FpG+crD2zuPIvK3A0ZWh/LQw6xKuQzN/Zb+uncGF1ZWMyzPVobKkIBrZNlYEfpqbDGpEpFCR+b103ePZD4yQxma4sQ9mfirkinijBWkxrK68YSb0ShAWkJfn6yKGMh1L04wYU+JG7dSp2e9xuHhu8j7fPDj6jRWfMFZynmU+2xDM6KgbWS+luQVnm8ihvANz7Kz2ZolHLuk8N45TqisKRDZCfrhYesm9Ficp2TmUgP7NRMm/cqrLmzGxy62+HftgSU3avbLeVq4O3llXVzBNqTQDhXnYtM6YyAothQG9LkpU0eGoXelu98gLbBvjlKpd9w4A0DyZjwSImmXxvl2Ypl0kOr214VV0vQEs3+M1LqMIxSwpRF2P+D+5lXfTLGO1lVW8XBFEwrqiwB3FvCIOo9lZkFuF3g6kwSWxBU8ncl1U0JZRoIwJ9tb2J6k4Z5icfbKkhhsnhUcytcf+JRHKipxWvJ2h9seYzBu/1lyipEwIE7rFJbB6/hRAdVrlMWFcjufFjd+6lyzzNoeqSd6YCtsg+Y2oCTjGJfT9lPDjgoM1orGo3BeCLB0wr/Xs68fRKsm+xHRaQMAAy8WTa+eys2owZ9s3DlCn76mPhxptsN8n1TvxcnTEEkozSJ2JmVt3nLCTkGCnaEHXSzlN5T+vsVUfD7spVapXc2jFmo0QfYzdUfPodHkJ01l9WIyNqlppPbebamrAPkqzfORrCc9dJcvNZAeZHanVIm8oFGOwtXviHnYIcHoWxN/rrcAe7uJ2+PYpmfFf50pSW+sAgD0MfTrDRHJnX8TzQI/AwjJCZUEu7U8bk9B57+VV2aWzg9Bd6rLrFp4fqswjv4jxjxcki5eeTg0JrHvpzoVLeiId4+qa/kJmVlx11KotwY6Msfbw4QJa068uk8OcbJ6nlWHBUMvxeJl9YBaXZ2qSBzZWnNAS/Y2yKClK0B62PJzgYm0qvQOnxCojSe+9ysfwL23k5zFCR2jWTIzyGCdk+6460KGqoocSXclFd79qmlOtXXj/kZUc9Cuiw7TYrZt989fGtL2mN155WbxUzGtaqcF0n4UeYtC2g73A8K5yMaC3w7SZBFNZyeLBl8zi4aBSJnH00sEPWDiSIKZ89S0TVVzkeitJHEImue204jfKLboy8dSoKVYT0aFcb6cY4qGFnCIGYlNUx1S945HJlFgPz5hpISUHcGSFkcmJKTnN0TVfgZidjTfoqQZSwSQ18ikkVBitKpoZpmEOpnpO+GMGw9aIarglcObJDXN/eo/bnrbhUI5AY5rMPr5DkWNPOWErziqM/AD4hDCHb0GdSBuj1lhYbipTzQFIOMlkW+KgEuA88PRWh07kRrcm29ZwA2ySjmgIR6RXpKGX8isdMyMFWSO/IjPwEJ1u2LMAzBbs/gvkqLPbxCkio3Yy9mvB/6zEh37g9xSfR9HQPB8kAdSg0KNNvAnZ+soZUOUyTtbN1EoFjqabiU8CfsvKJ18F55X8Jw9QIKkjgPqhYl0BEq1qRIP5Pw31ADvwqTTNXi5iILG2sAerK27hK5UEdFb+PS4U8CGxcx8HUrM02g0kJcvGGadGs9LkY4PXIUCU+2P1OGDZWqn8DzP7+Y0vepmjdk01KsLwWcLwe70B/dIqYdukQEg5pqV/5H93QvIHB6UbLw0YjupkpeuV9ififLxDcrCIybvDDw0ygWnVBUD3EwiZQBwIghg/9yk3HNeYPoWuZST0mS2pOynvaktEhIlE2brf9FzWLxCZ4Kyx9biN4zAEZFJ3ljHE=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-10-17 06:05:26,248 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:05:26,248 - INFO [Shibboleth-Audit.SSO:?] - 20211017T060526Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_7b4741d3-9a46-4033-832e-cb5419d8712a|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e71e7cbb8987f15be46ae49ea5ed731b|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxhtHh0MY+KFjOv3IeqHfZh5yisJjklpcE9twsdX+5iiXy+Fjn7aIiNQTKdQzlZWiji9nH05ppDuGPE0y2X7/1HcDVrBm3KEZQJk+4shaTiVgNlD8uPCzl4atCO2OdjspxT1jRCm84eVZ/t+5g|_01097fbd627580ca60db9df67e7f313e|
2021-10-17 06:11:06,598 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:11:06,598 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:11:06,598 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=theory_principle_dev, acsURL=null, relayState=null, time=2021-10-17T06:11:06.598Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_561736be-c370-4a1b-a742-beaab7bb8861"
    IssueInstant="2021-10-17T06:11:06.598Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">theory_principle_dev</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:11:06,598 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:11:06,614 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'theory_principle_dev' from origin source
2021-10-17 06:11:06,617 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:11:06,617 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:11:06,617 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:11:06,617 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:11:06,617 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:11:06,617 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:11:06,617 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:11:06,617 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer theory_principle_dev
2021-10-17 06:11:06,618 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:11:06,620 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:11:06,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-10-17 06:11:06,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_561736be-c370-4a1b-a742-beaab7bb8861', issue instant '2021-10-17T06:11:06.598Z', entityID 'theory_principle_dev'
2021-10-17 06:11:06,622 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'theory_principle_dev' does not require AuthnRequests to be signed
2021-10-17 06:11:06,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-10-17 06:11:06,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:11:06,624 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:11:06,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:11:06,625 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:11:06,625 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:11:06,626 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://vendor.theoryandprinciple.com/api/login/saml using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:11:06,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:11:06,627 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:11:06,627 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-10-17 06:11:06,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:11:06,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:11:06,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:11:06,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:11:06,632 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: theory_principle_dev
2021-10-17 06:11:06,632 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-10-17 06:11:06,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-10-17 06:11:06,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-10-17 06:11:06,632 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-10-17 06:11:06,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:11:06,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:11:06.643Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:11:06,647 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:11:06,647 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:11:06,647 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:11:06,647 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:11:06,648 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:11:06,648 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:11:06,648 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:11:06,648 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:11:06,648 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:11:06,648 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-10-17 06:11:06,810 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'theory_principle_dev'
2021-10-17 06:11:06,810 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:11:06,810 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:13:30,199 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:13:30,199 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:13:30,199 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://auth.example.com/saml/metadata/idp, acsURL=null, relayState=null, time=2021-10-17T06:13:30.199Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_207a4e73-0f6a-4d8f-8bea-5c8fac4c1099"
    IssueInstant="2021-10-17T06:13:30.199Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://auth.example.com/saml/metadata/idp</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:13:30,199 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:13:30,207 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://auth.example.com/saml/metadata/idp' from origin source
2021-10-17 06:13:30,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:13:30,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 0 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:13:30,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Candidates iteration was empty, nothing to filter via predicates
2021-10-17 06:13:30,207 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://auth.example.com/saml/metadata/idp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:13:30,207 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:13:30,207 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://auth.example.com/saml/metadata/idp
2021-10-17 06:13:30,208 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:117] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://auth.example.com/saml/metadata/idp)
2021-10-17 06:13:30,209 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:13:30,209 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:13:58,394 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:13:58,394 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:13:58,394 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://auth.example.com/saml/metadata/idp, acsURL=null, relayState=null, time=2021-10-17T06:13:58.394Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_796dc98e-c65b-4991-a062-0bd1a8f611c4"
    IssueInstant="2021-10-17T06:13:58.394Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://auth.example.com/saml/metadata/idp</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:13:58,394 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:13:58,403 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://auth.example.com/saml/metadata/idp' from origin source
2021-10-17 06:13:58,403 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:13:58,403 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 0 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:13:58,403 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Candidates iteration was empty, nothing to filter via predicates
2021-10-17 06:13:58,403 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://auth.example.com/saml/metadata/idp in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:13:58,403 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:13:58,403 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://auth.example.com/saml/metadata/idp
2021-10-17 06:13:58,407 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://auth.example.com/saml/metadata/idp)
2021-10-17 06:13:58,408 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:13:58,408 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:32:10,843 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:32:10,843 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04" IsPassive="false"
            IssueInstant="2021-10-17T06:32:10.148Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>B8tsrh5mIq59/WJ3C5x+Zu5oLl8=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>NdlGf52y8618SOY+t4FTaorDTVPbaOaYsvJuyldiLo3GsNXtFx/1dwsKPq+jetZjIit2YHhn3So9cO2C8gulcgvrawKKtsO2Crtd3BmvLZugsgBsxSxKVYHSST+IW2Eei8fLZDSBMmDQITG8V29oEV4mNqwGTztRADcqrKYHRw22ee3r0cf1ZcXFUkTEOQd63T/QN5sy3ln/UTq/urSzmxZLGs7ufmDR4p9XEcyhQgHE5SQElfN9WqMkDrH5eayK6gSNIQn01oFPjxIVECdo6SpweXCXAvm71TcB5XMsFdLqM2jW3OPC3snFXKJos4UjRspNz+pW97FQbUCn/k5rpEOp+ZeafiYl0YF5LcqdeQQfIzO5of2dYVDvHmvQP6WIggQsxfe2nDataK5FX1ppUu6/afkQ7OYc8yEpXvmrDUB+LQ3xUX4WjYBIjq4maTxpeZftdKq/4JZf3vtRyJG2CT/fH5VmDjfx3HXgUUTr3wVS0hAFjiNrUf79cTxR6ZtpB7r9Orqn9s3mb/Htpeck4sR6ckvKHotiWuPULz9QWoXtkA15P4kMHC9EslqLMFSF8Rrzwaj2A88AA4TZQKKQn2JxLe4USX0dPeYxObjfbAm7129tclZFKsXpF9qFrVX5Tr3P38cP/7fFrrJ07DjsuqWtfzK4KaQzVyGiTgUXxtc=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:32:10,850 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-nl.otc.t-systems.com' from origin source
2021-10-17 06:32:10,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:32:10,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:32:10,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:32:10,850 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:32:10,850 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:32:10,850 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:32:10,850 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:32:10,850 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2021-10-17 06:32:10,851 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:32:10,851 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04', issue instant '2021-10-17T06:32:10.148Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-nl.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-nl.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:32:10,852 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04"
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _g7dj9fap5dgavsimpi08lhg9in9ilg06hj04 and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04"
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _g7dj9fap5dgavsimpi08lhg9in9ilg06hj04 and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04"
2021-10-17 06:32:10,853 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:32:10,853 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:32:10,853 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-nl.otc.t-systems.com
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:32:10,854 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:32:10,854 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:32:10,855 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:32:10,855 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:32:10,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:32:10,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:32:10,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:32:10,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:32:10,856 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2021-10-17 06:32:10,856 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:32:10,856 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:32:10,856 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:32:10,856 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:32:10,862 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:32:10,862 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:32:10,862 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:32:10,863 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:32:10.863Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:32:10,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:32:10,863 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:32:10,863 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:32:10,864 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@787645689::identifier=rick, context=org.apache.velocity.VelocityContext@5137b6b3]
2021-10-17 06:32:10,866 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@787645689::identifier=rick, context=org.apache.velocity.VelocityContext@5137b6b3]
2021-10-17 06:32:10,866 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:32:10,866 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:32:10,866 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:32:10,866 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:32:10,867 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:32:10,867 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:32:10,867 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:32:10,867 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ab618c7b3397db15f71546e44ad81d23e37157ca08066879728d3ba4a98ca009 for principal rick
2021-10-17 06:32:10,867 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session ab618c7b3397db15f71546e44ad81d23e37157ca08066879728d3ba4a98ca009
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:32:10,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:32:10,869 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:32:10,870 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:32:10,871 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:32:10,871 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _ad2ef22edc1b895cb6c43b825619132b
2021-10-17 06:32:10,871 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _ad2ef22edc1b895cb6c43b825619132b to Response _ee0ee8b71bec13e29f763d920c9d8d04
2021-10-17 06:32:10,871 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _ad2ef22edc1b895cb6c43b825619132b
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:32:10,873 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxxLxW/Ph2LZ8Jp+mU6WvFvRVeur6x9X3/BNR60AfgXgo3zznahZmzTynt6i0SZOalaUVn6enraT9Qtyu1k9u+hHvPQ/aJplqnKSu7o1nhpHATyiGw+g3NJY8Ao+yGp63eo/OOWsuH with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _g7dj9fap5dgavsimpi08lhg9in9ilg06hj04
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _ad2ef22edc1b895cb6c43b825619132b
2021-10-17 06:32:10,874 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _ad2ef22edc1b895cb6c43b825619132b did not already contain Conditions, one was added
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:37:10.869Z, to Assertion _ad2ef22edc1b895cb6c43b825619132b
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _ad2ef22edc1b895cb6c43b825619132b already contained Conditions, nothing was done
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _ad2ef22edc1b895cb6c43b825619132b already contained Conditions, nothing was done
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:32:10,875 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _ad2ef22edc1b895cb6c43b825619132b
2021-10-17 06:32:10,876 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _ad2ef22edc1b895cb6c43b825619132b did not already contain Advice, one was added
2021-10-17 06:32:10,877 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session ab618c7b3397db15f71546e44ad81d23e37157ca08066879728d3ba4a98ca009
2021-10-17 06:32:10,877 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session ab618c7b3397db15f71546e44ad81d23e37157ca08066879728d3ba4a98ca009
2021-10-17 06:32:10,877 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:32:10,877 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQxxLxW/Ph2LZ8Jp+mU6WvFvRVeur6x9X3/BNR60AfgXgo3zznahZmzTynt6i0SZOalaUVn6enraT9Qtyu1k9u+hHvPQ/aJplqnKSu7o1nhpHATyiGw+g3NJY8Ao+yGp63eo/OOWsuH
2021-10-17 06:32:10,878 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:32:10,878 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:32:10,879 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ad2ef22edc1b895cb6c43b825619132b"
2021-10-17 06:32:10,879 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ad2ef22edc1b895cb6c43b825619132b and Element was [saml2:Assertion: null]
2021-10-17 06:32:10,879 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ad2ef22edc1b895cb6c43b825619132b"
2021-10-17 06:32:10,879 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ad2ef22edc1b895cb6c43b825619132b and Element was [saml2:Assertion: null]
2021-10-17 06:32:10,884 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_ee0ee8b71bec13e29f763d920c9d8d04"
    InResponseTo="_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04"
    IssueInstant="2021-10-17T06:32:10.869Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_ad2ef22edc1b895cb6c43b825619132b"
        IssueInstant="2021-10-17T06:32:10.869Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_ad2ef22edc1b895cb6c43b825619132b">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ei5hxsa8Qe74OilM8YF84H2m51v/+u9CRTA0KC5jbkw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>K/fH1qid6MQROqkAHgtgrVbO7DhQ9XDBP8UompucYf2tq+Ky3DfcV24gVN/x9zRFzWJKlLrSfG7XDHp0N2pbUGOHNbzrW6iSIyeLTaq4y0mk4p8XqC7QrkKh/xzisMAgsw+59qiK6AWIEJn96REulkM1PTm721HOqZsvcypJY1Kd133AGwUFs3ODJy7xboANHtmL70qJsrLRfJHZM8yStw1+AeRqY+CB9Q8iFwWzlME4BHk/0E7/LiPbyyjcPGcI9KGL/M3GmyrCZzuu+hzMkGCwodKsheMIdCVFzfZktit+ZG5e1bczql/0X7Xan/Om6rh2jALxlLF7ORd6q55iGw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxxLxW/Ph2LZ8Jp+mU6WvFvRVeur6x9X3/BNR60AfgXgo3zznahZmzTynt6i0SZOalaUVn6enraT9Qtyu1k9u+hHvPQ/aJplqnKSu7o1nhpHATyiGw+g3NJY8Ao+yGp63eo/OOWsuH</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04"
                    NotOnOrAfter="2021-10-17T06:37:10.874Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:32:10.869Z" NotOnOrAfter="2021-10-17T06:37:10.869Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">pQbPBq39LD9ExXYKWdz9ucVNlJ0LWVPRsVpJfA62eyY=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:32:10.866Z" SessionIndex="_f0715386feb02132980a5da5571e84bd">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:32:10,886 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:32:10,886 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:32:10,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ee0ee8b71bec13e29f763d920c9d8d04"
2021-10-17 06:32:10,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ee0ee8b71bec13e29f763d920c9d8d04 and Element was [saml2p:Response: null]
2021-10-17 06:32:10,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ee0ee8b71bec13e29f763d920c9d8d04"
2021-10-17 06:32:10,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ee0ee8b71bec13e29f763d920c9d8d04 and Element was [saml2p:Response: null]
2021-10-17 06:32:10,891 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:32:10,892 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">pQbPBq39LD9ExXYKWdz9ucVNlJ0LWVPRsVpJfA62eyY=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_ee0ee8b71bec13e29f763d920c9d8d04"
            InResponseTo="_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04"
            IssueInstant="2021-10-17T06:32:10.869Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_ee0ee8b71bec13e29f763d920c9d8d04">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>kS5JogRGmyRrcxD2JGuXsJjfJRDSbkZYxfoSAs+ScZA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>AB031iXspf0fE2vqq5vlncICJ1cikFTrMgB//c4y00qomrd9FlyNOolcHJXHhgWejVIFQrGtrKX8zN6eDHxJStDYpb2SOpoPKaeXNP+qsnyVTFLlcWgVYeKWkEFshUAjIh/Wu07dbh+wWt7VjCIeaHfjXuqYoJRIbQIY5pjLLMMrQuLoaug/3HLCWWCL1tumAPx5pCa+chG7wnD4s7ZPKyejGwzBLLyXA6UqF93SNaMLQ/OuDYd+QNGgmyT8uQxFcRVlo10T7F0eJE6l5WB7tdvfdu5WMrVHNIm+yl7K+J/bJA9M8n6nl6rl6DanO0y1sUk5v9Oywxe5cd1d8TtYJw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_c0189fc9baa45600ca4cece03758ba6a"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_ff2583ca7bb5671d3113ea34f35d617b"
                            Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>en6llUw90g0D3b38ZpcNquL+pYmXP6Sp6pyH0XqiJwxY8j8aibBSbTH/6cg69e7MSCj3kzwd0pNATgPnFxt249B+spREKy2NXs8qVB74d+n5EC1a9wBhvZUuCriq/FLHlqxqW+5dm+9nmDDOhTB7AO49puIE0LE/0+rRCCA+ue2CCdLjeJ5f7oqTBdnrnvBqBUJcGLZKVGuR2+kmaP6qeDDlS8RnDc/6m7YSxSiqvkFJw1oy8i2qR5GQkXEbeoAdMBXsDuUuSYEoFRIezYSmjDkAfo7ZbyqlnqB3T+vW9pgMocTyNwKGiAQqtiX1k1nWhBwuAKB98P5g7DZYm0mcGsaPw4P/Tdoh49Haug3vaV2fJr7h7M68iNB24AQQUvAdPrjkV+04Ev+XJt76jnsaMBYkHBfFyxlYbdubbRLvHlnoaIFuI4MXRlRiJf6GzaFCwdCExFJrL22FQ52uTiGbq7w86Yzz3GivP3aUgUFRq2+LfeXZ+o49huye4iVDjUypg1DUIEkUFtEOrMTCcXUt5PmFLYHVMEY79GUhy6c99uxvKc7MVZzwODb/+jhVdlqMv+vcr5ldv5sWTZ7k5i72ARziqBPzbSqvnkn6qSlxdkDx8U3kwLxM+yH5UD7oTeO91jeQ+snLwR61XP5piyd8ZGcCUO/e/2urR7X3zxQ3gOw=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>AhL6k//vtrT8BNRDLzOeJz7szY63u53Fr526RAy+gApJ7hvnYJkLzC0uCvas37YiXYqbQRoBlfZWMxnkUrA5pB3KtEwkKOhZn69R0GOCXa+7ZGKK2d4yDq81tu6D/qvaw1S9t5fCKoAhkNvstaXrEUMkJhAWYunmXnbxqHExXSxrM3phVeWRybyLCaedp9+JJIFT3izllXLwWh8+nIhhDDjLMRJw3uve6GCGPODndoYOIFzpvYE8m04Owc/h5J301D/1bNiMmDtxpdKDssXjJ6YkgZuTHv/k+bLNB5UU5JKmMdw4HxBaDt58GGwUubQlgT5rKJSlEWHFUu1k4OlHfH1PpDisw/tMHuJUDjhzGUBeBijfJH3vBWdMPyo6lx3rrGUHOWQd4e1GtBXsbqmrea97L+edEU2V22d0lpsNkuPVh9qzUN4XELkyIF1K/q2VsznX/r2mpdVk/PPhmHXJ/4qw04nLp3ApuKVxoWBo/gibK/lEf+Z5BLzSRz4WzPKFElXrfDBSVLYya1/XFUxoqWq4BqkTnO4MI40TyLgYv46c6iJjezzu3i0SrI0N6S+dw1iJfQanBCYQhcsuqL74cCm4ChfOKlcdDEi0M94bPxjKyMcg1OeGQp7JtI2ZGUv+mPxEAinYCIEXZ/dycksIay9FyL/ZDEprOk1SHIAWgowjFNtTGzpvh7qe6uw6CNF62Rx9gl33FvNarMrMnpq6X+Xzy3I3RKKjDPUhGLm3DlSOQ9CmydDVbWmmN76SUz6p+az/DoaVj3/1Lp480vdlAYH80J9BBwoWhVXO/EP6cFCR2UCJbBthcVF8si1+dbEaWbIdrrkSHjRfgKLuoouv54AFqXOZFMYT547goKNfHr9i6/Coh504NWHYkZqMbjdJHVnukoSnzlC4cN3o8UxUZdGQHpuwUj3j86JOrhZJsz5dXInc8qxfuOUaJzyZ1o7d8+3RhoEdtHXrB4qmOujMAAyGjGX2G4zljIxr8bYlwtvPjzM0EBn7Sui/m8ftUYBZLVxapbFeJcgV3X7CNQbLdcG6nE/mpNR4TQECYQj3zqbZszaL5otBK+lkspREezKuyV2LO8l8SoL3YactLqUYLvpyoctvCbyCOcxixEs1eMTvAP5igo2FrrsEn4Huao2ljq7KrHXZtnOrErohpxRNNEVsBKoqL9/YbRBX564qZl7eevULP0lRzBBzsoYuejn2+pGdgPSSnIgRif+Vqna2ANpuD7lJcUcyZXoVQs4B8J/7TXt3kDFwF7xJAlMSWXwDetYrHA5qDPoCCeWVmHw/e2bNjlSWiPUQaeYKZfdSGmv3y3prAt8GS+4YM21BsjcTWpO9T71/CRdNjZP7qaWUiUI/O9rnW2c66RjMtl3ZfjJYi5KrqPglmHJ/oZEFsWE8eBPCVa3cRgU5jZelZ+ngTxG0S6N+/KG+sDFIH4zHlgQeulS5jPF2/xbNo2irP74aBWp7pMpFXx18RMpj3M0BA90GdahqbheE9noI+C2W/0TJbxDTLH2mANk67OX7+l8K0DHbc1qWA1uWtrm0xn1RIX9Din6zQ7GX8pQk8Qhkl/DwcGR7AhzIYjFiZgYO4f+en0DHNygqQ/hQX6JhSaggKjvnGoaFoiJPLi6iJ21uusg2a8VIhl5YuWSOdC/bAZGMY5/RLkmLCt5nLkkF9rUecc1gDq2qzZgnwTyNnfBnptgvSV39klbVpO8+AO/SUBWxtPkHh/tRqaHd/ynmyqJ6UvH4mYPGRwYPg3SxuMLNbwMk9CEEWO3p89nKj2I1zaevKp4XdWsF+zArKe+qNGM+9dHpESuYLlUv7Tl3hoNOJvHsTmtjNJnqAHVRDfBdN6rs03pjO553DmoyUVmtCer4Ogq+2Apo4+SIK3SSSu/pHosf3SFxoUk9zFZlhETUjLhEv6tjpPCKs/BOFMD3fjGNfxB309+1SBAsK1R4xt45mFd4TdD9IBrX80+/Tadsx+bwpUJtOkC0Uj5WTPL75zWDiFSVhrNPjsL1WUyfndM3rDHIhtXAoCsiBUIUZ5ilGgsTtilpCW4rbdoLYNwawUc1y0Xm/5ysDQWyqBRLpmhmN60O2G9Txj4BHWOB9nQXF2zHiGMN+40jSr3hZ3mbn7MOqwEjwm8qx6AyKhPl33kn8KVKNZUZ67AH2K/tcpw+By5dwQok4jkhrV4Pn418Jpn1jj+tfckbB2xGTUCwz5QvbwC1Vt1QN7Lk/oJ5j5LesVCf4lM8XBzwhztQm5WPl9f09v10/2FWpYiewWFrkBNJW3iOeRinebjFyGJ/BsWRlWdMC8qfGRL1iQtT1c5XfPxOWRTF1J4avEGuLeLkivV+t5fpzhn7v90xcc9BASOFZqj9GxmUiRDfdhUEhkhzBek7dIPNK2HGzxSS4rRMCnjtaAV9/1GsI+n8Vf9u2k8v0ZfAZk6DGZ7yz5BD5Cu8ehketMS/ISDJUNPC8QcLhqqtwAXf4e26OMd4uo/0nsGhb9T2jd7LwHdsZApaek6W2n11zQ4GGdaovTS1nsGgLYYyU3+f50IAYazdbzAmKN3pEpziF0w4m5ebAQ10Aj6U5VcM+1DkX/PGLgM+zuJf2D90wuD2GRSdzqlFhqVTEswQnYte1NmRk95NBr0BFicOv5p6aj90ct/uXEywWD39DL+iRT9cAoTnYN2/wy1TqHl2lR0d9YkN0gS7TsxYzZuZDK9nz+ZotOsj+K7PxKVt6dKGegBHN6HDVYLXYYnikaJ1LVcrnUKtRBnn9/xRfxgtsC//bBvvEEKF954XsV8R35NiQDWaSaDP+gXgRe9hHuZIggQSfvZb3WMAWI/xEJqdlj6jC1Cd43wQG5Dnevun9OFHTplQqdXa6iC38bkUrFWrZiVLIdQJe/VzEdDJvLZPScH2zNWIo+mi7Z6oowAuVFgc3mn+1S7aZWX8av0v3pDq83omY/tnL+Sj/iD9DidEiPyRw6f9hWZswbx1LYia5HI9NCrFxAq0ypi669ig8h4RVo896ltGNRMebI8w4ffEOYfsvfMxL1wJcsXYQ0SBnjZ1BdNgYAIjuy1ykvxTtnL7UDsSrRmykL3sdk+cm7j3L7dnQbwHLwGmERlulylOnxeD4fqLVDEBhT5w2649PT8PQPDgQisB+vhNNMsF95BsWR291DRSmUzKUwdnV3oydqItMgcUdS6bMw+f+7tF0Z8vgSJINrg1h9xRuIkDeVkvZxiZMpCBDosS5pSVT7cKL9wtkEL2pGxn0/7478/ppnBSJ9OjDFBcbruQzmDViSvGKLku2O7BeSryre6cg5nsrIqOk/mhfCsQdWl7PWklz8DpNqxTmJmV0H0JjcBWN+Fj46yMgHtAMH+DhxqLgUKSMoVHySawEybO2LrPNUDlpj23pIaDi+JFcDHUHAUBFOlaIl7fwhsxNnMxaltCFtDhmDbbvkHCAlDi+vIejAv+lqQu1dDL6khVNZjEMDot8syPgo97QCZJELNt0mvtkgMoCKOYlf1STEPSUFNjs6AKkXFM+cQOer7uTlr77bOcwdIZFlM+qLSUTS/Qq+o1SxlDnvMeJdAzUBOxYmMFiPGZa0EtOLsliUBee2DAxz3rMAPEWvdVFuptZ1/vKc0sBkDjHBcgdlfTxJZCni3SCvTp0jZEUCAnmLu0yYU/XMF0NTERH4CUya79rIDhEXfeBRTl209Cd/jJpqtJnsEQOhUH0BKgHOe9zFmr0/03UfE4k5qks5eOuGY2kr4qidhOQ7j4e0RJxXNbhLGP/RGtq1Pk/xGtP1zbOfDN0Efx6L7Qi2aGccAPcdYSsow2xh3ay67CnmJy6bsptn+2OwraKR8yO2nPGvrAo8yt9dBKdbaFPxzWM614uVvMyH24aKJEzotdgfwDD+wH0gjlFhsQUmuPipXgu3pkpvq/y+Hfv1/jEw8FfvXN3E7y/J2NR/ejIte7M9odiR68yA5VhRuGwSWx2ifHL7QC5b9LnMp8guTueTq80wgfxypFaO3aJs6onEYIYxdWpPFuP+rXQoLfe/VlWsYKtvtq1gN6F3SAu9VHxyg+dbem6luA4q44/RS2JIcOk9r5ntaY/nHgVaFGUya17P+g3eKFeCcRdlfMLSZBjYgmxUOzO1bEfA3NcgY8AFSK4cLe2qXBg4vioXmG/C0LYe37NwOBr8xhVgL41mMSc6Mq4tbZS05vIVu2JEwnZS5nVKFKT5dV0GTHwDYBFNtzU5N3NcO6O4qWPgRW0ykO1U9AQMeH16fVrk8+z7kBzBvUHQjEH9Snel3yq/Ui9jN/0HDkHiKGEgCKYeWVvY3hCcSZLlP9JDY4lqgLdIEe/1vJ1zzALPhpeUGPLAn/3yO4wREfUVNYRKE3wshrjYFEFb3zmA1ORCnvkSZQW6zv401EFT5eBAaWAAXRiMUrtdmezm+iinp0qgaACLD6i7jabNi+l6Ikerrf8qSM1rKPk+GksXrydSGeYNooPmJuy/AMTt7S4wgFqdvRMskD6JRMU+JKgmnmPVVdO8FtK6HqcMzXyUF+cy6R9fenB4B4kwMYckUY5owljN8Dx9/JkvG+xa80j44YJMXInMhGdh7B1UO09DYHbyZ1hxMOdHXvECKYdktJZaSkkFNfgfrLIu6WJbdWjy8m4XLZBzEC2z0/aJWvrXo1oOXQQWoMd+BCkDdI13YpKWPmfuHyGhmWw5VDykzlm6ERGI7GaaacWmBMiBqewBUALi/kbno5MIdhKG30bAweOVPNGQ9cv14P5QIjf8qgW6Z0wDKejYnqM/GDQoKLgdyrZvfygZYyy8uedzpuUfNzRS49qfVSMyvCODXLS+Cq1vJX1EDprWBTiyM2KqtdnaZ5Fdk1zXvsxw1kQF+6qdRtOfJ0SWOAyN/9KQqis98nrlhWKUvbbQp59Zx9IcpJGBjWfac3fUfANnX46eUWqZmosgPojPVOmhdTMJDJj1wdGgiTWqKx4XOyDQ33K04IF8GCscmGsvFUUwOiRuEOQ68/kb2PXqle2R/osqg5QXCpaobsChX2+9m1DfA3QiteOsxlh8jMklb1TVnUEo6XLKiaXQvcQ54Szn7Rb1i/Zw3FX9GpdL7XaXY73vedW1KXU0afGcUTRG8Qe9EGjBH3govYOo8+qyuWhID0oE+cg+fsu3Nw4UvmQA2i4XblmY8qBTCWrco+PE6HKMr1ycQKBWPG6dR5LFrr6gWc7hq7rQVTUIlyB26/wfwADra89pOCGO4oq3Mm4pqcHejqdoRiVNSohEIWFjMWssZk6eYzjdgWqbHYADJnJslYh1g1f2QDBUFBdDG3ZhxyXCa2EQc/eIay905R9Mc8BAn+68vUc5WTOKKGGLa5kkhVtUtbvzp50xkVglTBcSWeEjFMKPn5m+Y2/d3nJkwtRFTg8CMLmuHXZgnK5nrJ/KgtYQb7qTUJ5dCUwrFejZ8U2KLxC3U6hNyXmfwCijkyN78eRG6YGO0Q43Ox4G6K5I6LvVi3Q6Js45QIiVbc5/YJ/q4FWIqNW9r4uwk4J5qXbYbwjKerUUnximTDI08GuskV7BHZcs8w/JZLWKBdzAbknIJv6kwOVuyWuS7fMBylSjzX3uw1GtPaRv9Q2R3LfOsdrw7oF1wHJzbIi3sHqSXmqZ6wrZurlpEeYMssgSvZjVOTPYxYn/+InGtXuHDlsmINx3BpvvntKL33qGKgc1cNyjyw1CBR1zs9nioqsKH3pK0JPs9gpW8nYrpjFAsoDVTm02E9jttrM6f7VqmDjQQLhxC8074qqrXo7tPzkmQ/klBggKLcvgocXGzrb0LtYq2ugsoP732LGkf+86xxLGXvr785Q43VC4GxvV6gcbZbMPLYu5pluU7UeMT9IwCjTuptohUsnEJgY4htbOb0slHnw/eaFzuDS/US5sVeHXgKJHJ59EU1YXHeuj/B8C6av7X11q27DwclR7kyfP2ojhdhsPAAP7Qo+DQ9TrK0AZ9O8j8PXOxr1gDlZNAgR4d3ycmuoVkMVj0XgcBDMDVan3f6gF9jZbLA0akRSyjV0wTHGUlzacXpKYGT5IBDjkUgOC1on0d+rrglygeZFaOwo1nyLiXghBA1HrqxeBWIGBkZce4ic5KWGM+xC2Cjkq5s+VANd7voOe54uHUhEzz8ce2iQIg9AitR+PdZHNEk9EY+qsTj5e3A98TSbwtaaaWzZ9CHitROH8jChk0B9kUireN9zzgzkq8KnZ/T1agk9AlowWiJl9AlaRoHDnmrtkn52OdY+ilpNnlgC6lyvnHy2TP92ABmap7h7U0pDz/BL+y8i0BDmz5TK2I9ebPBFk8jYK3NEirzNWlYJ+yJdAYeSi/dsq6voihr8sv+jyI53MWah1usVg2lifx92h2yUi0yoZwwXn7XBV4lhODMpuPrM7wNTquN1dcj0x18ZhdHzHR40hkxmDdtSntwJ3UVnLR95Zwg2KsLMMMJ3Is07bJHlh/UogjvlxTiRCzA/hVKXczo9Gmy9KjdxwWXNuj/RhhJDwWbcwxcqo3p53/j8bxp72pcWbR16BU8YSotyazdpYhGzP6XXRvGEwnfIKZsGYKOE1y+/JtEqP6tAg+fV5J+Y1tb+cbhJcZ7e5ZdJtiTmq1rBYB6Mkz9h9k5VZOtCghVAusaTQ+GZ9zopYdV7i+iptCJ/jjtJgopbu/8O1OqNhUCCZmUioUS4JAeC/uL8tSbRGOye6YBdr1KjMESKOXFjyylZpXd5E1YtmMXEbIzG+iO2st7OEsnDIHzNqwt/HMVEYTp3uULBABLGdRl9ld3WaYZFzYrGqai0LQW+3uXMTvQ2ZoS0RUD6z9DQgBEHw0//bZaMEQPotpT12enTMECpFNVpjq+HfIxlH+I157rYjbmdV0gh0lCvTUYQXVZD+5IyPe3au6e0yDbXlubxzqTRekqxHdvrVjXUpQi+7GELECvDnkmQ5nZeTw+38w0sTIFFSe2glT/1+N14kkD/uMLZDYNfJke+X/OWorq0aQU56RZCj/80kAkwZwdtbU1eeCUdbeoN0XX1axAcKrQ7GNPZovxZq0ra7GB51eM5zUDHap4y8W9P3rWRjSP2Oqj0RuhOik+Y0TGG6RBv30hcjeePaivhOGF78qr7u5HtDod/e+dQtED7Y7WGr/WZCvGkfRrrXRt50evaB3COvudIR++s1ni1DMBv2+Ngdo6h4s8rE1yaEJMI2Irs6wZR8nrv3/uZkb0+7JNRdlvZ/0wYk1DPYhrzHS22RxWfbyywX2uKO2eIgt4F8bZeXiJ7GpEnFDMDtwdvc7f6VDftAVxTR25zO1ZmbmdMIEsVQCIn9ptYcq8k6ccT7ns6ba7Vjpad9NzjTqFiUhIxo+lgzSwH6yKbmICoc8qP0CQRbuE1jDFxPPDnzSEkQuYY8eDpJ169xJCxGb2rT/IdOrZw5vvGK+Az6oV3lwMHCyyN2HyaOW+GwkoWk8ct2WlWY6mYu7F5ndfq3etnfc07W6PdlPWsd50jgVfFNaa4gBQ69g1phjh1z0g6hJ+ik5WdJMU0iGL/rABsJxgQ52kuXKibfnsjODs8rjzOJXrZPFBa1qxl51MJSo2SVtX9irc0FoxJEYB/MhwRJRmGUYx23MZY9upggBxw1F9dTQBMnMpr5Rm2JIS4ymZZCDcNxY7F3kJhT99TepWj8v64ou4hPM/h+PDqhDWysv/5AbV14wF9JsQIK7eJ23/YVlA1tvqK/cToxdoArBsxh9hRUK2XH2vXnpHa6YT+ds81Q8DA/GtxEEiopyPmO8kgf1eod/k7Wy+0jIY1lYR1ryYpQmYavYI8cLu5uHo8Kogl91yzmQSFJ3i9hcSafYUv78223bLoxKLwVICf6+yMi/mQiSuz8rRhryNZ3aiMiKa5L5jgaPYHN9TfyOor4V09rQ7PYpEMVg5GJuPQhqMgCHhmVbohdIhUs+F5+xOTAImJ8NWY2T9RtkAlwjBvbQl4dSmWtmc4rKeUcRwBy5dzfEp9YBWsjtHhp4VuAKcjk5v8ehCOlLXW8Pz2miBreKfjsp73WoMazSRIEa6kgOddZKgVNFWm1EsZv3aCO/ki7VLwSTkMzaLAnKeNYeKa+zRbGTx8HnIUmGTs7vUlZHPw5OWXhwuzbILUVu+8z+/xQkdBA/8OkTMdGc9ZHxO2UYppLAMqur/wgtrX8zuoxBJ/Ikt8e9m8WPFS8KQNO91kLDNRb4vYPNgs7qUzGzOTtF7eaVgy6XMSBlKsTrdSytfbOFlJERuLmVLXQBO6aUILYYIKDpRLM5Sv98vLLO2/01+dbEN6Hv3ksZVTrvEHf2peewTtI9jVj4p5MZgBtve3tduTp1liKW4Tgf4o7v8k15saefH8WHYpjdRSu9NX6m6igl9bF1uVt61jnXq1tzNiUUhrHLtuYP73OU2Tx6iwU62b76NZTpyuDV3O04ZrWZbRE6JC9xFzNiKH1oSe7na6lwIpsODhNKXl7A0B6y+2DlKJQHgnBECEqiRQxFr4RHM6Dgkh1IFtx02NqroupF+lyhcrDPqVZ1vNDg+li/fdC8RX5tR+uxiW4sOwEmmUYtWcDIWMdl9KbDRlqjY5i4=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:32:10,893 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:32:10,905 - INFO [Shibboleth-Audit.SSO:?] - 20211017T063210Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_g7dj9fap5dgavsimpi08lhg9in9ilg06hj04|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_ee0ee8b71bec13e29f763d920c9d8d04|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxxLxW/Ph2LZ8Jp+mU6WvFvRVeur6x9X3/BNR60AfgXgo3zznahZmzTynt6i0SZOalaUVn6enraT9Qtyu1k9u+hHvPQ/aJplqnKSu7o1nhpHATyiGw+g3NJY8Ao+yGp63eo/OOWsuH|_ad2ef22edc1b895cb6c43b825619132b|
2021-10-17 06:32:12,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:32:12,900 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:32:12,900 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-nl.otc.t-systems.com, acsURL=null, relayState=null, time=2021-10-17T06:32:12.900Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_38644cb4-bf88-430e-b518-011f50672be6"
    IssueInstant="2021-10-17T06:32:12.900Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-nl.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:32:12,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:32:12,901 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:32:12,901 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:32:12,901 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:32:12,901 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:32:12,901 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:32:12,901 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:32:12,901 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:32:12,901 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-nl.otc.t-systems.com
2021-10-17 06:32:12,902 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:32:12,902 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:32:12,902 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-10-17 06:32:12,902 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_38644cb4-bf88-430e-b518-011f50672be6', issue instant '2021-10-17T06:32:12.900Z', entityID 'https://iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:12,902 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-nl.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:32:12,902 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-10-17 06:32:12,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:32:12,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:32:12,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:32:12,903 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:32:12,903 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:32:12,903 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:32:12,903 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:32:12,903 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:32:12,903 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:32:12,903 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-10-17 06:32:12,904 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:32:12,904 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:32:12,904 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:32:12,904 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:32:12,904 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:32:12,905 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:32:12,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:32:12,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:32:12,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:32:12,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:32:12,905 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-nl.otc.t-systems.com
2021-10-17 06:32:12,905 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:32:12,905 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:32:12,905 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:32:12,905 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:32:12,915 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:32:12,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:32:12.916Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:32:12,917 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:32:12,917 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:32:12,917 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:32:12,917 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:32:12,918 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:32:12,918 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:32:12,918 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:32:12,918 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:32:12,918 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:32:12,918 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-10-17 06:32:13,093 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:13,093 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:32:13,093 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:32:13,441 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-10-17 06:32:13,441 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-10-17 06:32:13,441 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:32:13,441 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1750673832::identifier=rick, context=org.apache.velocity.VelocityContext@19a563fc]
2021-10-17 06:32:13,442 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1750673832::identifier=rick, context=org.apache.velocity.VelocityContext@19a563fc]
2021-10-17 06:32:13,443 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:32:13,443 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:32:13,443 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:32:13,443 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:32:13,444 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:32:13,444 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:32:13,444 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:32:13,444 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 4c3395283a1bd46c77602ed94e928bdd259e67f32b21499e1b985941e6562b19 for principal rick
2021-10-17 06:32:13,444 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:32:13,445 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5d7169a1'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:32:13,446 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:32:13,447 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T063213Z|https://iam.eu-nl.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-10-17 06:32:13,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-10-17 06:32:13,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:13,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:32:13,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-10-17 06:32:13,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-10-17 06:32:13,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:32:13,621 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-10-17 06:32:13,798 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-10-17 06:32:13,798 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-10-17 06:32:13,799 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T063213Z|https://iam.eu-nl.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-nl.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1665988333799}'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-nl.otc.t-systems.com'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-nl.otc.t-systems.com]' as '["rick:https://iam.eu-nl.otc.t-systems.com"]'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5d7169a1'
2021-10-17 06:32:13,799 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:32:13,799 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:32:13,800 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:32:13,800 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-10-17 06:32:13,800 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-10-17 06:32:13,801 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:32:13,801 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a642b12cbdb48b49b9e85579001baaeb
2021-10-17 06:32:13,801 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a642b12cbdb48b49b9e85579001baaeb to Response _09d7cab44536530a6d51dde51e0fcdf1
2021-10-17 06:32:13,801 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a642b12cbdb48b49b9e85579001baaeb
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:32:13,803 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:32:13,804 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-10-17 06:32:13,804 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxSoCGFi3ApMwliI/88T48DsStYtJG3xuQO5b0icIh4xYtOQEEzY93pRNcSQ3XbpfhFN4VFbIwU9Wxz9A95j0cgII36m9zFaZMVTd9paVJjOLUtpp8vd60/jwZKCzsyntgn3VdY44p with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:32:13,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a642b12cbdb48b49b9e85579001baaeb
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a642b12cbdb48b49b9e85579001baaeb did not already contain Conditions, one was added
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:37:13.799Z, to Assertion _a642b12cbdb48b49b9e85579001baaeb
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a642b12cbdb48b49b9e85579001baaeb already contained Conditions, nothing was done
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a642b12cbdb48b49b9e85579001baaeb already contained Conditions, nothing was done
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-nl.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:32:13,805 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a642b12cbdb48b49b9e85579001baaeb
2021-10-17 06:32:13,806 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-nl.otc.t-systems.com to existing session 4c3395283a1bd46c77602ed94e928bdd259e67f32b21499e1b985941e6562b19
2021-10-17 06:32:13,806 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-nl.otc.t-systems.com in session 4c3395283a1bd46c77602ed94e928bdd259e67f32b21499e1b985941e6562b19
2021-10-17 06:32:13,806 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:32:13,806 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-nl.otc.t-systems.com and key AAdzZWNyZXQxSoCGFi3ApMwliI/88T48DsStYtJG3xuQO5b0icIh4xYtOQEEzY93pRNcSQ3XbpfhFN4VFbIwU9Wxz9A95j0cgII36m9zFaZMVTd9paVJjOLUtpp8vd60/jwZKCzsyntgn3VdY44p
2021-10-17 06:32:13,806 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:32:13,807 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:32:13,807 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a642b12cbdb48b49b9e85579001baaeb"
2021-10-17 06:32:13,807 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a642b12cbdb48b49b9e85579001baaeb and Element was [saml2:Assertion: null]
2021-10-17 06:32:13,807 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a642b12cbdb48b49b9e85579001baaeb"
2021-10-17 06:32:13,807 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a642b12cbdb48b49b9e85579001baaeb and Element was [saml2:Assertion: null]
2021-10-17 06:32:13,810 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_09d7cab44536530a6d51dde51e0fcdf1"
    IssueInstant="2021-10-17T06:32:13.799Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a642b12cbdb48b49b9e85579001baaeb"
        IssueInstant="2021-10-17T06:32:13.799Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_a642b12cbdb48b49b9e85579001baaeb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>rXgtBEgs4j2ggkXtB7dAtbb+AGVxJkRYr8jstQxqr5g=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>icekuoAleLW/OfOG02sN2hTHlbe2qH3U1hbliViuP9l0Lc7hP+mVYfYbcnzpIB3Q5/YuZH91lwmtfxU9Xml04btHIF7u2qpLCjm6VjQ2gLNowNr8lOPjl+sxQ607yIoh4f7Q5+2wgFEOw7HgJ65/HmbV6cIyKxk06xTSumikXtchDkzC2ZJOOihyzMUtqzY+vRaVpm8t0GXMWmFACFyjH+SJZ484RsGGDVJh8JUuBSy8J0EYWeK1jPVD6b25r8y1jgucot4mzJPShcUuJKwpo4ffNC+gvCvUfUs9SxlFiC+bsGra3Sp63vp0tmt7cg5gFVd0LLK4L8H8eMjGK7abkw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-nl.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxSoCGFi3ApMwliI/88T48DsStYtJG3xuQO5b0icIh4xYtOQEEzY93pRNcSQ3XbpfhFN4VFbIwU9Wxz9A95j0cgII36m9zFaZMVTd9paVJjOLUtpp8vd60/jwZKCzsyntgn3VdY44p</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-10-17T06:37:13.804Z" Recipient="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:32:13.799Z" NotOnOrAfter="2021-10-17T06:37:13.799Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-nl.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:32:13.443Z" SessionIndex="_0fb730dec3dc67d873c8b4fbcff969a9">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:32:13,812 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:32:13,812 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:32:13,812 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_09d7cab44536530a6d51dde51e0fcdf1"
2021-10-17 06:32:13,812 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _09d7cab44536530a6d51dde51e0fcdf1 and Element was [saml2p:Response: null]
2021-10-17 06:32:13,812 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_09d7cab44536530a6d51dde51e0fcdf1"
2021-10-17 06:32:13,812 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _09d7cab44536530a6d51dde51e0fcdf1 and Element was [saml2p:Response: null]
2021-10-17 06:32:13,814 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-10-17 06:32:13,814 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-nl.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-10-17 06:32:13,814 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-10-17 06:32:13,817 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-nl.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_09d7cab44536530a6d51dde51e0fcdf1"
    IssueInstant="2021-10-17T06:32:13.799Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_09d7cab44536530a6d51dde51e0fcdf1">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>F4eUQ4rse8GFybvIn0g3USciZJrXBMTXj0fI0s+qsE8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>W64eM1FRRSQuYIvoui6b1pPOplQsrVO9OV6J9NFBq2N0sJE/J8NhnX5yc3a1mKsToe/J+RM2Ez7MbM9hDjKLmL4LnEIum1ZZD+izMdoJXeI0Ov/kivyBVwvJ4uVzNDaku1gIk3PwfZ/SmQx7+jJEv8BnEYz5/PJtN4ruDkOK8m4ymQHRswyhNYN6Enr9FyCn+cRs/sfUjsHQTH5MxDK/dyW1K8lxsdmzukC4kujdf672tdZ1LQFtJ6qa6Rx0GhZvt2ZYIFG/2c3tyez1OMJGpKNXabJH4eQGJW6mqzo1SnFY8ZtFf8KE3WuBfDh3ceiVwCZohJvDJAej4UnY+7EtQQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_d410743b7964f3a37cb20dcd12d007a6"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_c58f2449b19c9622f8969eaaa28c14ba"
                    Recipient="https://iam.eu-nl.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>S9Syw3pX8ojloK9XxVpH0P0dYOg0I9FGrw8AwV+ObrHOELaSPRLLoLKtMk7lUDcrVLN3P3URgP+/uDNS11umHXKa3i9402Rz62vBMsk2rZm743S6osNN+k9eoKQ+HEWL+PMANpTgE9OagjuXzFLe/BQaREWXVmXXdv2kKpmex5ZfJTjU7ctN8J0D8WJi4yZmEt4sruBBYpU3quQzJDrFeefRPIKBYpCRU8M28cBqjkADQ1KBsHk5j4dZKF45g3HXFYRmP2B6Z+QMf2tSOBR2j7ZS0/0tuBxvCZEI+k39CBe7ue7FGTnjwHkHKAPyAbrbPd6a7iicoVYjtp1YE09SDWq5CtG6YMFxiZxpqoimQcqkIZGbHp7AQS8q+K6lbhL83M56eTlnqwUaimEmnM1VZEOVmG/dXYbFQArnEtZydRE8xlPvggRLNiK05GdV8kjeorp10Nz8lOpFbDi/rTTPMwMAY9vtvFvdhDBGkphudtdNclKokKOm3ta1VLL2YdDEbSk+o5D/41WKgOme+DlVLMKD+VJa1/b/AHc6t3+vMU6/0H7o/Pzmn139ZpY7oDHMczQyLLsWiCNbQ1CZb6IbJmes4RcJA2lTiiOy3MJOkbSRRWDB6vUCFqZDp8XJ5FsnjvE34B1m6Lt6GEANHHrq1VjLbcYv40OK6PjDzngtri0=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>PVMjjlpsk6BFPdQ+/3PbdPOaqpXyHKbDpCWbBK9ItEQBNhD+REoujRQqeX11M1VDv1osMZz/kUT9c7mFn7XxSJppK8dgttLUrm/Bjz29JsUArbISnGXzsUxtJtOYFYl/McKneCqMeBxa2FNnw+VRbmUSA5zndYDmMtvZh7xV5mRYq/yWoP6YRt3s64ZOQdbzTIAUvGImO+6nISVh3pnJwnCuCa2apv5N1f10INm5JUY+bwWrqFoWv0wKuB0B5BXIzW7pkmMA+OwYTPl+kodN7zCRFHj6U73mPXnpInXOxIqMHnBlarLwnR6eowzr+nrSO4bViDE781h08IESxj+lL/sLuKJarn2bDIesPKh3avwM5l9BUIiiwtf2cp51FYwRUkzi62KofRkgOmAo1UTcagpD1y82DScNh6Ihpt9qkjr4UMMGSG9z7FahfIucTfKju6PIRJQhpfRs2qDHNoT9I9E6Vm5+vIw4fEwVtyNj5AOnSRSNp+O2tvPvgzkBvjeLYuUdINJXqg5xur+HlEkywRjR5BGof6csV9MT3Jz35Mq+n18C+AexUrF6FJeDBOgCQELAQ19kut5qaEyeWk+0ZH18MmLQqw7zdmimeYGtc7Id/Chi6EcSh7eIfgrKQlH/UmJU+S8F4iKK7nWIs7cvM0fFtusCzbA2p7TgGAP1br5/bQvcTEj+7bZAWvBNqGgVFcQCRFQcs4okr0LMFim9aA+YJHA7/3r1nzkCGbjzbl0FGBIEnm6UHWYPN86z3NLWxW4GtwDceKlTK1mHIznAoBYpft2byFqefc+gJOaxaSfbhmKIEaGH+2slk+NTTVQt8HE+BGfQm1MgDC6Q3l+cb1sqc1Xn6y2i68Wy+sJWWlFY79hm8whVGbKIkzHj+RCeJrFZxUdZZq7G7fKKot2z5Q0lomxWNuGv+u2B++GibA6RyzxuZt9oWPWbw5TLMgTpWNp5PMhiVqMcaK+cmo/4a5Hdg0xkJrPZVxAEJQGKggnbF0bUbr0M+QR+gtoYspgu9pLYGaP3UIJUZJf+R3+qjDHoKrbrcg9bhQyHy1S2zJOYrOr4ueGsy1nlc6VG+4ODz/FbaKcwpvLdG5vkcLe5s5t3bGTvldsfaiC+coerjxtXzEPc7+FLPIaZIemcRDThUjyiB7O+IxnLU/qGkmeJ7QeT54TTdJTEcrcjWrdWRsB3KHR8HzsOyLbwyfRQu9EJsPGYUAVwyPPjh5l9AcdGBm7uWfERq6w5gL0JIcAJ7UZI1qGfBOD9vDsQrO+USQcIL5kTZnTFBfnjaCOBgKArRiogmFjFZLwrM2vROAm6i60g1F103LPak0qkOiatFsaNnBL00hVQWRbVVNBG65vQX8pYR9FXwkf9agnMsuiORbKI6ZPyO9MxxH+dbj1N6qkN5jaN9p+fgsl3bGqq4PyoQFiGdpxo59654Vgw0ludIsV2UPNnxOtLbOpQJTw5LninZ0tK2k5t+7DkfhIw8nx9xkhf7155sNoFEjvUpNctDcyQpuZjorMOdmkBNoNvNnZxq/Mgst2zjekRLnt0UjLAzSMVkyjRw+n6sJ0uaUVZtCx5A+2MxtQay05x60OtLbxA+4ELbEU0/T6B1A2loDIVEPYNs3OWihLK4gaEAuGyFBk6k17hZtpTK542W7x6I+GEWGzeJPBYoqJ2nJf8Mjg6M4p6CBrE+//Ctay1NO78hbFM+7sIcz0M+U2hbzidO4RwVQjM/uWA6Nz88hVKx8kUeQi66nzTaFsmPrjwa4u8gq3c8WEit2PUD9caOYub8WI9Dig5H3MxuzaN7xFiEME0E9ZG6thAsPoTcuYXUvkFwxZTKdf0MUi4DJDiaU3ZfLz6mgpzAIkNfMTPh3+0f8CSCs4BqkB/IumNrzX2i+EE/Ao8BGRlWojHupenWFRAG+7a6+ijjDjtifcyv1dUa4Ix8BvtCu/47Vpvdy+aZhZW8BDbWT0Kk0iK7SEVATX+1oer5e/vkp8y+9TQiIIkWjvZ1Mq8C7YJl2D7NL9QQs/j9wbmPq9+vEcEL3gF2mOC/e+XuzygbQWNnSYVkauxREQP/pViuONiYg/4mbVA5wD0SD55jQ+qQHAy0DEBYzOvDjdJ+MPbJMGdKsl8xiOkv0z8kvRBuRv7vtqaMjxsrGlH9Yb2ktgSJvalBZdq0/Z6TJQ8I7NX2N/Jiho4z7ufTnUQ1g68mdUNCm5QP9jperNmkKNDS+14MN0D9V3rGPEIR0DsLlnoryZ9Acqphn/e5Lsrri3gEDa0WDTDLR2IhyXVUue/YmV8gfP0EASZPFDtsNa+O4M86TAsCwZ0hEqKhTVB9LB7PuA7mTYZbXsTF6tYU631iWBbwH3nbNwlSzDxT0MYqBVEPU5b7uwJbIHxtsX6Af0HuhWATX+ylR1jjKf6/ExEjGgsxbMz0PLtDc3MiL+Ydf+HVwN7CLgXGTkwVtdigIPXzm2lkSLuBLnikqaKPymFkLcVc9KRjjDZcrFgja6NMjxUOCUK8dkCO8M5jDHrefDNVHmRXMtlKvh/AYOj0TTr5eGFqMRTygYkTunw/Xw5dWZdyrsLVE986zxoFJ0GzpbX6esEQI3khr6IxAb6ubJnXHiEaE/eM33gtCqQ5ooRuyLAelQguI85aSWKSNzvIaVxvOAiDgPKFq6a1ZzdQlcQ0dz1MMpYg1OJALPQ7XG1GYFgsYL04NE1OQa2wfV16+/YRqvg/l5fvJ9dgcN7B8IPQ/FmdNKTeW+cxM/XymGPnBxZfp7jOPmzGFdOZLNFwnP4vwGcJViOLIhAxWNTYwcRB9p4H4WIYla7kHqwh0aqNs/8efTWm314GqOwxKLHMHOBqukpz/65cd5Ud3JezbCzjusRUwGyor1w4VJkjkLVYxgl3C+/8TTgQbAK+QrLEZr3dsKwRk9dDwBhBSCLEMW2T5KeZZs+PLT8wUZHPyIfHDqoR954eHQHPHGmiliKv6vvuzXqrPsO+6kXfoM1v2sD2e60d8UBTdKpMhIhfp6tEqDVqDNcfs+X2NA8Cq+0AclIFBBoBE6umbUKD9gTm3IdFSKk4yUUNuFHtl4Rg4WQln18r7a6k4i+L811qPEQRfgH0ycH/o3gzqCb3nlwKQYUPM0p2C1jFIZAP1TgRu4KwieSU9XQB2h/s57bdo2E1aciqqefBuTL7PsRUtMwJTdy6SoAgRyAhjrJV3xGogcF5kFDct0e5If8TSZ1J2jpL2xUh9Gu4JdoSamkPDfNldkTQV7ZnEejWKPgK/ov6i5wh5wL4AGMLbAFJFSAuhxxTJsbb777OD5xdSXHc4ZtGDDAxrztirgt03jC6/Dh2Nr+zJ+Fi/I4m8Yd0CxWhxg+QyU0k+S+VW8q7aqEeDX46sBAvluhZDPaLrAdxv8rehabPGgB6PPdNs2TYbAG1uCBkKnGnX3OJyanrdChRoTR0+ld+NEGpgtSSLtnMdbi1uIHB5aHgf2lQnleA6Mzcz2qgwbo6HXnyxBdkyuOs5k/Hn79z+UwVouP2QIliARMtYokeEkTgD56GBguAcL77Es6IBqwOwZdsB/Z2iceurTZ9/lS6oFZd9R10+So3wgYb9nvGx/tyt3CHogk9iSkxu63TqdHPIMp5RT+JrAsKQpTaLUl5GaLLwwcZ8lMhxNSzQrQ+J7VeGdLo/JE/KQjADZCtx6XGLDjaSIgE5AcZ0Ezv0hGXmlKcDrmSXBe5l/PSBpTJJ+yrfNCz79kgmqIGuiABiwaV8FH7P6+TrJg55DoUb2ZSyWKPflwanw/st8mR/Mjmr62ck+xPmjKqxdg9DnP79v4xlQ5H+xePtNp+ACCyvCv2w2difdQdgQaBYGYQBbJ3u9GjSd91dYP4jiiN9uL/mhcoegy170z+SmyMssuBLv9yXC19aKlAIv9C+xsidM8ydaohxDfhtz0eL3ocOZ8c+uuuWU6OgZNJiDFzOjvLuU3AUk08UZaVch+4rdFUvo9IC3wshhvnIk3kpJtw+oTWX6JpY8U8EDDqUgA6CgDvgGn3UyMj+0Ai75iV8BcZKbR59oyUAyh/9xOFMNOnp1Ip/sufPDxARFEipbh+g0N/DOTcTC2HziGSXxb06Gc6l6um7ADnPiJZ0dSXEy7BL8Ik5PisVwPseoEBL5THBZgqh1/nMIbY/fwarziv5S/ky/F5JG1JTIM0vPh9Gij7qWYRl5gwYadWs69khh0kDQBFnOaKZVldpya7QViokxShGToef4/WxWrDSnEqnSNjATwKVHDp7gAWNV6X6nba1Ri6VVnrap9WxCUnU0NzkaeGgWXddpwxDgtsVVl1HEcHzOpWylZ7Q98nfCg8g2dBR2gOgY+pFWK4US0EwJXfC8p03HBzRSmyIz0dz/Z5wvqLqmsBP4EUlOSspBfGYZUlAHoMkwMNe9SJNRa88ihE1utDqd8uvzmgrwKbM5yLGj4gjVtWnZcfVTnFc5mudwJpEdAlyDShPeiXmppdCfiCHtbYojWK2L194wLd4EYxI9p3PECV6yBjwrjnD1fNTSv7jSxXdWQL37M3BuSzO72xZTDwrT9+GFfbI4fjOjFljwZb0Kihmq95IzQ2D54GZA9tFky92SAi8eiM+OwJ2ZHeB2fpYlmmMm+7wEtNXQndgsDpL0V7bqMSbhFcWq+Y2MtaSMjMASxIxXnvYy3A7x5Vr5jNS2P5ohOYFK5pevmj08FiKhlN1a8eN5VslC9hZG7sI4UVKg9ACcNiDGN1g6u3ETSsF6SYYp9oy5TUDydcQmpqFfaq7P1Rch+HzJ4AGBGOcyUgZOUbwsEe3BbGarkDtawpD/rEW3rgLXSj5M5mU1Rdt51RiZJ8NGn3uyI+Z0+RiuP+SvIBp7EvJMOozsxIcIH7CDGiVw1g4DpZTnIwD3i+SVRrW3s3mUrEbSwvAFDwMm4qrGi6GAZ4klUdbzAe+jSNsAPyWlWAzX434zUfBXrC5sT+RfX5NyJHqpGdITeIFHw668LVUAcOu5OPCNmVSMH1BQH3jowMDXAaIDpX7qIgMknkninA8U7abv9Svm00nGYf+UsHm2S51lNgTJqfxUxfJZN4wVvGCi8a2LoJ19pRvnPO7CTahQ4yLkr/7cJKod+cpybPSJNPsZLzcwo32oBqHYkoy1nfqHnOOwc3OGK3Iq47WBx+KYFTk/pi/whR834NSs9hIYVY7Oo4ylZt/RX3PGUOy2EXKRkF0R/5CaqN/KXKQDfLSzm/V2LVxj+BX/v9UC2tVSVFqpU+7951RKO+Rv7IDtICQe5WPcVAaTHjOyZxTrXplLzxw/vVcfzDBfMdgXo6YgcxiFFvS5lxiEQq4OtoJXYthTyxVLLlb0p01+vi/Clmuac+0AHK2WEHWrSzIm9tORi90tYDHJbzl7jokKZDVderRyGU3B3PVJmw3hlEl4eZmseERLP9Mvma2IbfOiJI+oyYogrMuHlVm9clumIDIRiX9JFO6soPTvNBkbAgP4w1KGvkESHi+xgiNQBYfTqpP6ypeFrKPznq47LdF7opBLj/5mhVqsM6c3sD2bZLfysAYNC0fRG9W6Gn+ZP5NOANbuGJkEx5dPaKIk6T7AhcvsLt7sAEkHaEcyCfld/wc0262L0AzmVQHpEHgurMX1PSDMNsb8enB06/8n4lICC2Ok7BqQe5OyoB27liFOIhiXqzo4Lh9d3KXSrlGQHoEthOTt+3qfdIOY7bjdfa/ELAHlYpUeKYaR9anc7YjcL7gcG0k5hFaVWwhcXZa7reTRc2vDy2WWlAG2yZDjVJeK+orrvyD3IOx5J62VC4t+nSZx1q6zdNJBV2TbCsI2pe3FDegeM0mmDqkXbK4qg6jScxVxFeLr0VrQ++ejqeIh7fhtwyEuDIHugzDfUZznAjINGl1NYTBl5iW/U6hiE4vC/GPTo6VGPcskKI+61kuO/HGIHCtQL/mApNHxB5OjhM37BtxTbY/ydD44ihJKJB3uCSjDlEM6l/ZgvPWps75JLeaiWTWHIP+a3tdQwwHOV52mv8Yv4O3JVW2HKZGf+zZGqFBXFRP+IEnE/C6pbTXnN8UyBVCBkF0oysEAviLJgwyw45DHSjMr084WRJNob+D06dsEVeVOZE3vKyq+v9u8mnye92AhTvnBM4SHOLuULKmdQ5SiYvt+CZRS2ob8+54vTihzE8MS6BrAK+Rw8BTTH8YjXwyBf4Dm0459atUwlEKKxUxCZDfacHTNvAkGuzvRmINjpBPdpVcAFXskFNcesYfa3Fj6uvfyn17ns8I06HM9/lMzG6R798nRF1fz4iq3PzzB93lACUSRJvUM95c181Y4ygvz3cIWRoQRit8PHFU+nyUXnsKe5qzk2Oy7wGH3yunkBe4156lv6hME/ICOA2BD4J9dkFbHAFieIbDa3DVS++0iDucdHKbVsSQNsAKiOKndViVXOsFkVGsaYYyOfkXNhrxQ38xinbPvk3EEpYIrY32nKPExYD2q7rS07SPqQ4/XsrExsYbqUZvD1jATdeCmHbcgX/ET35zBozeXiRUS8mw2kc6eLR3PVcKAmnHLi+4QUIPyQi8zq5t8Oy1jQMnjNBqHg572xIugQhxGTY8XY+1ld/6Y8Oz2sV428Wamkar76fmoVN/iFfKVRpNYV3/Rl0GJw2GL9++mYVEC1CuaCHutF35X2y83Y/UqAUlDEo3O3mZqJGEn0g0EOQJXfvRxIRBpBxocAqMIXlZskpOu728nut2D4dpDw9AkkAgLc/d19Sm9O1wl5vUs+zHWfBL/xDAFe4hT2On2tEA2ZC+h/fPSkeMYJ+u4s9UBW8P8HD4sBUqLhNOimotke89wU54y+/T0Q637Hyxfug8Dxde1GJIVhDsXYjAAhntbhu4f397JSKq1H6Fi/Y+krsMG7iad3LXMRmdhACMOEAbFCfZ8XoxhBtNRdQzzjpS4ag20jDBaWcQrPblphOuVuBpcs0NP5vOl60eAthHzVbWUARabXhTS8nIgYm4Rygw32GiEAVMN6ec9AFG7P8Y1R6BVnAZg+QWPducGX6IKEiHHK9ffirM1yOdKNNx6/lG+mppyY355Fn68eHNNmoVfVwZOF+d4rJRFVVC513wz7cDVTcjzw8AchF9AF0gd9Tk0tJLV1fcSOiRgzCv3VpoKIA466n/IuqiR5sx1fEm0/3UkXVrFHgmwGJP+sze+cF8S7RdpUrEUYbCtT3J5J9w0C1WTlOioqlevM0NoDguCl5zVG9lHMAply3q6mHBWW3w3K6emH16iqVHBgyrG2tpe9U5kf7Ihv+djK6x/8bjrkgyq3SIlBuzm7Q6tMN06UzREq9U7zk8iHBrHN+iym1IVCDt0TwdtvSSUdPPdE7Rf6BAucqwdG4SXxdP4TIFJ9f3XtZ1LfkDL35D9XEa20/WmJc9vDmlOsFtG21/d76+7uhAN5ScSISGZivBrtmdGQ5NTg8nxfkAI8rRpM82cUF7Vgd6xXW/dGAgwXJIZ8O9hdnm3UFgqfCU7EA0wHa8i3wu5yrGiQ7wP3sEgoZScsx+cI+dNHTZfRhtf8Etv+jvSk6M000phImRQcyRKBUyQ1x0gOyTJl0cK/0ZcAaJb1kYlOsI85syN+2QGOUl2koSLkFrDoR2m/OIR+EdebawvMyH056AgkuXbvS7bkzE+NmTWrtCv+Xo9cI3mcdhQpy0TlBMto2q5Cu1slrl1S9slcd5KoDv1r4oq8oHTeMQQ1IPgS/lfx9/VDYMqamszRu44Jj0hWyJ7U6y7BYu9NlaNN2Qe3z1yCplIrr36odRfHBCJBXpwftroFg7CQ01eftCaosGVA1YvnLYmIHLfbn81+dA4E7JO8xfSgE/6bmdbgID01lLdjWp0uE3z3oJ1QPCJCXxfWbU0/QL1gZtt8DDHDmKjfwwTLr/NSxPOS9sNkkJPYIQ+2MnX9AwR7gEVJMn4h/lxGWt/T81OXawEtUQOW8GVE7p5JEGsSFwhxb9HqIXAuBwjew3peXHLPUs259Bjqq2j8ikhY+Y4v1AlzLX1P/7bXLi6oCbagauheQkbHGLu6ykjF9/gZGnKQSHM4ZIi9PhUMnfGEuDC50MpWlIDHahHK0fIkBhqkWPRxxBX+d1ke0xYaSN2HESpefKjSj1edHHzYt4gl1OI8YEOpgDGZ5+vPIzIuJMu7e39YNiqeQlxIPJ05ri6VOHuaYVfOxM6hMr8oET3fU3KHty2gpF3gkkS9b7txDF9hxPrUJlRgELZhf1sBjtXB90S7NJgyZFuWnKU2cF5ivzI26z73+PUZVUpTfZJUWtF+dep4ZGO4d/yzDVnngw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-10-17 06:32:13,817 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:32:13,818 - INFO [Shibboleth-Audit.SSO:?] - 20211017T063213Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_38644cb4-bf88-430e-b518-011f50672be6|https://iam.eu-nl.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_09d7cab44536530a6d51dde51e0fcdf1|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxSoCGFi3ApMwliI/88T48DsStYtJG3xuQO5b0icIh4xYtOQEEzY93pRNcSQ3XbpfhFN4VFbIwU9Wxz9A95j0cgII36m9zFaZMVTd9paVJjOLUtpp8vd60/jwZKCzsyntgn3VdY44p|_a642b12cbdb48b49b9e85579001baaeb|
2021-10-17 06:37:49,382 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:37:49,382 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq" IsPassive="false"
            IssueInstant="2021-10-17T06:37:48.698Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>INIoGKRQEil3xQitj+GKKiPR1uA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Ksb5Syg1kZQ3KJjnU86abFYioFDk+LaJYcQMOoOrzD5VfFcCaW7u+tnOBJ40E7vg2J61MS4YdT0IwFht8S6rULZ0kWaolriS41FjcKvz+TYRjjc1+sEVvwWf8YHRArxayrYdtJxLiz0y4M/z7vfUHRoUlIYtO66XuZVfIs+9hwOn85NyfbFKLDhQSxmX9bEWVe1i3RXeKeEeZxlEbvqmJr7ndDvqyvdVt/54of4fDtwVaG6/EDKtMpxA2Wm/u95HMmS0ult7ipcqfVxouctjptBhDU/YHXyw/sC4t+EkxW2NeVBld8gGPpWnwUEmCpqfJorTjtRKpbsM/Cgh8g5lYQt2chg+m0tjIsksl+HmGxdIeIxZ8vpthGh8QzGuzS5tL3256hHDkPMaDjZvYSpibfJeWGsjKK3/OGKNFe4BGBPE4t8cffWacVwCUdIK+2LzuJqjA9okNISvEP10upqszKJkiHhwnEekuU+xoJ/vHswn+OgaVDPYiPtUJ3Nz/9I2l+qGgCCKu83IfI4RN152V0oBt7r64ZAhIyrZztq4tefjtsVkHoeiuKblpG5+IROwZTUwm6VEjfa08WfIlTRP9nj4vrDurZ6e6Dk2PXvYW8u5PMLaF3PyJ0OBY91sLuxylHOORccGcNdNJWB5qdY/6fGL2fKf+LBdSl6jKz0UVlo=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:37:49,389 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otc.t-systems.com' from origin source
2021-10-17 06:37:49,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:37:49,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:37:49,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:37:49,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:37:49,389 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:37:49,389 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:37:49,389 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:37:49,389 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:49,390 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:37:49,390 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:37:49,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:37:49,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:37:49,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:37:49,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:37:49,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq', issue instant '2021-10-17T06:37:48.698Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:37:49,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:37:49,391 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-10-17 06:37:49,391 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-10-17 06:37:49,391 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:37:49,391 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq"
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _canviljwjunso7mrtdfvtfmlpgc5g49jrzuq and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq"
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _canviljwjunso7mrtdfvtfmlpgc5g49jrzuq and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq"
2021-10-17 06:37:49,392 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:37:49,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:37:49,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:49,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:37:49,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:37:49,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:37:49,392 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:37:49,393 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:37:49,393 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:37:49,393 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:37:49,393 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:37:49,393 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:37:49,393 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:37:49,394 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:37:49,394 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:37:49,394 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:37:49,394 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:37:49,394 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:37:49,394 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:49,394 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:37:49,394 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:37:49,394 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:37:49,394 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:37:49,399 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:37:49,400 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:37:49,400 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:37:49,400 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:37:49.400Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:37:49,400 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:37:49,400 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:37:49,401 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1859784196::identifier=rick, context=org.apache.velocity.VelocityContext@1f101c5b]
2021-10-17 06:37:49,402 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1859784196::identifier=rick, context=org.apache.velocity.VelocityContext@1f101c5b]
2021-10-17 06:37:49,404 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f210dc3e95a8173bd7d095358cdf540190bbe134501b336c6eecd253689a1ed9 for principal rick
2021-10-17 06:37:49,404 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f210dc3e95a8173bd7d095358cdf540190bbe134501b336c6eecd253689a1ed9
2021-10-17 06:37:49,405 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:37:49,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:37:49,407 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:37:49,408 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:37:49,409 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:37:49,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d293c69efb0105fbbfc5927ba6c61928
2021-10-17 06:37:49,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d293c69efb0105fbbfc5927ba6c61928 to Response _1218e2499ccbd5f6daf6f630321199f8
2021-10-17 06:37:49,409 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d293c69efb0105fbbfc5927ba6c61928
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:37:49,410 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxZTBg+iT0rKMIVlNUEFv44bv+xw5dUmgc2QcJHlQujvU7qKXc6t5PzjpYjBq4BNIrPJ32IVsGCPIZnuChmY97MwLizdUGapGCMrdNKgzTTKfq29SwN0HSCbdoXMeBjt1993I5h81x with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _canviljwjunso7mrtdfvtfmlpgc5g49jrzuq
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d293c69efb0105fbbfc5927ba6c61928
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d293c69efb0105fbbfc5927ba6c61928 did not already contain Conditions, one was added
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:42:49.407Z, to Assertion _d293c69efb0105fbbfc5927ba6c61928
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d293c69efb0105fbbfc5927ba6c61928 already contained Conditions, nothing was done
2021-10-17 06:37:49,411 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:37:49,412 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d293c69efb0105fbbfc5927ba6c61928 already contained Conditions, nothing was done
2021-10-17 06:37:49,412 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:37:49,412 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:37:49,412 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d293c69efb0105fbbfc5927ba6c61928
2021-10-17 06:37:49,412 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _d293c69efb0105fbbfc5927ba6c61928 did not already contain Advice, one was added
2021-10-17 06:37:49,413 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session f210dc3e95a8173bd7d095358cdf540190bbe134501b336c6eecd253689a1ed9
2021-10-17 06:37:49,413 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session f210dc3e95a8173bd7d095358cdf540190bbe134501b336c6eecd253689a1ed9
2021-10-17 06:37:49,413 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:37:49,413 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxZTBg+iT0rKMIVlNUEFv44bv+xw5dUmgc2QcJHlQujvU7qKXc6t5PzjpYjBq4BNIrPJ32IVsGCPIZnuChmY97MwLizdUGapGCMrdNKgzTTKfq29SwN0HSCbdoXMeBjt1993I5h81x
2021-10-17 06:37:49,413 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:37:49,413 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:37:49,414 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d293c69efb0105fbbfc5927ba6c61928"
2021-10-17 06:37:49,414 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d293c69efb0105fbbfc5927ba6c61928 and Element was [saml2:Assertion: null]
2021-10-17 06:37:49,414 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d293c69efb0105fbbfc5927ba6c61928"
2021-10-17 06:37:49,414 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d293c69efb0105fbbfc5927ba6c61928 and Element was [saml2:Assertion: null]
2021-10-17 06:37:49,416 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1218e2499ccbd5f6daf6f630321199f8"
    InResponseTo="_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq"
    IssueInstant="2021-10-17T06:37:49.407Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d293c69efb0105fbbfc5927ba6c61928"
        IssueInstant="2021-10-17T06:37:49.407Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d293c69efb0105fbbfc5927ba6c61928">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>rcbhVdY9XSN1mviSx9jRUxjrrdg2oWu0n8hVhDJzNwo=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>jzToKS+A8GkdgXHY9KWNXELj0wo5dXZUA3KMdN10GaKIoYlk0dMa5ecDEKve2COUC3EkQeMTx+csZvh/rQ2BmMfv4eWpJzWDdNuul/trmrthC6RKVq46eSpyLgLi5W+uNfqq2XYihCagaTBmesDxqaphZfaxLSHGoNvfOng7rzjclVDpYi3L6h2aVNsfQ9cu69zIsq3Wl+op94H4V1lRBOyfOh3Ngz36/7o0QiljcGIFYXjjU+yAbQpO4cReyI32MGHPHP7v94Lk5c0ozscqNjA7s7lCvDXyifV2Chcxf2ljQFJCu0R92VwssUTocLJ4R9TUYUA9jigZ1NnN3jG9aQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxZTBg+iT0rKMIVlNUEFv44bv+xw5dUmgc2QcJHlQujvU7qKXc6t5PzjpYjBq4BNIrPJ32IVsGCPIZnuChmY97MwLizdUGapGCMrdNKgzTTKfq29SwN0HSCbdoXMeBjt1993I5h81x</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq"
                    NotOnOrAfter="2021-10-17T06:42:49.411Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:37:49.407Z" NotOnOrAfter="2021-10-17T06:42:49.407Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">3bXJCc9ZG09yrAZww1/CVG5BizM6PAHr6c5mXqXLboA=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:37:49.404Z" SessionIndex="_0526c39614bea0e06cb380487189130a">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:37:49,418 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:37:49,418 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:37:49,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1218e2499ccbd5f6daf6f630321199f8"
2021-10-17 06:37:49,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1218e2499ccbd5f6daf6f630321199f8 and Element was [saml2p:Response: null]
2021-10-17 06:37:49,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1218e2499ccbd5f6daf6f630321199f8"
2021-10-17 06:37:49,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1218e2499ccbd5f6daf6f630321199f8 and Element was [saml2p:Response: null]
2021-10-17 06:37:49,420 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:37:49,421 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">3bXJCc9ZG09yrAZww1/CVG5BizM6PAHr6c5mXqXLboA=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_1218e2499ccbd5f6daf6f630321199f8"
            InResponseTo="_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq"
            IssueInstant="2021-10-17T06:37:49.407Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_1218e2499ccbd5f6daf6f630321199f8">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>AZN782MICQhJ7PZg1qbB7QYIW/GSvoEULrnRiZp7AAU=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>YCAvlVA6YbIK9+8Aico4vZWv7yFfOE2FFxBtPNxmYOAuTWHC7I+FKNc6f8jk4j5+nJtLSWIwAPBoyNKxgDmERAUMWs3Q8SqnsgpQ0vx5mCMr9DmIqtBgZjdLnni6wYyxiUOkxvvmVXhMepBD5W+bTsfTQSI11VcYn8oTo7LJjE5Rzm1Zdw000cHA4wq2oF/FVoZNSYSgXaipuSTJ2WXDp0GYs+P+5BUUEvmG/LhqWrTIPwWd3z6RMqOg4veyQKH8oTUMx47YR8lgCKCWnpr4YkoVUM6saRzDTX+mN5TL/3IaFkAUP+6kXzwp27MYB8Kv+ilb8u66qGWaDzFe82b/3w==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_9cff9e3358705cef7075877690182eee"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_779d06803008e693a1d575e1e6fc31d6"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>ATRa/l33yZDimer5vNBvUYrVWfakHloYvSMwHUUNgOg03LOqmw2WqC9RkchHglpT51vdKlC+OvxGavZx+fd/icDtLylwpRPeFwbWWk1ij7zkWYQiFxsClt8HBDwSaZP1Gj+W4w3j7IkB5kTNO5qMKAqFECk9w7EJChNYXoTA7UcC3lpKoFB2QgQl37UDAAsucWwXNgAwdbHUOAE0apAV3au4qx0saF9mOfDPhb3nWTod7lwkmAemL6WfXCrWFqUDAI7OUiDyGlM4WWGl/Q3AlpzlIRGqDH27EYvzC+Qz3T1yQPofegzCIhb3rzmLXqrJ+r+RHA8cSh+oxMIJkNPSXHfEElLOc4aPpYdcQgtp2o//ITFV8eIOVojVZuwgAuIpswN7WSxiu87eU/QcRkWwxF/g2EQpsuxnorV1n8kRegsEywqqau1R03C2h0FCyB0SQps37JdsferdfbM1lwSOW6oqTCbklrf4BQ7wMvxQ0K9qAumMx8skyamy0VFVlTmW0NM11tavuquetnmnCwAuNHjnALVW5l4zyT2K5Rq8wRZjFBHxhutPSR/IhjXM7XlknI5p5Y7eoKcTaNSOat1X3+76HhoCuIr5nAXF3XeIcnG1IR16qxMnZo1W6koQGIpwQpS/lIsWMM9XvNejhj2w2Jnq9dFAukBw/SaDtLdTPBE=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>tisFMvVcjJjlEcNbqbdZhaxHk9B9jr7dr8H5i8FwVZ93P1fgzUkvP+IyWrG+5g3FkNo82OXSEDl2J5ZKcX1AYn1dzQtgHhCbceQCPSSuK0YAg2G5yXs3vK+rrQ1hkLMCPnv2fpllvdEUfB+fpI/HSE5rNoisubVVdXOoYLNOAfjDgy2nvCUHbjjw6B3BnMJGJxTTX3wQCy74aguWhDw9XJw0uz51EI4rV6DkMotbntCeAcq2uFVNuiOeSf6PTZsUvTixuSsKwdSRLAZciLxbD7JvWW07i6BvlsXUwLiFXBN1JsXnKAw430NJYXH3MOfLndlBsxj4FXsCbq3RWC9N/OouuyI7Yo57SazObk6MtWrxBMtIyoDL0CNcivJmW5LiC6vMrYX5Pj5NU8f9gSuxXYB4XwHZb5cQ6L85fr9lFoenXaWeGWgtNgc5LfcZwm9bGIbuPj19aD9oDBPZLvku6sgSmF1M9sDoXMcs7jWx7M2lewTm1rJUrzt6h2HtUTFiaE0r3a0oHljinG9maPt3ZwuNxFUZK7Mtga2A4iBo56OjaDuKIy9P3CX302G5D4xl956pSxrpqMQtkGLrtMMhP1ZTHsW2vvg58DPZLCsaaAFZ2Gn55qjDbrRrChtR1fNX+e6VgFrpUdkMV4E2Oiy4dmJggz/iouMdRiviSMJy4Mgi0j7jEKRx9BmEieD4AiIWST5uf4+3q/mqx73vOheAoV75COW47RIUQH3bG8bjAW3NGGSOXMUn3oRzvzSAMQ7ZcEi9t3vS3YpWXa6FAaQtAzUs8hssyevJgEz6g5F1T8W/V//zps5S7ImIvc5alFcr8S5FcW0LGXCIKIBm6dmooPcMzn/++6aQ2upoo+ip+Jk/qtl1Y6rM0KjBVnyNHBTFYsqg+x2UKXWBJ8p53ZGIGld8EkqQhQx/+JBxPEYcl9y+TvO6e2Sr+FYpG6I3JL56Rt25tKJcCVfqSH4+V7B4sOinLKI2Y2WIN3gYHYQvFLkkSWpsfWTnrNSK7D3QtRPKtWI0RCImESO8SFDwl8qVg5UQ7BobprzhbeTc7r+MNKTL3P89PCtaIamCE/EjyJiPihbRj4GfcACQ4G1EnPr3HBdHQkXxDsJI5tlbvsdwXqmtvRBVlmFYEuyaTeVpqwXOMqUQIFOc98J8aG1+E3fD1o2gfNyWDwfNfQ5u3pcqOqZza1VwMoQBoyn+A9jw1kWLtYZfbb4QapwbvK3eMtPLvzqIt2fiSTxpCqvYsBclfBNKDt5EeItujIyDaAtmDo/kRBD7soixxBhadzHJvNu95lDV5Cy/n70x2s2AMhp4eiOw/D1nFMnwdwYHUiEPpxiWNoUUMy2g033zr/AaRk48e3zalogS+xQPgtqI4OQcPEcYktWYakd8H2lIVxMGk+kSolZsp1o5wlI92KDZLYKgjrMbsylm0MItBgTtDwMuSbljYwsc6y9eo0invPkpjK2fbrdcEP1R3POFaNUUUy11bHpU1XE7B1wRySwAMw9CgcJhWVwYF1x5e8d8WiJ0+9evwW3Z2ypVi/9VHiL9tnc3XCpr0/JwlRMFWl8+u/jDKgOvxfrHrhju9iD+29Ksc3XWPkXOtVeafLhpwmY59Q1zNUjotL77VFADY9RZ3alvNs++UAllIKGNS9qAIxoekF7uaD2z6JoomPXshVc8xKZbzPIktwH4rzCe3UP8P1jj2Fp/8JwmYTc+in/83Qwv5sf6xrgHAPheF0tVYAW4sRbe9gjFIkLeJ97wdWSRubfV/fL2gEiwKgZfkMr+2uoSEWOfdbacCbuOx99U/9rBJOdjKaw/RnZ22cSgksJU73Mhm8yoavOIHJzk4N/0U9CXjRR+tpSArT1ps/FV9qVjixGCa0GFANgzt7k3e6fP8/llxglyv6Z2VWlwL5TGWnLD7FVwQKpI5qWEQhAq1HfE3EhfqSy1U61U0lrS9hGztncQ96X4vjDmUdm2xGW9RE+X/eYED65JbPeexrr34L767sgTdZ959F0B4dK/gV8yXeG209waErQIY2pn3SBuaWMUnCIKbvCtMDM+CxqmCUNyySqdg2lUvaUWOaAAvUgpZ8Aqq6tLVYdN8QounFgMHgVQNt/RNJ7+cRRYPD/eG0R4ntLr+quTgeET2kkNqXZdqmD87REPvmI6BAnrEPEZjJaN5714jUPXGQfy8/0kAIZNUuRAcIheF7nf8dbIOB4QiDLVlYnvAWGXHaQTH2rHmNKlSPbfuS1wjLRE8qfgnyShFeHeHCNxxygdaV3KDKTBt3GsOPYhcH0bqNX2c1gtxycuPHqqf186ZThCxMu1cP8x4+QGUmGVYegMlfO1MW0T5P0HJU/wgmwxgDM5bUuiDAcxT74XeqfI4PBicgt0EK14e+GsBeJ6Ab9VlFqFGZaxupjJ7ASRilKNoXdcF68VWZb/ZTpYohZMaNO5yUzczaTOTtmS9M4BzThy2MGQMBFsJg95BDgx/Y21PyV9kNc0yACTfvDZMiyG1Lc6dVpdk0FEWyBR4JQy5Fmnh2bUjP+5LwJEMiKJ8cGlKbpE/a0xW7tPn3e+MEjGYB/oQ09cTzDsCwrud+7LRfY8hckZXsKErjp1E8d3MxRpZH6c8jtP4AF2I8T0yoMvzGhGig3IvZX0Qa6c8STFIGnQBf6emramag+tvbZQXVt24YNiVeVnKjaqU6Ww9T76iYLF2gco5+JwsMKgpvye4pbgqeQ77cXNcuLSVe6AbC22qXCIKJvww8W+CguYKK23Krs/9DDV6ChNKcE1XPKSMedwXth3mGVVetAnRXYReTOzqXt97WxJIoSfiZp0rEnE6oevUlG8HmrNbLntkrAxyil/SwDOED1M5dslFvtiBh2KKHX0VVVhrXH1goIut33/PzcIOPyh5LC9Js9f3DvFP9gY+sd2MEsbiWMI+vdPZLytwga2hbuV/4z2ahqhmdeiP1RRgEDVcylLoZYCYjeHU3IY6EAnDzEWS1YJQICxi22ITeVNNppmHZt/C+KSHhWQt7am2m2EFdzJJBqbkpjGsKei210hAcAVA0/Ku7MVaB/HDUkCrHTv4xVzCroBQHcTJ0nyvL2onFYBHfuL/QwUZr36vyy+RdcLhnvMLmp6xYn6BLiTCuw+m1Pghdypttvz8QmFKycDEWFUe29wfQxLOW4dEaTlL4BPV02KafAZNjH2oM5ziw9DbqieimFW/sBbeits4/eGkdmW6i7zNAaWt4ynW5ImYdTh1gzIgkekD49fjzGA1apcKCZ8dOZeWhGcyZaQy8gikpcZj2BL1rvcw+Up+ZFWbYOdcCkCyv3fvRYATJ7huIZhwn8S0RWZqbm00S3sYxHxGOFHKgMro+A0IZ79j4+g3KAEQpVrstYAz4JwRwsZF1S4i3/pQywJbeRPY6QdzNAgkWAdEXYvtTL7L2Mse/spw5/NuMS/mDSjd/UkWmoJM5lRTNra5rcnRMXum3asxTimzBI5GS76CSDKO8GrZjd7QscqRC1kl7i7uUOjCauiR5SuiVkTpYnmxmwV/TjrllEvMuNGb7ixGjHDn8lVL57FyP373h9F6Zr4NTjevrVKfhd0OxRiDZuPr7bRsMtk6je0L5fwRs7Cx/A+C2wXYC6odI3yTost4YMBh05J/V3ceN9ucX0udlUk63CBpefpXpccQLk4/O3hz+tYCaOWzhlxlWPHIf6XpSoMA6koN3chvj4QrJLcmdOFaM1cBpmMbHr618WVOkNjgFY6qkVxdLpXlw1btWlGC9Qt/netoupL4bQmCMrpucX2eavzbEzH/mLb33A/jSuwY1MtFR5jFtlcB3fv8U+AXrgiwkMRWA3zbF3QirB1rGx7VWtWpqcj+K4bUd0cP/+YThxMM151XrESJj6+i0tyVRW2W0A1bFJfT5IjU306aQbhOT9A5wdmHqgXUKe6qHOECSqrfmnB9cUFdicy7Ws0QAASO1BguX3zEWWov5Vc2PdPmTdYHRws71sN7uenk4x8gCtvye6q+YH6LhD/XQceROG5MjUV6CRk6p5C9Pv9NWRHFSJIvBLf2JZBlBHCEq8tYDipLkgPFKpVfsX4Q2GI20AM7C61+Vyl5EZc/CRGm4vYHzUX9JZqu0bCukO3iRe9qoY7tYjdZ9pLIVQitsEdHTDlgxga0DoJYYC+iDQiikZeLye4DcGMisHLJhq1fipJb/xYqX6QmfGni2OFPUxmHelwXkldexk7Q6pJKqxpx987Op6ecpBryh0pNH3AmCfOh8rMwWOFAUJVFd4yNby4f2Z87HyH7dlstcCRcL2j8rAiK2AA8mnA4kAWVuWs7PauXz8s3NcAn/nS1+AiYfivJ/E0bK/LGkjeHAhy4Ms9Gzaib9wM08E3kjMOkDvp+gv0tgQyiMsBZnz/LYunUw7pMhqPfossBtmu3/SSDtZx/eZsJkz5CW/rY1uoEdJvP+Zcfio8ilbz0cidf+UFiRUAVazuUYHc5j1nQlWjmQMaFVCfzeB2GZPcP3XLHm3ZIWD0MfAKrGgWg+HpalE17/7tCXcgi3fbVt/iCvLIzGi/31le0qFDtnFC+syFmi5t0EpWh+DuX5bISJMSFfayUvIKgMunZnhLYJYqlmWZli/a2Y9r1hHYKXv2OUv7UbzeaLi/tgdKyLIwRU40K8llgozU188q5nfgSw57L5oyo/N7U/tckw6FwW4SoHQ64QVkCJajRntMm7ngEXYDuw+5fbZ1f+lNirfFf5fclEf8ExtlsX0DTlujVpN/hge4Cxcpygtct9ngQ13Mk3GAVr3I3H5xjY90AAOHsBDmi8/+JTMYcgEqdxtbKMyb3yjz4YGDFWNPWN7a5F/TTVXeqzfHOGjmtHIPltMHpCgt3/IidyexZa76DXgmoNnFX2X511xi3pwEsCfCycCxvWDGJJqyedk04l2LnxYys4nuMS3YsRrjtTjwyBI9w5XYLflg5mgFsppH33RGayhCD5nemtJG69IgMgH0ekdKk+uT0YoGy6SxkPyOlCGhctllqBJoPQ2tLD5WtYdBDkaDqf3THRXvrLTgJE3RqhQELMKpSFZPMYZeCjz3+Becxng2fN2uU/t6EIzV1sZJPZXWSJPT3c8/Gnj178wTSRUR+84ttNTFYShbnVZrGRUjMCRnp55D3OzfwA17WHois0+pe9bnHIl7cuaSQP5CRiwkIyhv3tYbHl9pBR/xzDaNXnmeysiUGPquVOIcRiQM1KSmiL2OPeg+GHQ2+dWWFg0D+mddjRraXmnWBjkgOQN52ItFBnsmTY4pQnlng5eNjV+GlZOTIVIrPR1ObPc/A6B7rwD9C86AWC1rcXuyTE5Kp3JAfae97c9ExIMhL7PnlElczZdezqkolHfUTSmKyCNoPH9PbIRK6w1h3uLUMZQWy3agj06Obt3ozB/nFFaZKmNaMLijhxRgHtJW7/HZRCeSvc1a5h7/Xgg4u3GPOFcvmBqasfNJNjuQIvF6d9gYUxW5DQx1ONOvIdZYt1Ia/3Z49WFxoUQZ0XQfi3V/u9wh1XZDLTUPZSoxfBIvbt70EfsBqS3gyULSt3IoCUkKXB77LHfRvTAjalkT0Gra3h0DBjNSJ1HUbFr/mooh91IBiLkOcG78pURVAj4SPSq1pqsL1B5ohMF+cIQfqRc9OVVZqDSMFnioBImlUYARjIk+ZgYvK5ziLtHXjbhtMFtd6FiP/yapoH42pkowClt2nIX4VxdHY48ppPCps1A1pRNttPzfkcU2oD4h3qGwzrUGXFBVAC/SCif5ysbCFqEA0962E1qViH3H4q9WT+VbfpOfFsChvow5mg/sD1hOIzS/l43jOvZ3OytJTBLm+2GLnbAnqUko8EkI4OtF4/wOF4CThWDdfXc7G0XEnO0CqWOy6kvQW8nJq6/Jlh0YNcSu35eBjWBzjXRvoeVya0yVJikL2Whe5REsG3awo7XTTYfVQPA+TRd8dHez/4H/xGvmcoiI66vgI1fCMXMnFgNz79UcJOLe6GRTwC3SfVti0qglarrNeHIbZsj07wFV1spY4ke2ReOo/KtxaAog2G5VMMv51Tm6Zm1M5PjPNTyLAJE5KcrcVWNVD9+P6YovMBSTsSTEFtO22NnEgW/K3qlUXSAzL4h5/g9hM4vNo4y67mdEHhZOMB5rjcWJPZgSRwV6gdCQk4CR1vHt0yLZQkxD1wLzPUKNdzp+nikoHB0QjmI/TlJB65LuJHoKzOGm8xOzvZzaOOLAhVB/MhB53NqxToVwK4BvFf0u7yemqWNGXIMKduI71OlcwanGJlmk2svmYCaqcJ//PdDBzgjAEPN3i8cXaXHNb7NTWSx0LA074uNY3UBmiONvks5wOSWXfg5bu0xxm5GOkXSw4dIZKHbmshlux2mGxWtrPprWaxkH4TRu6bT36POevykM+lBoXAgQsiXkVGiu9XijFhOSato7xBXS5cbMdYc3YAlXj/xd/aGt+kn0VoTJQ2ktszJz3c6bAgtcPeb305kRXKUA5c97iaCwR/fHMKz56PRMIigaWYE5IfhElwCkXO8tdVWw0AhyS6o/f3mcnIGTCn17vu5k/TnjXP8/wztID1vrlX8nBjvkdCZR3u4YlgXb+pHbNqM90hNdus/FtvYaB5vSRSzjvKtbKQRCQdrXmTko+BXjN8VZdB9UStNyGkO5dK5OLEfdyLRwHKv31RRD0fpjqtNxwMMR4CzxFXwlrJvPyQDhb5Wya2R9UwXpb4BaaNtY/ILBTnMd4PERKZ4qfGM2v3b912ekyy+uj/+p+m7GKkvspbhrak0CqyAUYMKL2Dy2dq3wuo9s5Z84AIpHz2SKYyapCAw/QZeK4kC/X1Jt8mvLRxRwNAbkiX0jIZMNpCwVYARsoYsX1XKeIcxHr8PjYT34p3AoA8bkrJSmVqAcIt9rpkJy0DGaPKdsIj/nu6tR5EgzCVJiPgTntAcCsux3hezsg4aZxljSnE+XsGxg+NMxo7SbIqzxG6YKsVyLBABEUwAqZhbk0vHfTFQFkEiw3DfKV2deABCzAiKO+uG8lLFhekO9yTLMKzmxCUxtTztbMq5OG9V7FCJNXBWZ+HNXHSQjKNj5w4ar2W0JdE6XKngcwuAI4kMp3yahbjTpPfVJaQFzFzbNtNQBJdczlUrk5QkxaHM8m4MrP6qWM64jIIelP2NCNYssi6qqPxUg4/eVtI9uLr2+tqeN/X6YQQQom71a0MO5fTRUoDxTp9sR7YAhpqeZOjKNYgJx+Arvg/Zf2r1HuP97KtVjSm0es86IiwCkEr4eMKjFJy2ftvH2BOR39ouZg4IaAYjUt6bz7MdF3teowKAcowhvIaDZPdMgPI48nMzqhRwn9iMJpeMlt07xjj8lzwc5vCrFrgNfEDUpOyMMqwRMzOjzB6db9jOXUwOu/p+ZOQHILWZVdn1s2RRtKRK2tVfzaKBMDxzAN58Z477kww9HhIawzRV6qJIdHbY1uJQADBLE417Sltdoxe9rsTNkB0pk2Fp7b1LqxD/myo7rLwOrrgjuCbPBZDwgLFOfgj9zNPuDLVaM2lK1LYtqTQYCj3/DL0pn9zI6YGYHNdQBfZhibe54jSxAGmOxxFWRxBZNaUS9abk4SgiojF2d8v5kjDUIz53mrnrhdt9/iRfjwKttJM3EjjExJuyd3YhWIzDq34bvm2odGve+m0SRxvu9XGo/+A7kO6tVOTAdz2TwZWc3Rl/NSB6Xtnx+iq5AoFuMcJZaNgGL8xmcwIvfsB2BElXPavVaIEGjjjSVKdqEMIqLNri3hMKKZgPo//BhAcpTGKw5j/JjDS5Lmbt9G18NgYmpfcvHYtrK3E0E4B1EoYOHvm6LvX7AUYYq6h2lcOPhf3xCX/7ITPgd2mKNWP08Kklq6KQX7d4PUHftNhuRyciCx+zd6Z3+61G4RT9PZByXKKWxr6SeNbZmoMffxvTOiHBeM2LGHD9VkKrnsFPwx95EtD/sMFrWPOD/GPWRX/UP93nxW/tOA/mxAm3Tf4rs8Eo0/S0VfL5/RhUFdcKClEbFkFc7xd6Z8hHxla4NV/Z4IY68QnZBXZF9efThHoUgV+1sMaw1NxNAHtOsWNlZqcnYOJfYQb/wuBbRijbpo36mhrlmynUXAhwOWjdPYO2nYmKe9k/qWiGBLpbLTCdpfzFjf0gGeqoiB8q9p3fHw1M+pHvXrxzzfxej2lYQULa8A0GDeLCI20XkSaBQz94HS2lxr8PncZ0eXXa6S0ZkDQEg53eFHkFJAvjZ93M7SM/HQ6qi0Ywf8iOpxNNg3bDxPIMOb1wnZ6bOecvmg4VEZJqeZUbasfQWBz9HFl0sOs7dtyTxzI8TxEpX5F4QZdr0pzMRYw42EOIHEI5256peQ86yw+OIi/fFOi9hIK9QxdG+GrzQRL37HbJEeDeHMNhj0cnasW1scb3aenor3uwSYQESX/rwY6CekEJq00eCUh6Dg+olPiMcpglx04xsx7EQa0YNtw7FiTSlyc3AZSPB3a4Tll5aup6snfZTc2jHBvEXIvdi6vx9SMRZveUXwWyTLrhjdVOTE+/FotOznjb9vQZzCDyPLlVszuymLna85UM=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:37:49,421 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:37:49,421 - INFO [Shibboleth-Audit.SSO:?] - 20211017T063749Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_canviljwjunso7mrtdfvtfmlpgc5g49jrzuq|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_1218e2499ccbd5f6daf6f630321199f8|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxZTBg+iT0rKMIVlNUEFv44bv+xw5dUmgc2QcJHlQujvU7qKXc6t5PzjpYjBq4BNIrPJ32IVsGCPIZnuChmY97MwLizdUGapGCMrdNKgzTTKfq29SwN0HSCbdoXMeBjt1993I5h81x|_d293c69efb0105fbbfc5927ba6c61928|
2021-10-17 06:37:50,948 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:37:50,948 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc" IsPassive="false"
            IssueInstant="2021-10-17T06:37:50.307Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>AeR5yJcHOM/XxqF7CiOtmGKphYc=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>dR76flwFsAL6YSUoLfSpx1Y2yu3X8kT0wuyXjiUZh3VheFf+dteSPo5pmLZ6hrMB6o5LF/Id75ChmXC1tRPe5N8gGf6Fs84F7oeCtOJX2dmXS8wX1jG8h29HdR1HZm9yVu47uI3HCOOf/q97Bp1CAhAz+/jtD0r4i7wun9nJWvoP8hUyetzjv+9X+9h8R/H7EEAgaaVcxfbmc06NVqGXUirQnGEhHZkPHwZSS8NsJO2sx83Xj7zWCvzMz6A/sXk0Wy3FoCBwMTv4hWeajLN3mg1JkK6dIGC9vINoko0ugx5DVsk2NJ3D6y0X3eq99pK+dHbcX+i+mJGv8wPmuJbv5+/y+1DUDxj0dAvi0R7hrO+eiEkrrqUvzwVHDq6rvATJrWw+H8KsN5RIArMZ03pqWk9Kp5nyCmzrz2fg9ZbOSv6GHiSUultkB4otNH4luuUMBS0IQpYcFSpgV/AzZ9bnDaauVaSRep0MZuC64CZnOzqGyz7CYLGO0ZrxVeWAdnZ/Ba8UX61jGdF1NyVa2F8Yxz+bEqfUeYfy+wjy3qXEiHlXe4r7YlKE+XacbeCoya6yv+NsGraXMatlvTFzhQYyUqsXAh7qdmEP0xpw8dKnnz+5PQKi8fWAr4HxXC3ZUlkKSCa4NzW6B7AumkHXncC2DvOGgzr9x7po/+2om7x97aA=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:37:50,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:37:50,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:37:50,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:37:50,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:37:50,949 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:37:50,949 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:37:50,949 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:37:50,949 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:50,950 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:37:50,950 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc', issue instant '2021-10-17T06:37:50.307Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:37:50,951 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:37:50,951 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-10-17 06:37:50,951 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-10-17 06:37:50,951 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:37:50,951 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc"
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1drs7z0ao9aofvek9jg5unjx6r8belk67ztc and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc"
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1drs7z0ao9aofvek9jg5unjx6r8belk67ztc and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc"
2021-10-17 06:37:50,952 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:37:50,952 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:37:50,952 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:50,952 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:37:50,952 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:37:50,952 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:37:50,952 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:37:50,952 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:37:50,953 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:37:50,953 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:37:50,953 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:37:50,953 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:37:50,953 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:37:50,954 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:37:50,954 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:37:50,954 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:37:50,954 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:37:50,954 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:37:50,954 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:50,954 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:37:50,954 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:37:50,955 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:37:50,955 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:37:50,956 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:37:50,956 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:37:50,956 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:37:50,956 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:37:50.956Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:37:50,957 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:37:50,958 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:37:50,958 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:37:50,958 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@801132122::identifier=rick, context=org.apache.velocity.VelocityContext@40fa567c]
2021-10-17 06:37:50,959 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@801132122::identifier=rick, context=org.apache.velocity.VelocityContext@40fa567c]
2021-10-17 06:37:50,960 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:37:50,960 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:37:50,960 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:37:50,960 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:37:50,961 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:37:50,961 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:37:50,961 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:37:50,961 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 64806ef200b04f730b2efdaa6cdff3b65d908b952ca49307148e26fc81d4681b for principal rick
2021-10-17 06:37:50,961 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 64806ef200b04f730b2efdaa6cdff3b65d908b952ca49307148e26fc81d4681b
2021-10-17 06:37:50,961 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:37:50,962 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:37:50,963 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:37:50,964 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:37:50,965 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:37:50,965 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _892862a1a4b6b769167eea4243d7e0bb
2021-10-17 06:37:50,965 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _892862a1a4b6b769167eea4243d7e0bb to Response _e03a00465464aa049b259072b0a26166
2021-10-17 06:37:50,965 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _892862a1a4b6b769167eea4243d7e0bb
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:37:50,966 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:37:50,966 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:37:50,966 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:50,966 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:50,966 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:50,966 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxQBKwCMsSSjEIpYjHEDmnP6GuAD+/ADMxJWciCi8AHMLCJP4k1bS6PdUuSPNNn933KYyIr/2hQ30V9cPieBRc28V1qQ+ORZSBewopL1zJ3ibpt0lYFw8hBJfwi3a5uiKz4HkMVmJZ with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _1drs7z0ao9aofvek9jg5unjx6r8belk67ztc
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _892862a1a4b6b769167eea4243d7e0bb
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _892862a1a4b6b769167eea4243d7e0bb did not already contain Conditions, one was added
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:42:50.963Z, to Assertion _892862a1a4b6b769167eea4243d7e0bb
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _892862a1a4b6b769167eea4243d7e0bb already contained Conditions, nothing was done
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _892862a1a4b6b769167eea4243d7e0bb already contained Conditions, nothing was done
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:37:50,967 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _892862a1a4b6b769167eea4243d7e0bb
2021-10-17 06:37:50,968 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _892862a1a4b6b769167eea4243d7e0bb did not already contain Advice, one was added
2021-10-17 06:37:50,969 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 64806ef200b04f730b2efdaa6cdff3b65d908b952ca49307148e26fc81d4681b
2021-10-17 06:37:50,969 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 64806ef200b04f730b2efdaa6cdff3b65d908b952ca49307148e26fc81d4681b
2021-10-17 06:37:50,969 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:37:50,969 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxQBKwCMsSSjEIpYjHEDmnP6GuAD+/ADMxJWciCi8AHMLCJP4k1bS6PdUuSPNNn933KYyIr/2hQ30V9cPieBRc28V1qQ+ORZSBewopL1zJ3ibpt0lYFw8hBJfwi3a5uiKz4HkMVmJZ
2021-10-17 06:37:50,969 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:37:50,970 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:37:50,970 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_892862a1a4b6b769167eea4243d7e0bb"
2021-10-17 06:37:50,970 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _892862a1a4b6b769167eea4243d7e0bb and Element was [saml2:Assertion: null]
2021-10-17 06:37:50,970 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_892862a1a4b6b769167eea4243d7e0bb"
2021-10-17 06:37:50,970 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _892862a1a4b6b769167eea4243d7e0bb and Element was [saml2:Assertion: null]
2021-10-17 06:37:50,973 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e03a00465464aa049b259072b0a26166"
    InResponseTo="_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc"
    IssueInstant="2021-10-17T06:37:50.963Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_892862a1a4b6b769167eea4243d7e0bb"
        IssueInstant="2021-10-17T06:37:50.963Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_892862a1a4b6b769167eea4243d7e0bb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>eqnGpV7JOm5LB6nU0vYl8S168uwMMSmDJaJEMTQz6GA=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>YE9bnU6tCtWkvr92kBivN0F0Onf8wIoradFevXeWG+azbw6gQFIyYG4Z3NaBIWtgX6RsNHD0aSzC1/9u9jyVfraxYXrp9tdRzzhWAJethAuJhcG/W3sgS0U1LFO6XSkTGwTOBYIn3s7QP5pSrjkaL6D61kAWIXrFQhIo6AwlkdxFh4juujGef3XWmUeliNEv81huz3iqa6wSF9ojXAxSQInUAQrKQJ9sodoKt/Mv236SaiFU6vp/kfFHbEjOGsiQyWlP8tdV08mIPPNH10ez0irq/YMIfBH6Echcj8aAGwp5e8i1xNT2R1WiTPiDNNKjIbJ1V8CjAMpKzFe18tbSQg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxQBKwCMsSSjEIpYjHEDmnP6GuAD+/ADMxJWciCi8AHMLCJP4k1bS6PdUuSPNNn933KYyIr/2hQ30V9cPieBRc28V1qQ+ORZSBewopL1zJ3ibpt0lYFw8hBJfwi3a5uiKz4HkMVmJZ</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc"
                    NotOnOrAfter="2021-10-17T06:42:50.967Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:37:50.963Z" NotOnOrAfter="2021-10-17T06:42:50.963Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">p0lKvFva9R+QtLJAdK8whod3L5lZJOjwe13Z1Ltnmf4=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:37:50.960Z" SessionIndex="_eb4c4c32f0d69d14fab86980e6915418">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:37:50,975 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:37:50,975 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:37:50,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e03a00465464aa049b259072b0a26166"
2021-10-17 06:37:50,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e03a00465464aa049b259072b0a26166 and Element was [saml2p:Response: null]
2021-10-17 06:37:50,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e03a00465464aa049b259072b0a26166"
2021-10-17 06:37:50,976 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e03a00465464aa049b259072b0a26166 and Element was [saml2p:Response: null]
2021-10-17 06:37:50,978 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:37:50,979 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">p0lKvFva9R+QtLJAdK8whod3L5lZJOjwe13Z1Ltnmf4=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_e03a00465464aa049b259072b0a26166"
            InResponseTo="_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc"
            IssueInstant="2021-10-17T06:37:50.963Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_e03a00465464aa049b259072b0a26166">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>xJUVFc25WTONuy6yith0Z9lrZ6jp8eJI7Iqjg495J00=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>V97blJgloyXF6gTyif2U4YvnIOfo+AXwauHhKcIO+BfjRxGElxBzDh60gM2GnN6C7/Am4O/l0xRfUy77cSqyKjdVKo4FroEcLf8nD69BqqzI+CP2qzGBOqdbL/fRJrxHdVkddwUEVNuVHXEnOkLOjVF17LjIlZ9x/2U4Pw4pbyaTBq+Z6YMsUuz/J783pllKL1DqT7yuUE+/Q/KckSSXja8i/RUg0jzUj4CNaZjcW6TzKZV5H9BakFrbNvr/OwFtjm9wSvxV41XTjWCIpu7xkOLlWtH+NCiPXXSxWn7K9Xg6erJrDNYAt0hLo2sbnDZMlENj0DgbYud+HOp4GjVkig==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_6b82faa76edd5341ad54a1d638365658"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_e53ce9ec74382ffe93bb2dd880d57012"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>VbYRAAHGBKJMjhBssLd8JjtroOuMvnLrHkeo777Pd1GjvJNuzsUfUN2bnmaGLsIyMv9azFBvIzaAzBxi8qYApNXLZnwpveXMlLQ7fH3JyvQIrvmJP8UW0D2fuqiaYVwU2US92itIhvYxc0JX73bHF7d3JNUemukYsQY8+poV0A1ZeeTA/QvuDKA/oHiPZTxgvo7FyfgPl0HiD+8C08dawMLlMrt9s1Ojn+E7EwIp1VtFaBonKWHT7+k8VtFnxqaHkaR85LkfJ3kQUlv4cr3Ax5H+INfMion+23WCY3aYZ5ElctTgJSioxNulQJ6UUM23r7/2tzAWAPKyPB9q7fJ18XdtxjaNTVoMNB7sqvhZqGXl7mnSIkv7TmA1s130yFDlASVeOOBETCEeptWMbJy43oelBhLgyjUW3xjMsXIL1wU0ig2xsiwEKjWREgK9U4u6hsPOSc70IalpNICqRmw3doKiUyABmecf7WzYmKvnZM8+xAsmtSj5yHvc2aM++z3IYFO2EwjzD8PZFTF2xbG4+3flUGCAa8L4KsnssB8FmZq/mL5v2EVDRUiDoestamy8gU2lLTgRt9coiCrYAfGll4yHTuCozrL+t4NGLWBihBY492wMblKNq4LkTz2HbE5/LhxCWbUPxQT+dsbuOJfRxXm/u4QnncFIS2B7zbEgAbU=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Dkoc4f4zPhxlrVQ2ruCzaF1aNsCHThCREset3U+V2kw7nogiWewx9gEO4Ff8OFKWf+vOcnyovzJ9rD+CwTsGwnIpI9qTESih8JZe4Z4+L8dguxdiXA/QmmppZBJgnOTeVLHMILaQdd15zWmZuA8oE3DR1jgf+Z0LWVQubZCdVLphucNVVf8SYCtPbtW5PwTUL7X/NkFGlFDf96xHuCB2s/X6GWKWWEctJwBjvPSdOMHcEhOp0ln0WDFGywBY3EQDnhhVSuuaNfJ0Lx2YqEDidcooPRRJkW1b/WSrTreCqQ/qxiZJ9hKf9SoZt/WyQ2MxfqcdbQPCmFlNTeVm+DzVULbQj22NqSPg7AAZZS4yQgSJ+umib2trPaVNZ1BJJSdE59uiJserT0UcKvOfR9+Vp+WuDRdy59Do0pkjxacy6wYEkdTlLv4dddBsiDexLC080yGvAl6QYwI4xgimK5b7zpWCFZkgaSZqR3RUWBW6KNrPttQga3LCYQY+H4KvWKOvMLN7kkKXWhE0MOhmk55ck2JrmZMfjtu2pte6KGctTT4ntDqBUM6H0xyEqLsImIgYBHgGhLBDWia2t+ezK+be4ce+7phaUeIwWVi9MJzcSURbPEDV/5mGBYKl8vRq1tswX0XIar/DFr4MmYZgKTW/pfAEmxD+kp8pHWpVVACg4dKmeBsB4fyu0BpPYNmdX3JZ7fH9+B7xtQdVrGVVgzbMqnz8QotT7ktEJuyykneuauJXPfV6pZJWoEayYKizRK1fP6GUUuonzUGO8Je3kruuF881NswNsMHFz+E7OS6JXVJDUYpq9w1M7HtBsZHqziuGZgn2CfmHhu1m39dsniokvtoNC9hVzeJbugF8SSoSUy0F8yXEAuk2Pno73iXK0kYeG8Zi2wKmk2JcD3HR5Akib48AuTKoHFeUq79IIeCLAA/3iaYJR3IVSRIc1j/yWq+OvFQceeCEYDN646AJ83uUXGPnhfXzaJjhTkSUx+s7QewjKein5qaAggn5D9+acXOWcMu5Oiz5JH1rWgp4KwwxKJhaKE5pUcQ1KvxaHMinzTV16ElLCFkzc8fob6yzdujb2ppFyqTKTznFbHnCbdF4NPO2ZVBOoywuECU8Zp1CCI2maqBrvyfwuFzCLVblhIehO54oB9pzv0G4iotbqkXvF2FAFeU81IBIdTgUzPw3PUyZmZiuKo8bazFDQHsOb0VVAN+4NMfomdboQF+dHEGI0V+NmqZ7w3xC3SstDU3bCrBAmtNyJhrKzGpPBSGwcbGSrJtjn0ILkghXq+pIRuOtAbn6/uO0XJ56EReq+2wVq2XaEKn2g1oh+VXFRP7ffpQ5UwDNJK8OTjk7cqsr49XHyoUHgoOo1moe10hBT9LPR7NwgyDZHEdHxbBoinTVQKeigovzo7EN8nxVOHHcAAnmaaeOkwD1N3Cgtw580u3GLzGfsexhKFBLxjZDstCaEE8OawEDyPDxKvP9q2KJuRFp9ddGhM1TT+vm72kpc4YIPpYlDfxtvyr270ArNj5R61E/Ywz/iyiFVRfvM0Sww1mLbb3o2oA1uoX2QQXPjRrawv89UYw0Ne6CmFnbnhzTR2ZyfiZTZ/ucCZYtaU61HAPU4I6Xs5nH0ADF8PJPzr3qIhKCegD5n5ropH51fKVkyeGs43ayjmNHdGqgS0h3rTSOfJq254dy1ODLWAyP2VZ2OsRSNeFjHTaQHKAs+JjkJEHlYcvigRWDqw5GTri+iwC8gZERCuZbAXXLTCa7AOcX26HHJhOkm8GUnZyxmg2X0IMuCBCaKrctbqQ6aQvFXLDOJFJIMsc+D6TMzhyV+e7lN9AiSfhWqf+NDkrxzxdkwtzClwDp5qgBWAv8OFF7X/JKTaq8gX4nwItxoOR1cD5cwYmI4NAn55HO+ftxCkPpKlIuL5dPguNo23PYuK1c2bO5EhKnDes1FEe6dUsQ/cWGZMF39ml8iI1NtNDuY3BuVms0lA0E+9UgDRoE6JERMj3Mi23lwvlI9C4f9lchwLY1BwHwheliXmqdwTPM23VYGopm3KM4gJ4y70fsZrtFol4e8Tv5IYdPYfdLsz1O6r5jevSA9oA7YXXpKcWG0In4+dWGtnS2bqjZcIzsSeI8IJB5iX37q9/nHXMc1aG93LJFFFD8psrGrvojUC3Wn7nzLj7KlqsLXIjQHCS2UjXFYM8c3OLfOjNhcamcwLlYwIbQS3CwXeIeYSv3mTyprK5Q4B+ovubKWYpN2Fo5coEoV4JkSI3sZP9grod2JL/qooQkdNxF30aCgzTid5n7HZvXp8d4BXqwVoyPrcL2WNt4qvLirlbls1KSX57sEOlGB1eRXMDmrK9x0kT3IYNzsk24VThBvcgZA8huNQB+liwfI3bbtk6lQvaBIDuwi/hMfMnrZNH17rQul2WXwUClzKXJehxdN+tteFehsvQq3wH3ELqilFwavEccqMwDy+HBwUYYdlJl7k3RPrDca+uoHBR0v+q/F00+YXh6YSnj5CVNTW97U5By+bBJJTFVqm5WmSOvNOvitIEqOa0IRtea5Nbydkqg1yeUJ10D7n24uA2vKaOA1gfE6PfCU+cQcs9lfql8HNFyzKuU986HhVinetcrAxTgPSqsiU9Xd3uXfuuK4V4A535ahkZQ/ytU5CZlYxp7yzwegPS7r2sAvRMpuySqmiy/iIe7iR9u2hAZA2X0Nv+v0LvQp7B7kMaCNSLp9hdd8Xfi+icee63HIFOHfL4TN4Io657C2ckK1rYhOEhBGatNJ9bjoUoMSzRnBFML8XehMRsKyXNkzN6ts0n4nBMsVYy0xtBSi6Fq8FT6I49WnAtV+lSBJx6F7Onr53fJbYpuVSBMxWx+iHOhGjNPwlr/RclimxkFBLmXIqa7B2Hm1EEIKUjCCOgDgcJaiZ3Otq0lO3WJzGETRn6DIxgepJbGPQIiMIo8XbKWxTOY4JTM1FPw4CrpG+ZTjaJ2fQ8LHVEoDBPfVMs0H6RDXZ4V7BGDKXDKvMCbZiuen7JskplSO+lLRgp8UOPZZfhcy5/xJZN5iMGbLCMm7kbOcGTevQDhollu3Dn+Z7vaNm0tTYAIuLtpeBI4i3X4fy3xstPVt3FSmEHPdxKIqRMRD3BCGYNE3iLo67Bxn342q3Xjm5icLb4ICSozVCvFJV4oF32UA5JsgJY5G6d/CZKCTYkbwMXgv60qsntn/LnT2Pbbi+NbIfysvR3hcZZTG67mti3FfQJ41sDYYvWIVPdJUadMphRwBdK/SoiMRaCBL+tYNpUXgzznKBaT1q1YDQzCMieu6FoEghwnnsZAMNwl6+rtyUhThNTfZc39SKiODQgLTg5e9o91rqAnpRvV0UAV1rmqBD0i0WjgA06VEmW5BjGsasWWPHHfj4dy99tOnbbTPA3kpevIZf0bwPRWsDWfq7nBujlfwHvcdxvvZZ3Isk3VO6jxPtWZppkWzo5nuvtE8JokRxAxq6N4UaKJ/6tvYsQIzvvTPHTs6MgUhQZ6rBf7YGvwtSScHdByFW1fyjYqWvKPUMe4/XQSaZbBeNUxqAWyUqQ5Xqu98hsI4dZSygyEISx7nHRZg7B83CzE6exgdCIOGWtRq9+mPi7DDtdp/+ghV6nkuo6A3jZJwmyMXkPpNmk6M1MaIDWS5VoLqRUquKX9q0HpPR5NtgYcJJnwkpDozgPLyy+pVrrcYYzSfZh2X/FezhOb+6ho6WA4+dPjN2txHW2B8fME1w7+tT0HMqKaAZPmsIIZ8pFuBj7Fio4995HlVQoyE6Ax+LnfkNznmWaTIVMIMK7ylxkomnCvaglntiFfbQ5Vbb2krheYf9xEBstzoZ+9zQRBjExQuxG2hyu6q3wLz2XlyMAFmZqCBO457l64lY+z+Y+dFdGPL9wfQ2MYu8TESJeNXSgJijQ72iVTWV44sRxbCx+gR8MsTzO4CdBt6Gp50K21ZfTby1tpk70ScIYktaVHPvOOigVoc6bFvoWcyflXz6q4EiLJmtsSAOABMshtOZcj9w6RLjanK0oYdIRjIX59jg4K2iy2AglSE09c2fFhDtNHV/91cdDSJWRGEaHLwMtUMsBr1jxw+z+m0GRvAl3rpvnBlZlSKLS3YjcY92U0wxYfcmfkiSU4Q5A3uQFdNYBmR+DA6AoBGgxPYLvIF8WPez95rgB2GXBbCGZwNfvmNvuIEMiRjLONkZ0sTWAhU7b4EjzsS41FWcbC3ND20xvLjQQWW6VMSX2OpdULKJv+ord9DhDT/v5MwAEHdl/+BgRUuyeOkMLcm+SWpZJTAy4mnOV5Hh65GB/sR4OoCv0VDmSxio5k0QyXwkO/wh4/1Nn31zgjs3JedcdSNsjRhpqBFnTHHgQYyqXjSKIbtRtxwfxzE72oYcGoefUngZoc0v6srEgqCnQ8yIHYaLNkUfbgyCOLCyv9p1WaKRyQVlsEReybR2HJoupG8OBsAAHOzr+HtIQlDPHwIX1LHhuiiBJfpoM7fRTcEMiakFQKVJQjwsf+YcSCbeAmcPxlwWExdqg2KWEl5z3wlOyGPZKW5Jsxwth8NWnzpMwOGynYxiModNk+mfbTjN3+vPRXClinvYowcTjJKwxIPx0WC/t6qgmcQyzLW6eMj7Pr8VygtBkJsevciEoyanWNI4RW72FfAvLKqjJCxfN1ARxWqoOjVlIjxs+jI35HIyNeOdtw4j/6pviY9sva8mR+bHdf1Nhk4GlYXkpfRyPFuf9jT2h3STshq0J17SzkKLBSJc3hstt5Ny0b5WqqHXPD0tQBMS8SUhG24jvP7eyfbDiR40vsEmmqPMt+rY3TOlKdkP8xPns05kFVmbyn6zbMC8F8oXFWwZuWo2WwgelQGsGdF2QqC8cw1mypPuDWzMNSEPu891NfpH07Rc7AHkcpUdg3e0st33ZPbjhc0hz4+gpvlrrpNYWgA6D15UPAmYhmesg5ZxwRqbbG6dYxcaW6wvfamLq97tj+Eqxutasg2INfiafbkGgDi9sPCH7v6UCiSd77FIQ7sziXyJ5JQPWoJVfii6k2pWsH5equZOgVbiiq+zX59J48D65StXu5CrvUzn1PWLzpp5yu/HXP8UE9nUQuAcGlObe0s1yDkG3geKhDUFhWTYGDiSO1ah2tG6CCJjdjlDukijFf+nX3WyPqJlLWyQxQCVYdbKjHR7IAI0HD8gvQs0YjnwZ7PXQtdCNGmpGvuUKzK2y2WLvshz5GAsp0WV8tvc/C1z2osT0EimQr7VTUk4RXXzXGasIAPGZT9H2XUcHfd24NOVIJRmSMk7+wF5gGkM1llzfm3iLcw5vTIV58dfLkO+K0LL7K9n9mILeUfDKLoxhycX/xs51XprkMdFNIWkSP2dRKthjNSOboo91MgBpMxWCjOqtnU7eLD/3DaE4TpaJSoSMjNrDc7zXm7y+SnnYaQtnHbjqHRDfceHAe6y0wlupyzWDsSOXvCMgzxGmO8OBEGRli4gZEKEo9VFkIv/7bPK0NT0H7egVz0t5rCTKBiTZjfkG1oc+0cEOVBis5ottU9lLN0t8b2p8HmZqe7NLj7C8QZakn9ngRO5Wf7fACYCn4Eu+HXDB7iVDtK/EZReYicP0HED5BrrFPIUi7FvkOyAtbIvPtsEYZJvsyzpCmA69UJ7js8+u7BQPVh0OLOHqUu1JGSVPZhiCLjfSAxCoZjIx+2pKTiUZeFJs4aKIY4Wr/CvVC5ahe87CsSa8rBzsKMZbuG9pAkDIRJ06ZVyjlbs+5JKHFSkrEoHFXKkvfRNds2NKnRDe1x+JMpjUXYN/ZzfIUgWeBR3W3DwEv6BE/X0qAzkLvszfpDQ6c1WTMNqOg/Nt3GT+FGZDhqAu6DnGF8AEjKhQmHkHUzGv6WAUF4O1gUjSU+A9HmqkbCgArJD+J8KsOgOFyz40HOR54Ip/1seeJERQ7XopDn7C5ZzKbt70ES01wIZVYGRSHB0S5hsTe7m0GcOQMLtG50jkGTKlYTZiYuJ0/2PcPhqEN4SwW9Gtj5RI2RQ+naJrPQFgY3YlZE7ZNiE2ZaZxH91YnQbAImO/8WudCbfsxbMO9U/DfnHKvO02Hwcif8ipCmWmSbSKiQcQByEMpndqsUoTYHzxYBA7wLZ9lA+yALM7eYryMX1senQFjkprc/Ka0150p5Cm165OO7azsNbD33E7wX8ZmhJUYwT3s0OL1kVyiCjbAt5DQhUUE3jaOHpSPyHKbujVYXbi4Bv8AhKoemu6AdLtIyRGtIcEutWWLhDCThTnxMqLlEVamiBkVtCxyWOeeCVJvUxcPxd+JmcHJvhnkSxcq/mD1kIQkFvBR7X/4pQxb1o2OyVHzX8g3pcVl1KDCCbr/u2Cesq3Tp0Hyutkkl+78/sUJjzF5pbwfh0uQhwSxchHTZFJqKgbJFbFUOwezyYzH7VOrG+oqo1TVbMAseVLRo7L12+MxVLW7J964Z2+/EkRMnNGJI5tbMXuYWdGyrQHy+VZ+ezdx889Gyuwq8YYit2rx+wjkSID4DOi3C4GtzGNIzgdYGWGMUR5FskC4V5Z2Ml4VXMH1ODBMgIpvpKCCeEHfNRFzBeWi4TglOgQHzwBKiG5j4Rhf/aGXZUSFzV1K2hx878HwSL4MyZFRE0zpx2p+AAJKumkygontZ2jopTRCUeh/9iXUYgSqfe+NVA9ZxTDvuHTC6H68Bky5OF/e05vVqF67hi4rSVvVSIXexZilYxuQ3++gfkCKaAMUB83PJSv9oYwVc7+KZgLySvpyiNDB2+DxwZAIQcjZ/6TZFBxWa459sqBnWFCdMwlWmIDkHn8TbO23f4q1mxKeGebCcsu3XGKgpnRsPzcAZy635APSLupzSmOVhi7dduciH7xRVH0nnx53k3RKxh1N1I3gsCK62+zKCrbUBWQcyzY6zPIdmiZ/cH0kprF8GnlJt7GaQJhfgWlKrZbQBND1qezmKIvC15I9SdxW1FdQECoXnn+uPe9KulImOpr/Cp1YFt3mdJB028p3lMOUQhdu8UII0/tfthVhhtKg0GutLgl1mZ5RFRJgnLsk+nRmEzRnGsNqn9j8fyqtSFVyJJKvQZ15sUokESwmDJkZs1SkBgJPfwT2wReXQuCycZGGC/fWYALv8CNvut4OAmJMI2wY1n3MRcL2efYW2nhvFH0tYavliLb8ytOMLKualawRRAk1Y34sXZVChrEXW73oaMZwhtkBpsOK6xFYFp4BEDAW8nkrrhrKiTnWyt8QfvcbP3FVAwzfLWQiXONH1EFNd36OnuuPUWwd7tL2EqFiFn3lBBiD4/lAgGUdyO5QodnLtmjxaJvcNigGWcNqacnSzgpNnGGqeh/LHvuUE27XinwU4OrnPVGJjEZgc28rucc7zwmN3ytp3333nsVutPqhCmKM/9bOYE+XJxHSJk1AUs6R/1VF9qreP5o0ODrxsXSJd5mHi9+HHJEtD4Styo/++6U34bcarIUP4+WNaJoFyzXToG219WyXeIa6Bh9mdwFlLjmQNrLZm+7BU8tBBdROnqoWisv/vl0sP3AYD0Hu/kaIdI9kaLZxwWi9yRjlPt6rNGFKUrdHh6QclhsfQ7cUlgMUEXvbPZrjkpIagLEtCuR0B6LUAFkqMSb9RaN6fMgAtGa/HuuEG8O3koe2ZfkTP8tH6gjIE4AS3R5nEqhFg8T3ZS7q+IS/P7beJ6VfXL9qbAHnijzT7EvrfL7wks4Tl0T1p+cYs4apMPBkRiJTw3dXpR0hdFBcvDzl/ceA/yiIW4SZ0U6K9IouhamIGqQ9ttFjYHRu1Yn4BuKAm1bFGAj5lmznavKE4OyHxj87KHv4muf1i/I//wN1qMBAt0BCwa/JlZESiBRQ+ELfnewmTkrdftnZrW79XvYk05NqajfpTh3CcLKnTswxpaBrESapzAOTWcIJs25PA7F6tI4AVdzV7q2RbMMEoY1q6XMFL03z6Xx5XpRSWWgGn3CibFfGQ1AhnIA0zf4UInkk8rVxQvZ0WeWbW9TCt1fiMdpEmA851zvLFty/Z+wULzlibMNPR1rt3PGwubcWVjPN5tgIey8+uGGHd22OKRkiBf00ibhXu0OdpN9pJMDlfcSnplxAl9aRrCQ4Xm43cYCaMDwKR9gdc0yPyZeso6NqMlPk1rI/zUYsg8psL41YFB0BlSZXoe696rcaGgn7hJYLXfDNprKTetjcogH4swBBQ/Y5BDziz9bRgoso18NHCDKorePSZfsCg9n8d5v6mxHVbiRjKuaBe3yTgze7/fGdJT2gfYvpuIyYSZeB9WYhKfOXt5y7VyUJpENWCYuRBRhrTUHKrJiCIb3Yzda9AWEpDP63JjMYW3z/mo2+7t+Y5v0sXHmpLScd96u/Z7ByAUc8a25h1a+SAfksJ2G2BFPutkZLm+MwL4xKm68GVez7nDfed/9IQDKrLul1mUm33V//ev6sAhZX2LqzuzkV8G3LK4ar1dbx/YTJRpTEEaiR4dG7d3DD4YscEGBnoCC4oNDg0/LGMg2fPBOhldTeFXfXONNb272MBSMiiZDvDT3hGWftsKWDCYwa2PjECGZX8LWo2rquf5o=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:37:50,979 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:37:50,979 - INFO [Shibboleth-Audit.SSO:?] - 20211017T063750Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_1drs7z0ao9aofvek9jg5unjx6r8belk67ztc|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_e03a00465464aa049b259072b0a26166|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxQBKwCMsSSjEIpYjHEDmnP6GuAD+/ADMxJWciCi8AHMLCJP4k1bS6PdUuSPNNn933KYyIr/2hQ30V9cPieBRc28V1qQ+ORZSBewopL1zJ3ibpt0lYFw8hBJfwi3a5uiKz4HkMVmJZ|_892862a1a4b6b769167eea4243d7e0bb|
2021-10-17 06:37:52,306 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:37:52,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:37:52,306 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-de.otc.t-systems.com, acsURL=null, relayState=null, time=2021-10-17T06:37:52.306Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_6d04baf2-8b41-4a3d-9e70-1033cf9ee139"
    IssueInstant="2021-10-17T06:37:52.306Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:37:52,306 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:37:52,307 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:37:52,307 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:37:52,307 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:37:52,307 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:37:52,307 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:37:52,307 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:37:52,307 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:37:52,307 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:52,308 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:37:52,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:37:52,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-10-17 06:37:52,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_6d04baf2-8b41-4a3d-9e70-1033cf9ee139', issue instant '2021-10-17T06:37:52.306Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:52,308 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:37:52,308 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-10-17 06:37:52,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:37:52,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:37:52,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:37:52,309 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:37:52,309 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:37:52,309 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:37:52,309 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:37:52,310 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:37:52,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:37:52,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:37:52,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:37:52,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:37:52,310 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-10-17 06:37:52,310 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:37:52,310 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:37:52,310 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:37:52,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:37:52,319 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:37:52.320Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:37:52,320 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:37:52,321 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-10-17 06:37:52,500 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:52,500 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:37:52,500 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:37:52,864 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-10-17 06:37:52,864 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-10-17 06:37:52,864 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:37:52,864 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@4253214::identifier=rick, context=org.apache.velocity.VelocityContext@48b599ae]
2021-10-17 06:37:52,865 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@4253214::identifier=rick, context=org.apache.velocity.VelocityContext@48b599ae]
2021-10-17 06:37:52,866 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:37:52,866 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:37:52,866 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:37:52,866 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:37:52,866 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:37:52,866 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:37:52,867 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:37:52,867 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session a6eaa9cb5bfbb24aebc331b6970a2afcbe700a917720e0d0c91341d736f1045d for principal rick
2021-10-17 06:37:52,867 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:37:52,868 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@20855c72'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:37:52,869 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:37:52,869 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T063752Z|https://iam.eu-de.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-10-17 06:37:52,870 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-10-17 06:37:53,048 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:53,049 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:37:53,049 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-10-17 06:37:53,049 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-10-17 06:37:53,049 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:37:53,049 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-10-17 06:37:53,242 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T063753Z|https://iam.eu-de.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-de.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1665988673242}'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-de.otc.t-systems.com]' as '["rick:https://iam.eu-de.otc.t-systems.com"]'
2021-10-17 06:37:53,242 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@20855c72'
2021-10-17 06:37:53,243 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:37:53,243 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:37:53,244 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:37:53,244 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-10-17 06:37:53,244 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-10-17 06:37:53,244 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:37:53,245 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2f89ed303fe95a12dad2568c4377d6c2
2021-10-17 06:37:53,245 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2f89ed303fe95a12dad2568c4377d6c2 to Response _e0635e0ea7dc3571d87243e0bfcea983
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2f89ed303fe95a12dad2568c4377d6c2
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:37:53,245 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:37:53,246 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-10-17 06:37:53,246 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxjUzN87mNoKRJlZDbjzlzJ08eWOPwbLFCNx3Lz9EH92y0cxOMYPOug3/QYeBNoOTBjIMEWuGLjPeWaB5udsoSaHzcItSpa1o1ydB+FxU+eoP1j3bAHrZF4qZ6OBk/t5sJmjWctLbu with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2f89ed303fe95a12dad2568c4377d6c2
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2f89ed303fe95a12dad2568c4377d6c2 did not already contain Conditions, one was added
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:42:53.243Z, to Assertion _2f89ed303fe95a12dad2568c4377d6c2
2021-10-17 06:37:53,246 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2f89ed303fe95a12dad2568c4377d6c2 already contained Conditions, nothing was done
2021-10-17 06:37:53,247 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:37:53,247 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2f89ed303fe95a12dad2568c4377d6c2 already contained Conditions, nothing was done
2021-10-17 06:37:53,247 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:37:53,247 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:37:53,247 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2f89ed303fe95a12dad2568c4377d6c2
2021-10-17 06:37:53,247 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session a6eaa9cb5bfbb24aebc331b6970a2afcbe700a917720e0d0c91341d736f1045d
2021-10-17 06:37:53,247 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session a6eaa9cb5bfbb24aebc331b6970a2afcbe700a917720e0d0c91341d736f1045d
2021-10-17 06:37:53,247 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:37:53,248 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxjUzN87mNoKRJlZDbjzlzJ08eWOPwbLFCNx3Lz9EH92y0cxOMYPOug3/QYeBNoOTBjIMEWuGLjPeWaB5udsoSaHzcItSpa1o1ydB+FxU+eoP1j3bAHrZF4qZ6OBk/t5sJmjWctLbu
2021-10-17 06:37:53,248 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:37:53,248 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:37:53,248 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2f89ed303fe95a12dad2568c4377d6c2"
2021-10-17 06:37:53,248 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2f89ed303fe95a12dad2568c4377d6c2 and Element was [saml2:Assertion: null]
2021-10-17 06:37:53,248 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2f89ed303fe95a12dad2568c4377d6c2"
2021-10-17 06:37:53,248 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2f89ed303fe95a12dad2568c4377d6c2 and Element was [saml2:Assertion: null]
2021-10-17 06:37:53,251 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e0635e0ea7dc3571d87243e0bfcea983"
    IssueInstant="2021-10-17T06:37:53.243Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2f89ed303fe95a12dad2568c4377d6c2"
        IssueInstant="2021-10-17T06:37:53.243Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2f89ed303fe95a12dad2568c4377d6c2">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>eTX2zHB37YGgXX9SjuWddXDyGNIFmBaSjWHfAyTqTbc=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>fhF2Fg9BvauM5BOdd0W7u+ox3EnUqjwqu1LFeICWPXC0mZjv2jr0ZlbyqafG75Bj/dcSAxEKNTsyjbLmz8eYKyD2DNojQcBN/MoqOwfnGuJVMx1sKM8i3M84JhR5ARH2iDy+qHhrnoGThAYRpkeYLzvA3SLVsl2LwnS0rzxlxo/byHUmXd69YgncXdY/e21ILryu/xPErenRhjuIrF0b5TK8OvKqdGtCqN3MT+NYLUihBLyZfxf+AHiGR14k3z7Vc8HxYjFaUIDJd22DbuVJaJCmHYAAHHcVamAZhsEos0KhxCXan26iRbAygXIljWbWrocwcg2DgQSN4dP7y64iig==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxjUzN87mNoKRJlZDbjzlzJ08eWOPwbLFCNx3Lz9EH92y0cxOMYPOug3/QYeBNoOTBjIMEWuGLjPeWaB5udsoSaHzcItSpa1o1ydB+FxU+eoP1j3bAHrZF4qZ6OBk/t5sJmjWctLbu</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-10-17T06:42:53.246Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:37:53.243Z" NotOnOrAfter="2021-10-17T06:42:53.243Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:37:52.866Z" SessionIndex="_d409ae1e1ab6064155c10aa880c09f7b">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:37:53,252 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:37:53,252 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:37:53,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e0635e0ea7dc3571d87243e0bfcea983"
2021-10-17 06:37:53,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e0635e0ea7dc3571d87243e0bfcea983 and Element was [saml2p:Response: null]
2021-10-17 06:37:53,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e0635e0ea7dc3571d87243e0bfcea983"
2021-10-17 06:37:53,253 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e0635e0ea7dc3571d87243e0bfcea983 and Element was [saml2p:Response: null]
2021-10-17 06:37:53,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-10-17 06:37:53,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-de.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-10-17 06:37:53,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-10-17 06:37:53,257 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_e0635e0ea7dc3571d87243e0bfcea983"
    IssueInstant="2021-10-17T06:37:53.243Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_e0635e0ea7dc3571d87243e0bfcea983">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>F0F4T3+yA6zFVm2bKugCw0nr0jxzkESNBMS0KPKttJ0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>MsH6UfoU4bONdw5+wj5j0gxoE2QEBNxbrIxDw3Wod2LHGdoZ4r2QOHxZaMc0iS4Ggo8lr463Pzgamn8UQ+ndBVBS8XTeNmj3jxNZIeh9JbcE2ZnX+7qtbU9kz6Jod3qZ8+uNRfPa4OTXtGjIuh7pOX5yGT5PhNfvmZhoLrka0ha95fuZ1YkAIcOq6rHwIfUPxl28udCtui6jxb61HVmVdMTgksDYENwUx67c+2fPsL79ltzTTtfsPpv7rUdaImU1fbyVG9vXnQPRy8AI4pX9OzyPKEk9Idyj9RRinVIatRI0KFOAEPR6sS+lWf1fsfJRBmjodK6f5kFxUE9WwJ+skQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7ae3540041b36e922d2815df3ce48ba9"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_a1d6db637820bbab9e08be8aedd2d0a4"
                    Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>KFChxtJ2WOHdZ+8lSfCdAqtqx47v6g/BC4NyJh06ws2rEsKRmtaYTmrs4T5HUQ2GQTbo8dYBNY5wevfMJVM2oHN6m3CblR/Ds2Yv7NbMN1o0s2/jQInojr3T4yNkjQg4rKgqAKItkgWNAsYCgAdcuMsXjUfrmMSWx0kTSOhUPVDblpnKfz0JAtE5nj7apzjr/QLUlQH3O0kHQereuZbC8n1sS1A7fjIJUK723XHne/K9TJxQGSOmzJWhMgMalAIb5bhlcO7yCYcnCsNJRuI8uvbsYYE824fwUDEFfTz/ffKU2LC1VPIdQmog9b65+ZcpipPHQedYkKficzX9f+oGClPYP9CnpvMaPD1R8Dw3Vm+v8bEeQKEE78aHvximnrftjWR9mPquEyNeAJymIAwsmVsagWy6LbNnmjJSaKzXnu4qsuCV5z9MtwJtYdIcmp79sjP4pI3ugGK9ew02BP9v8bSlO3SbER1Tr8RRai8PFFaSjkO8Yyq4xuuXG1zAMGWlNAZD+t9yTnDguR1MoBQjcu8GumxaGhGefHd+oiBWDynLUqxS+ZQX3lsM/XnZ+6vTG42ZAZC46/urLXFayKC/dBlFIQr2hSSFDNbgdnrRzZmlfHbdXq06ildlmHH5set0i2NYD1cBtEA13YzxXtJjqaKKm3hyJceoMsSoE89W2tc=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>Aion5HCW90XuYLzAsSCRkU0k7yuYe5pZ/TtwNbupjxTU20/wpj9QvezcWXGlsc+30hG1oSHUDtmf/0VkcN9pg5t2uMCO+8MV/lPoW2xtyOHCa8GgUr3FI9RKHRKVIqtwzgmZbcCP5A/z6CIfJL+dvRnUOQhi7wU0SSqQPVzKIHRyaVfznzYiRoYdb+vIiulvu05yrE72VmWb8p5qop/PEUyaoJi7bHnuO4cCjxRu6Xrb0Nt0OM4VSSEzjl/5KHXtIzfFjRzPu65OcBLSYuaqBnu8WNPifD3283oZTTfyqAgjVycTo+oD2daN8F/uXv5+oxMmRYu8p3kYoG75M5D9LsG6/qlfSS35+86svqbkIjF5LvMmIpwcz4Sm85AjkMQsBOLqdB/hqZM3uQ0x+CRzdCaOKoSbH8B7ylhEjef3V7R27S5BqtBBmeHHd4sI3rVKs0asye/okTl7WlulkVl+QV17gBHeNFfEWooHzuXZqWPyot2xVVwFhRQJQ1fCWbF+a/8ehCXpc/gRCIAK0f1k5Dti0bplGHQQi1pqrHiSo3n/TrbzmXPL/k4D7lF94cyPF5WWjG0gshaFNudLXmAFVFNNDhtNZ2uIokqGENVKX2fTgDLloa32Scq0dgsUA1pu3AK8IvhrPeogevehRUepYw8+2lZPzk7YrOz2IjBguzanOxV9VRO0iLs4bObxTPn/uHonFyg+xbyNrTjTNoa1wo39r4cKr/ZF23fmGociF2mKTmJMxIn132ufuoe+uYoCaV4osEEG8eVhX/Tt0yRYMShb7vwTNVjo1nbw1GfU2N7jbviQppb69tD9QXpiD6z2ysqUdQRQP3SMoORldib4hUbuEIwCMkmj9nWNgH8hZDmvKkX6qNNi+H6kPMrXvDkqFZf+dztXECl742/LEWWhDY2LdZvwRMo/vtma7evxKmJj9RUvDOlyTYGcgEWox1HfWxvT9rr+Njhm3T6kjlKOChrxKnDBRnGiVdQIsVVtrcEIsPMzj/n8X4AbOkiCiTG7tkcryK3Fpu5iYVA7wjQEz09Qog+UPBu5RDg/G9dI1fVpaMSd0Mi6q/amv8aLovODBrVQKyYKMs0CZcB3yaCbZTaYb0xEJDGbA90mYtgFqWnppCuZOyv6WEKjSt8ZiIh45HxGnuGEHaFpViEzTjQZZviLx6AObSfpWNumEz4WXQBiNN/QbC8o117Gr1iBnJt+8bTdiUse0gvuGEEM9qHF1IPehJJY4/JdTlEbc63RtQWcmw5+5de6MbdiyGD8K5EkjZgAnmVjdberb4OESg7KFBkC6llCEiJBIXjRyfxJAqAZt0AAWFzS3w13FkvDsBDaksUdfhs/FxbzqCldzmeoRJrLfaHEbQDGrpqS+iBGUd3RlOeJhcZC6WIz7LYzMr0eqmBFT7tQyGcTm5ZOVLzw5Oa/zk1UdklzC+C5KEMrkPIbhYBj0Bpr7WswZWirdfgmZMrXMRj5GgRpPMx83w9c2UaRSQsa2xS7uT/C8T2RMt53iAE3NCoyCylIUm+2j5B4SAxVsQLDMEsp4sRodmotm6GVkbZ5SnnNrPIOvq6tNdsjXz33czlgeCUYquHziEfz2szlKqNupsZfc/fUtPre5v+H43LvT2gioD8JapsJtLd82AWVmCCeXQSYz7xI7sTVTDHGKzk9FRfMmOfVMVsP+7FtiFXA+AgoZM/LcF+oeVVkVjfy6tmeZwn8Zzfr53dDWJW6qMtiYTzfV88od/SvEkqdsH5umrbrdsuQHeCgyeChUmSuLQbaXoo7HmFiWurr9P+z3INI+0eNLBUBDCdt3eGfp1SGdgcLUkL0F+OI7vv4V03wE1aYoXCdxbGuD7325rRjl1n6K6bdjtyHoarojA+lAiN1j4HMPVwEHb8UHCrXq5oxvKmOfBaozva9/0PlRAuraplHG/XsJdsDdpo/Ammpk3f8recH6EhHnIi6wv1aMa7qLGhn03vwG/u1PaRvLdW9KRUgmwapu84uOnjfapRkR4EVTDYMsVpFnceZQCsgUfbYIRO/ETg3guREWYFuEq9azdg6R2LEUHjpfNP+GNL5BAmHBaJDj6SIFm/VnBqIZVieJdwQvxfNKr6tvz8ISdvldAXx0sf59sVUXp1TqRkAZlLwgBqGAT5yTgE0v64mbw0hkYJyCU9aE+1wnHIFlNILxEEnSZABxHxZ7cj1FgNOoJr+HfuTazPZS45pXx4VoCfHZpTvgTkZzfS2d7fj1Wb1jskD4CcZQO52Gl5APjBrmO1fvJ6sbfUxZbNn3ogESq9xe5UYByL4Z6lKXxHErpyKlJpUKfnYFa3HRYQlJWS22scVs1rrLCmwrefC2/1ttFpBcRnDWUFUQ8m3+nJy068Kp6iu24ayklybsfGRblKzgux5c2Fnu/EYR9+eQ/x70+cxm1VLYzTIX2twwW/lvC3q6/i509Nh6rxny1R6DVhGWxzHxMZ+I3o9WxNS1lbdppFO+0PmwmiVCEcFsNdYspeD/plqg2oAozmc6BbHjhhvnh/s48TCjpe+9Fx+M9YpylLKmB0BKa5EcDEVQuMEPTV9FrFw8WCKYJEm5rUreJ5JAlGxDzOnR0OfhwOWbx/YpIE6Xok+2N1Gpit8/Ioq2MW4/L2hlO9Zb7BFc4zvBT3CiSr9ckh+wShsiEceqzSpoABNCIDyP5AENEpBmB8WJEvN1YEU2IyLs20KwzVG8fcOZISQA4fFvmWSPiCcLIDq/CXnlrq94nGha0h6Y3BhTpHS/mgTXB/Z5SMSdsNOx7B44PqxfJh7Q5tgkuy6Ngy03+AdBZn1Z2m0kKc8cFXVIJUomhGff+LAXJB/l3gyKZFvXIf/YfkvUkYLxjpdV06AFM6jgs5FRrHSebO0xPtqcspJB+stopG5Y8Na3699dzk3UGCS8mrh4DzjIrXJwPzjp/36BaqOht6rV+PSGW1ZCM9Z+yDSKk9ocsPrQkn+qauIiShuC8RVpF9lAnhsaYb34UVHDupEw/vbGWZnALvn8+gOKL8ya6OyAIY5zUP9iMpjSg1nDkOO5niZiunJASg1/GxR3PUZt6nac0q6B9GP5kb8sxWHjet9rhTo1CO0HduwBHJ3D1TYG8qqkdLVvuFRru5KM8b/F7CS3OWfMk+BWKvmTx/wuQEHhipJUyTOJEjmj46XWlL6Je3fXJ8XkHChN9jjLSGHAQ3HenZdhiTDLSpBUHNvujT4UOy3HFCHPHnYrGGM95ZxHY9RF946LRHJYgNKvZ/YhjKtuP00FMfY3SZ9Naoan2057pJ8wESPD6iGZ+etoZqaPDtYQJwDR5N1M1c+ZZs/MLwqwHK3jupAofItKcm/K5L8OGfaeRQIhSYuz9BWwuaVcKP26hDunEL7OYSuaN/BSTPwhXKZmIKH6Jcw3L3B2Ftu/s/CTatW4pck7xwejbgz9s9RBjjMXwSx1vA/qjED1dsWKwxLyL21wCIWyKmECSDKQf8Ao4UViRdvK+eanevE3ubx30mEMvPJ5MjTv1y76KqbXX7qWWG3gBqkt0zoqYh9sHk+5oVcSkKtvgO3wHr8voYfmZAzSxSVaSDpewWxxWcASpq7nMmxQVtEcVyM7012GoYRuYMcIIrTOKw5RGN9wdOHXLkfiUneM8XCy3A++FCI537J9vcmYN4jcjiLW9xcEwy2geCHmMkaNcKfwDczFbRUnbWB4A8YkUNbTv3B1Ay/djM2KenUNMPc3F6cI4WwMkSss5fY0KfTHqDabfjlawi/GjHpOuiJvnoqf23kfz+J35QIfr4gL5vqNfdKtEYZNe/JSfXHQ5ru/2NrDsJ3tpZR3xrOupvPkRIj+LOVP4vXRpGvDJXcWGdDfEeAKYn3NdhV+kTbMtWydgm5fHpzZk6GMG2IwKEIzOMaBeAIUuSA+wveme1gEph0S+EMA9ijPbtwkIG4i7dHNS0jzMSNQpEVYh0oaF5dKEesXvpEta8EZMHBfOA6FmbolRpVYPgcb4mk7lcXIRNEnZhtRMz77fQbtlEYrHYfpYYjLaH+PQginSoCo98kxiHAy1lDoFAzYQjevtO/nPZAQbEYvVd9+9nrRFu6DXNES00vUjDggo2yI7WaPi/N5BQgoPR7B5OVpNj/7EbRNNetwJUHVHdXDDR9ePVbUvupIR+aAYS33p9dCfKFuPtB+ZdAt5RBNMB+rn8Fz8gsbCx2zeeYpVD5GFSJFCAa8PtSkev0cuBirK4naw618FmH5NTZuDVfUW/LiGOCc8V41+9tBPn7srA7wgiaKbDKMV54Rq5JyVV4OaxOFKOHs6SYLFmq0XkY2Y7Z+wnhfxLpxwaxhFAA2WRqsTr69kFnRPe8WjkQlzldp9wUi+Ywz1M8+XbJaiQ+QiSGKNmBez4IoPaqGNHAaqMw7q9lAc9QFPQlEMCLj0q7VpjKKAacESMrW7CQgc8p58tpJyAT1KwzgOtEropsdEw7+lI8U7OGUFpJjaqRUOA+xfLNrW1xDcwj33fGq9KOq03nLM+9A/kdSB5z7k61289u38Vlv0tyypY2/bBE0HZusqykeBHC5SQKhqpySfGv2qoahZ6hMALxh4JAjqfCiAbS+/tgCh+vmgY1pTDt7qgECvZf8PP8n192FIAvKVo8qwNjRbsEw9YkrflIjmyaklfLn8sgnUWD2IM0mtBJSpTRcyXwswseobNgx4DEMQcjc+MX3mY6gTSAiXuRN4dPbuG/T+G9VEACtR5DybwTlsqC1KJVteuRwn6tRog1+3qrT2dvW6czmfN4F3nQRDf11TbS+gpI34EPmSgn3CziJlXHgUPEvuvJ95UdeKqyUDwaXTcxy2Qyzt8umFZWghVe25o5KPBaiTD2G2b2znlMNkuhTvXp+ubD2IihMrZakrrK633QKXYyIDe5+YihODZXoOsfo/Wnqgyw1izmGRJllGSd4ceaOveKnwo79UZaCTX9WJB0x0oG2nSMS3iF5BSVXdZqPC4TVHB7emfGUre8d0h5NuluCBN3Ll0sJuRq1TKZ/spbTUmoxIoG9nB31nq5m3q3otEfI5JkanPKSTRmsRXodVjH+P7CFVNarERlw/GMdub9jaVWZKH0Klzq/UijSrS8i+fuqb8YGM9gam7mdz0sUWS97BuBhK555kYK9pyNbHPKRxOBGmKfuM2QPz1yOctcSlTiAR3YsjbEVfltReelABIsVKNzh8NudetB8vFyk0zFbysUMrXLqXguWfC9Uf36Q0a3rvkEH67CZZXFsKBGdFOoOV39tILv4H2CIqL6lFEVCfqijbbuuiKvkS0WUaTVctPiS35jBb7SPvTIB7cBAhQyxI1cs6+WHq7Gz3yF3BQn+xasDvyrdMTne9pSFo+AJL3e/1CK7WlWf34aS9Kd7F5WTEl/9ZHusMB61uTjiJK+CPOf7VuRxz3qh0GB46M4F/AOaLDGIjFSjz3Y7ObfJaW8q444hH/1vfdnAZr7YOABPjXQRFWqJFQIKcliGDH3tWIUYKQ4MrgDc1nLZn63C+JeTeWLRJeKel5ScC0qxONKteQAPdbsH1VekmqlRhCcGiTCYFYb7wiye6o0CLTza7yRYHumDhvl4ZhPchmVYmGPsWMPWtJ+oaoB2aPG4a6Bw0K72veOm476C19xJvmGN8k5ae9lto0NwsvNaSvMpDMPwjX0cjtyNBkyl5ndvX6XkEqjchBKNggnboAml1KIiySg0pyyhAC9TmTbMCP+ETJwhT2c3mCfxMvnE5vNAz5ZEVrLiWOzH558IdB8nRu2LycN2taZ0dwx5qm2oNUb5321T8/MQBllNgbISjjP6/0+Gz71+Va+heVbhoy5R7H9z3O4rqvMJnlcXLecdmwGlod1oRjX1nqR6lWjLjkj3RfZLk84LXoZE8X5eHTFogqPfgu4khCVu1J0JHkIFp0ITYoGLMi91cwZxr5tCRtDU5FDGpVxpVXWJBNI3msaLCi+b+sbMQ44/dUZTAhvaxkhg+BllwUqnpSbhGtzfA0qbWxuGzXsFE/9kLFXPIaFmBfE3E2xw61BogzKgNeJMDQFZv4Cb5s/vx25m4NYt8WOhiDwUhtVUDPw1Mu6bEkt4YME99Ra6G+E2Id/ycowwHVYcO6HnP/6+vfP+XaiSs7IG8jP+M1HfunbgxJYjhIhMTpGZnAsYKuoZmjQpGoi/Ym5vk7i4U2vumbbisoRbdgGwd7k3Eli1+ITOpTGmeKpAMP4ySZsKG1T00+10VP80ihNtKSiVKQu9VTsDLpggAT8yIr74BmFLEKjY8Fx5uCKPqS90CQnvN8+WYXQ0JqNAiYyBorbF3M/dmGpc5cZmJ/AhnynKMSiiqL7fQkBRODqLyvMDnfleb8SD9e4hGYc++8aTMFvibe493Z/402cqDLeDUeVi1VaR315/YxsFulxz6ZTHmiiYWubuHwvYFRMulmI4qBPh7w9l51povh58xi6nJNmF7t1e7rKHKiCLEPsDbcsC5+UlO/c9vsZqwRH1PnQOq3FC1ii3gkJ9JU4+LPFYjAWaP8QnqjWjSx3nFlS4oT/LsNDgxdCHfneVtt8umQwUhEX4zfJbAj5mELWg2FooxzRZir7pNXbnXtHwhjZ/uysVUxY/CE2OEVs/q8z1oQ339NbPYF3v8gi3barIFBNTXT8xlzyv8elrHNu5dhXuNwjlaG9LUWcElCTWpMbr48tTBbkpJ0JgI/1aBM7xM/GQl7xhYKmh/Ou7yAvUhlHSK6Pda/tZcGDL2S5lgwSKxkbcrn/CyN36BTlyadAaEoZMqt3iKaRmOuHwuHLKCrKq0IvNRBK6P9nuYzpddr6i0WG9sYXVVmBb6AiPqtILvx3BD3iOgAShCgnIds21A4Tg9eFKiguODoxlHiTe4vPVHYPqA7Z11+RAy+Hj3bzK495RiqtjAw+AAUJ3rwZM+wNnPlYm0n2OfedUl/Joi2wQPgj4d9SDk5fb2XpygoFM2gNQGygsDO1CQDvGNQoFgdaVRR4U8n0XCLGlYSygkNEcdwyIkJZ9FYg6Y1i1/vQ5q5mDj9KNf7eEIJzmkXLTvVzwYd0fV+njH+j3j7BBlWgMsbaMrs6KBdjUolVbalmo/Dari7dy5yb4cUaYohwdIrDiJJrQEO7MlY3qyJ6rI7xbhatZA3qUvepiwu1ZNe72pskpTYxaALGET0Vvv0BZn/85+i8nk+hPMV7Q58J7Bmh5EPa55n3YU4znvXOkVZB0EXdfaMxh4EALyjCbdnpyjtpMQL3smAVSCOrxFzuDkIqX8KWv6+czSC04qu8QDDxgwVNH0HT/d2hnF/lx2lmsPcWRQXe2+TlKhCE7xIpm1GMCpj5K66HjX7uYLd2Xc8N8Pyfjg9hsNvbIpQjokcW6pLCx0FZhdnOXM6/rWXF+PNykVNEdbVAvo3/Y5krEDNNJ0/59vNsicw0/T7HpTuYWh37gLTNehiqTavbNia3nAl/1jXdAwt38ycrwGxYUYTb7fmLVvgoQCa637GOLsf9lugNtRPZ2uw8sfAfl1+v4NwAvBT8Uf7BSo9ENojfnKBwTFONojAkaWZBe546y3UQvIjsR+SVOFVOedgLzg7T/1/1md36U2NV/bJ3s+K8PQwlnh7eJcsUykVYKgWcM22xl4q8f0vl0KvUqEKUlE8jP5K4ULUx9PO6OzHWdnjzUcPJA66JhCFF11KEKbTwecX3BFq6+DPQIwrOwtM3UIY9+qDArf/2Ojk3QJHOS0j8Yl6EH7qKG8O4nBLble5xbD3R+t5gpA9GaAdnuYPNcyKeltL249kbkRgRXrIBvsXGMd0M0jjGbUJAoGEC1/nU0Lgvy5al31anQImeNz5wxxFnr/DrCt2nADQeCE5LVJ4zsaaRpCMygGEXQagr0pMaHxhTX9jwb6bxgW8Z7j/DQlEkhXOh0V+eKmPk+ozOye2+y5B0ljVIawsO1/JfO52xylBECBywAUQ5WQanSGm8ABzGJdS4+mI+t2GZ/iEuMTvTusH9PjkyXNlT9FR69qE1jWGUFzz0RTzNG2yo7oZY9o7y4zXDXaSiXAuTxBOoF2RI5g2wrihbecfmXpPYzLmmAgGT7VueQW2q0HEQSKDitaBtINeKZuIU06jLW4i1EJkWbB0+/h7FQjtwE5brDxYnOTTNBqGfTBkO2nVpu+KflKoM5FIwTDYcKLbikNHdYSJzSL8KwgDbzAp/cNVdrxweR+ovOMMNuWYk9myi0SNcl82TOtu/EveYFeZiV3GxkYhxPpcgWbjPHtgkPXQoms41FqFvlhSUb7eAfgNK1yydMNvUcuJTaIEVkOUiC2JC83IW2A==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-10-17 06:37:53,257 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:37:53,257 - INFO [Shibboleth-Audit.SSO:?] - 20211017T063753Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_6d04baf2-8b41-4a3d-9e70-1033cf9ee139|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e0635e0ea7dc3571d87243e0bfcea983|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxjUzN87mNoKRJlZDbjzlzJ08eWOPwbLFCNx3Lz9EH92y0cxOMYPOug3/QYeBNoOTBjIMEWuGLjPeWaB5udsoSaHzcItSpa1o1ydB+FxU+eoP1j3bAHrZF4qZ6OBk/t5sJmjWctLbu|_2f89ed303fe95a12dad2568c4377d6c2|
2021-10-17 06:46:09,633 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:46:09,633 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y" IsPassive="false"
            IssueInstant="2021-10-17T06:46:08.987Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eum.otc.icsi.eumetsat.int</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>3Jiv4hdlz1FWELbT6gfWyoiWYfc=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>ht7QdSuLcp9w9/UBOrOyrRMDnYgqsWAEPqxvEwUdqkmFk05pObm0szrrN8SaE6b+GGasxN5iBIUj31Is3k92oidgKriqxAPhIKCKXNYPR3Js6eS6mqBKA4VQworXUqEQRECg89caEAR/TJHj38XeFir9iyyto7Nzx6wyKBDIXFLl8i4AJkeh4t1Ui/R2UF7nR4pLyAy4cMoUWJPCOAMh4rBrxmez+BTftaObt9upJ4ZuqswqOnX8z9o8IhRGBj37HRw3ByZ+tba3AKxTKbAgZjVxncpZmBrtEANrFmhXYA9kFK8brLupSkZTRxIxhPEdP4QF8DGEXexOYnwLEmx2zA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:46:09,639 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eum.otc.icsi.eumetsat.int' from origin source
2021-10-17 06:46:09,639 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:46:09,639 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:46:09,639 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:46:09,639 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:46:09,639 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:46:09,639 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:46:09,639 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:46:09,640 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:09,640 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:46:09,640 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y', issue instant '2021-10-17T06:46:08.987Z', entityID 'https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eum.otc.icsi.eumetsat.int' does not require AuthnRequests to be signed
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eum.otc.icsi.eumetsat.int, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eum.otc.icsi.eumetsat.int' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:46:09,641 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:46:09,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-10-17 06:46:09,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-10-17 06:46:09,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:46:09,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 18832203621667587607088021436286230684931968168257167872795230405254894215980850067536154909197830631021596563357169939025141288325792903445779402655913743610932954428709105184576245804679342024583286736032463367943204530450706526245046609407626399621183218840286753119152458925964376259244052441725228698672336877726814951605086057990054643083405775848564675707375615835217627789844087955313900665870871521060397374272764412191674530995951115898094251299426642547742873614018298714848246841146385338889437961538915294437507286875445216218692006599199269372958584594878711118692775154075888222346153725342565601745161
  public exponent: 65537
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y"
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y"
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y"
2021-10-17 06:46:09,642 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:46:09,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:46:09,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:09,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:46:09,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:46:09,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:46:09,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:46:09,642 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:46:09,643 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:46:09,643 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:46:09,643 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:46:09,643 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:46:09,643 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:46:09,644 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:46:09,644 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:46:09,644 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:46:09,644 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:46:09,644 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:46:09,644 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:09,644 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:46:09,644 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:46:09,644 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:46:09,644 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:46:09,648 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:46:09,648 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:46:09,648 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:46:09.649Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:46:09,649 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:46:09,650 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:46:09,650 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:46:09,650 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1990065247::identifier=rick, context=org.apache.velocity.VelocityContext@1a4e5aba]
2021-10-17 06:46:09,653 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1990065247::identifier=rick, context=org.apache.velocity.VelocityContext@1a4e5aba]
2021-10-17 06:46:09,656 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:46:09,656 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:46:09,656 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:46:09,656 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:46:09,657 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:46:09,657 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:46:09,657 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:46:09,657 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 205318a4c9b075c8c3a866391e390071b9358c367a3cb24b2643cf70d0b3f92b for principal rick
2021-10-17 06:46:09,657 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 205318a4c9b075c8c3a866391e390071b9358c367a3cb24b2643cf70d0b3f92b
2021-10-17 06:46:09,658 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:46:09,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:46:09,660 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:46:09,661 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:46:09,662 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:46:09,662 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _27450a1fb89af59ed4f9dbd568e92be8
2021-10-17 06:46:09,662 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _27450a1fb89af59ed4f9dbd568e92be8 to Response _e8871e7622f04a77cb080d3df0e8f110
2021-10-17 06:46:09,662 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _27450a1fb89af59ed4f9dbd568e92be8
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:46:09,663 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx7hb+GDuYDK/XIA5YC+ShbkmlFwPXaUn8irtJ+P+0Dryif6YaE0Grazv9D3jL2CU9l5GsP/e9XAz0gk99h5olwAjtQL5Je0S//BAYleYRnM+Rat+UVNzU7HVXWLTb9mM7SzErl+3W with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _27450a1fb89af59ed4f9dbd568e92be8
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _27450a1fb89af59ed4f9dbd568e92be8 did not already contain Conditions, one was added
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:51:09.660Z, to Assertion _27450a1fb89af59ed4f9dbd568e92be8
2021-10-17 06:46:09,665 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _27450a1fb89af59ed4f9dbd568e92be8 already contained Conditions, nothing was done
2021-10-17 06:46:09,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:46:09,666 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _27450a1fb89af59ed4f9dbd568e92be8 already contained Conditions, nothing was done
2021-10-17 06:46:09,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:46:09,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eum.otc.icsi.eumetsat.int as an Audience of the AudienceRestriction
2021-10-17 06:46:09,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _27450a1fb89af59ed4f9dbd568e92be8
2021-10-17 06:46:09,666 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _27450a1fb89af59ed4f9dbd568e92be8 did not already contain Advice, one was added
2021-10-17 06:46:09,667 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eum.otc.icsi.eumetsat.int to existing session 205318a4c9b075c8c3a866391e390071b9358c367a3cb24b2643cf70d0b3f92b
2021-10-17 06:46:09,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eum.otc.icsi.eumetsat.int in session 205318a4c9b075c8c3a866391e390071b9358c367a3cb24b2643cf70d0b3f92b
2021-10-17 06:46:09,667 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:46:09,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eum.otc.icsi.eumetsat.int and key AAdzZWNyZXQx7hb+GDuYDK/XIA5YC+ShbkmlFwPXaUn8irtJ+P+0Dryif6YaE0Grazv9D3jL2CU9l5GsP/e9XAz0gk99h5olwAjtQL5Je0S//BAYleYRnM+Rat+UVNzU7HVXWLTb9mM7SzErl+3W
2021-10-17 06:46:09,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:46:09,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:46:09,669 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_27450a1fb89af59ed4f9dbd568e92be8"
2021-10-17 06:46:09,669 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _27450a1fb89af59ed4f9dbd568e92be8 and Element was [saml2:Assertion: null]
2021-10-17 06:46:09,669 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_27450a1fb89af59ed4f9dbd568e92be8"
2021-10-17 06:46:09,669 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _27450a1fb89af59ed4f9dbd568e92be8 and Element was [saml2:Assertion: null]
2021-10-17 06:46:09,671 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e8871e7622f04a77cb080d3df0e8f110"
    InResponseTo="_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y"
    IssueInstant="2021-10-17T06:46:09.660Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_27450a1fb89af59ed4f9dbd568e92be8"
        IssueInstant="2021-10-17T06:46:09.660Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_27450a1fb89af59ed4f9dbd568e92be8">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>w8H4ag1HlSnhPEvZ0f3CK9JU2G1w9Wp13KnSH3MuX3g=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ejFYqVeh7M+5LMCBYhtrwg4Iy870vvYt0fxbpUbyweKPg6fVx9ObdidFH/3UinTbanhSGBFT9rOd+h83LzBEu6029xxTI38Z+UZcubpJU4ToMny5unnvaKYdWE8ifwNdcMZoIUuf5S9LfpJycorJIdo9x+esUKuU4ozOlccfIChuBdV2qsL4yBg4I75SI0t7fO7KELyjlA5hFIc3kO2slbROE0KFNn6NTsxnbNKul46Wo0yo7zDVqT0H+fcx6d7KZXBX3imqVDewImia6Y5kd2iVtwi5cFIrWEO244W6kijU9eIEU/UJLID7Y7wOny3MjozQtJHvk3N+Mfcifln8OQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx7hb+GDuYDK/XIA5YC+ShbkmlFwPXaUn8irtJ+P+0Dryif6YaE0Grazv9D3jL2CU9l5GsP/e9XAz0gk99h5olwAjtQL5Je0S//BAYleYRnM+Rat+UVNzU7HVXWLTb9mM7SzErl+3W</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y"
                    NotOnOrAfter="2021-10-17T06:51:09.665Z" Recipient="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:46:09.660Z" NotOnOrAfter="2021-10-17T06:51:09.660Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eum.otc.icsi.eumetsat.int</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">eOxtZ1kO4vv9rYj2356pLtH3b5yr9iftHyFDnrbd3dM=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:46:09.656Z" SessionIndex="_a464f16d1d9666ec3770cfbf9185e45b">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:46:09,674 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:46:09,674 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:46:09,674 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e8871e7622f04a77cb080d3df0e8f110"
2021-10-17 06:46:09,674 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e8871e7622f04a77cb080d3df0e8f110 and Element was [saml2p:Response: null]
2021-10-17 06:46:09,674 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e8871e7622f04a77cb080d3df0e8f110"
2021-10-17 06:46:09,674 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e8871e7622f04a77cb080d3df0e8f110 and Element was [saml2p:Response: null]
2021-10-17 06:46:09,678 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:46:09,679 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">eOxtZ1kO4vv9rYj2356pLtH3b5yr9iftHyFDnrbd3dM=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_e8871e7622f04a77cb080d3df0e8f110"
            InResponseTo="_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y"
            IssueInstant="2021-10-17T06:46:09.660Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_e8871e7622f04a77cb080d3df0e8f110">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>bNnWdh57O3YXEtKDnbSMXu6aMON7LsMGiupEfPq7XSI=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>cMOJ+SwQH5hT4kGzTiMNkY0dLJnIx1iUhDcK+JGvT5xc3ZddwcNadWIpfyqIFFY0tiI/RKDC2g3pJOjiTr1/4ybTqV+iKVHoWq+ZCi/3LMIDVletYY8Bi1rf2j0n4adtAPHBCxXKzHwQEirH+oUEtFnZV3eRAiOLCQLUN3S12jV2KHFsIxmPEnd9F6Y/pG4RlOYpSPyPNRxpRoRIc7PJon+RYydaL3/xAqaU6V7ze85Hg7+LGvG4kLOgeOjd6ZIS04PSt+7HHXx1hMMUNgdKV70tBsAvYPI3oaXqByQg5/XIzjq0frqlohCm/4ut+5T2JiHA2n7Zt/1sQvDbSIAVHQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_c3cdef210165931dde39baa6ac0b4049"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_bdd205dd288499c240c4993d21f0f80b"
                            Recipient="https://iam.eum.otc.icsi.eumetsat.int" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>OmzTy/tsTGOLABCJ3VnY6/Hk+IwJfBaCJyRRw0Gryn33DO9TbXABO8IIcjawNDUkcn5oulA3ECySRzCP7GNN3aAmStp9MNHa7W8RWH77Lg1JfGxSFdbzHfAaYcWKPr52Q4wCFJI2eOWZ1OxtAsofhxty3jeeBlYay97FPZa0GDbODg9tn/eTe6MPs7/Viqiba2bO3CR0FG7Siuahk1TS2CkxWtQXaDOSzvyuFcVGh0/TUGa9cnfKBBZQCWd8JjaL9qBsgsdRVrz8ezI7qUrPdf+o8YblEsHNgOEtTFLgJcXZIVUUahT4jPhSk8lTyjKxw7upJO9y32enQHO27+ixYw==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>vXp1EFljQILMCGmNcfGNokaFKYKyN4JY+xxCQ2PWTXiUJfIykKrC8D0KuzXoq0NHJWocoSd9rYG9Jtpn3yPt7oJVHiToQlTu4puF5jm6wN09+KWUJor6Fmcwl2Eh/Rl+wTePS6BqonFg/F2uEbQn4F+ihRMGfSSKm8mgp8s+89p6J+qK4QoA4X8AXKD5Yh8X1noi5iKg8u4KOmFVa3tKEj8PrOEhykCn0Syc7XXuegI6x5j2PkefPwTUjcPac0GYQuyZfjuTRnZ6IY3e0rMKYaoMkaOvdAOFWL+ZQYhU8Y9yALwYo7mgULPj5q5Mc+WPJ0ULz34b2twxZDcMkcNBxvPAKNR7DU9a9LUgMhMvrnSPT1jS4E7mwZYKV887CNdyIx3KQ+85jP9OishEGizC/Mj9U5z2SX7l/1mEwEE1wI75W4ckc0kf0FLyawIUlnyk1EnWIkv9bQfiDzTufyuuv4ccgYqpXWAg1V4KlBv4mBp31mhIdU4EwQl2/u5Kysy4pqZVwlNggzBnHWX955Jt2a7iPMxBaK39UC4BUWOfXiXLXkdI96Pi7hr94+iF2lVBR/NgWhrrD3eIMuEGvFpucASS0ARDR0hVdfvY4x0zlwK3iuqCOBqrMm+tYjbxZErzqJ5/GlvNjreoiqTX7zk0liMw2iELvtT5ai0npY9WJg2GhcloDrGVB+MlikZiKEnqACCixNyRFGt/Q5cF0PXtDuNx9R+Ds1dA0DFAH9kJNDmYMae55m+Khv91YHzBkotdpbDb7k3pic/RTwpnGQKNJqXByO2/esU+0CeQBWOs/bMf4UKeqAYaS0PBtU8zeLbxdFOUlDx2M7rxf/sFIcJTNsevPS4KSLrXVQora0HE+lWA7iCU4349swLRTx/jDKiPnHVAqVriyDMSqCo5X94F7maylU8g5/gUG6cUXpXj0LjOtpN6/i7aw4C7rbr2P2YFdSqJ5L7L27hMWPWSvD6PYEY2jVheK0w1reAWqOimZP9W7kKMBsh1pMYZEYWyXpnXPLEynSNL2tAoQ2u/imQEffK6/La6rWc/cW9zY58j074srQMyhtA1iLcdt8i3ioP1uNRe5nhlMPf+4xRoWik8qUVH9V4LbbcOgE6Mvq8+a3giopGIzZT2eYx3VjWY/GHAEmJODGc8B1RNljkKrYediL3LRTNtrAbNkZ+3P3TlWpF1Frb0Hr7BSGMG+PXeN4EOV1/RHYchMQU8KLbSV5HHYnZ0/WpSv3XrDHOfHrM2TOQ8hi5glJNO3SENrNjoUc70K3An9/w+1+zRku9rk4Qnb8C3lOYsRQoeGPUfB4ftJmGD/0PFW2KVrRCYfJboa8xvJ3+AIKQRPDL7TzloXyi9wGny3KpkmJGJdJnM19HBx0jlpGh/OJJa+xAjvH0d7wkVgEUi4c2Gm+MkOi8ewKj0nwo2SQ0NypXJT7TPjjjpfuF63Aa6aTwcnnysTy0fSgVAShkdGEnCZulIusaQZlfMyiy0HoWvRJfWn9mwaFkSHHl5jj2VFBIUxgeFsTMiOD5Y0KtQbTHLzHLSqaQKlEI/X2m+nzgTB7/elYsFjAgU8nbXVRVbdyvqLxoFsev4MRcQSedjqsq2OxtvJ08XFmXH2G3MnGXEHXbWoBEJtZ3mTL5Es76YptB+LwIcV4mjwpY7H+7M4+Sf6xruN9Sg6S6xUefgSK4PSE1A1JXPub8KReplT4p75gSKyK/2skKPmOIPZV8i9pU8HsFSmRQRTzz9fBwQHyMiHfYOldJvvgiaTDNiJL5Q+mJG/juhLDcbhNSeGdiHAo1oaOYhxn6w5nb8B2fwNto8ImdDuWhEaBjuxoveUMrR4mslgNRVIzKWJnsWjyVlpCNgEF4Y06YWzGpud0pzLOw7VB63A5JYuv4gOfqMZkY4/vGsVcr1ztopo+a7RZxZuj+v5PE2/0X3hXUm8UkR8UFlGtDfPpu5kdBrPqW1WTUN7GcRQKCOTyBW0+55Hf8wUAx4g88XNvgpCkfKKy9TYrO4mejF0/FZa82HyHL0sN5iaZY9vbekCFXBTjecnkGd08VTRXdY7RghCPisjIKOpW49iBc2PmVNCN9GoC/mIQvn1539ycaDOP/OY+xXvS3Epo1ffuzzJmGK3rfqIjGBxIgSsG8gNbG8/6lagk9TbEPnOn/eFT3rdfjTCRioSlkV/es2bd4qaBQ5lQC5GNNXInyhWTUh9ZnmVQVYEY+SDrjDy2taVo/ZmQLYrUjQD/qEBmVBshbArm/zB3t4HTx+QvBgR+6rOavxbp7C8OZyl5K6WTQvxvADa8j9IE7AcGsZgdAx0CeCxbJrMpKb4KpAnluDCDuebpgsOIr6noUIC7nav9b4U2IQbimn9bR88aaNrepICS4dsVanV3UySHs5NrYoHSFYiwBRSmYSRRMwWm5qmH4YwuPk6YpG1Pm405GqS9NLCgAYYA3FRNBv7EZ0O0FG+RzRZM8m49M2g3igH+m4WvC/oOCG0f5gfYiyUG8oqDIiQwGMFyTixKRcXgmK+YfJG816uveMsZlineBkvkl11S/KiENHxh84wtq3RTs4rIjSj2fQ5A/IFuDpEdgasNdFcDdaf5Rj2dhaO20Zh46D3dYiBVX+2yxqkag7VlD+GxsOBP/mjCY59VGVguqhxerSYJRAN80zhYFf77JOn29GTxXAl0C6uxJ7oOJiGE4acIEVWC1jDhBSsUCYYpY+h5R01Px2Q1Z/+MNQ16yf0LbhKlP5EJtMs09ryxSa0lxecp3kR4Tb3PQWTvoxlqj2PN0IrOF/J8L+rpw8uAC6FOi3tM8FKNRmnexk8VJeQ19QannTldVsciX1wtpoHFZXHHUeDrgyKIDMG1XGHK8zUi2TFzonOaXDfzusHeMt394KpN82/VkalMN+dEgmEerjqSd9yqInFIBspYwE6trtezAJjAuH+/dwtMobSU2i8HFJvaMfFDWFIQmi4UPPlRGzaLZRSkffb/7op8PPIDsXxUW08FlxZy1NvC1OYgpAgEHsI7nSTJw7qNouPFIwOy/DTS1J5Pht4FfzturlP5x0TGZAW0MOGfD+ozdb+SKjAyeKPw29iCMHjZwZ0Es9LwhKgFEHS88JA8SXA62AZp3By40nX2X27/8MXeMYFuAcGr9rbqmOCQpmM+VYlZEbG3YSindhUJC8/9NtbXJHuxVMhwKSFcrKGt2YE7CFGWgECt6tC1zAfAi7O7y68i5YZSrGjiOb0DRMRwT2mXh4xGxh4geUGHbgsyF4HuxLyqPOO81tC94ExVZwiaEf1D/82kT9v5f9+yzu8GzS1lvznAwl59urN+GpUr/nthLa2ar8isQxPtDTBxY0eFHtlll0SjOpyNkQytOKLM3BMBtCqqyOYc6VLO9V92mLBZe/qPB4wmrv1BOxXIucBk4hP5XIv4ABshz+0E8M9haRwvDCb9cSEjKK/aq/FEwSWSCtYee+/0vRXizgkisEm3IpdgoUmR8EaGDIImH8/4sMjsMUjAg0eZlpBtEAhJjY9wtS6o7msvFQpC/kGOKx8B6gxGjKzAgrZrSjM+G5eTeDZSlJWkxIIkfulhjTg67yTID8i5zq9veT636jSCVpk+49BxCpiRbUnli+jRooUY/FSXfBdWkc+/W/4hOsXJvL7UFv7Ba2jdzrLArG9EzLMJuhwa/H/XrHKhxF59TnucD+QO+IRgdnONbaENHGUYWipkQ2Z0s1hqYJ6xhtw15DZHYT0uZkrI9euHwT1pVYFLnJZ9o2TlQp5Mm1tyffENJfoBTLWr+pgJurJOdDQVauZKykzTQRQqQWScs9BACJpWCRtaaOYYU+Ri4vRtJpNtJ3oQy9qyCh7UBWt+648OYxkED3BwYcxCMhp2xxqknzK/Z8FQeloUCuhYECehJW8TItqMrgUXx+uD48wOtQA57DkS6/DfHJHL7f4UMseAGRUMViYaacCEOVB1zktgj8iShV++xdsDFVhDIate9idL4VOGk6GpvzMej13nG/3KmxIQ5etwrsNjK0FIAzPdSR+IgyLzJ9eRftwnLZd1zQ3xrY9dqyx0pQBZI4L65LYBWCI0cAMtma0J3iOMRNemMEMzvKIav5lZDOP8DiePZPKTWTUgU1rj3zGE3LpTkM1kzmJSMN0LmKOG37x066qN5gEmSt9C1NBEZtuK0F67PPQBthJNUCWMYvnh+2RhYq1sF5+BJdO6wrrKIcwWNpaBvhGfTETmW394iPb7HspC/yW2U25KNmUUtMfmxFigGLmpp/YnmJl5v4U1NtdNArZggPi4yLZq2WkqS86YRjT86IHFz+0rxpULq1VPFvrEbzPRnjq6c+njnzb8k6CKSDGZHGtBmUSqeiXoO5gvgvZeCXWvdGb75fH5dAhtxXrIotDo2PkK8qzZ2GHaXdrUzS+bVh60syvp4i5pcPav9VAMX2MLuMtuIQiE1VpGb56GXqBRl9ATEcCas6tAjCHUKhjNw24KjQm2md/swKsf2hD9uL6CQ4YEhsfTWmSDnixRnBaAHxG18oswnwFniymyTb1C1Mot4Ma0JwYA3t83TsTf6rL1zNjkJN8utsVvg8UAKl4bJSzyCUIVZKL/rxFoSwUnRMkds3XSz4qmI+L70lpP6YQVrR7Js++MBNFt8rRP4WRibGZFqF2fnqMxlzcymEn/UcJpD+AmlPAzaZS6BiUC6Cy43kwOdXdDOtCQR0RLtizbN0Ssjykv/BEWPKctOHC0SMdsFOF98if0/EaKP6VWx1CYc4qKdqZTLO+FYmA6jFpZuqBuKBbrJrUIUigDwqqZuwKzsgGYhIVKkwPZPG+YZR1NLOCCmBV+sMYxArG9fIt8JZi5c3nYxwT0Oka9YBfEc8/U050rp5C6EVH26EZqr5kzE6XqRGZ84JXL+9GnksL4xsSuF4R0q7CvNgesIp1bjnSd90Q6D8FFYwz5qaCJDOqW+KxBzAF7v/lbvkpxYRNPXYXJ4Mq1znosFcdYgQC69H+vlJS9DCxgXH31q0CV98QlWGa+2aQlo+sUUBmu1X1X/XNMdTp1zjjzR6qXWqnfswnqt4KXRG3QoAt5mIeazPcvMPAGbD0DqOznrzzWPAQcABGxaXHy+4aVhSYR0y3nIqxRVZItVaci5K33k2agAgTnEOohF/slz48Bkv+vMpgq5N1mlBPKWnbpxOZ2Bk42/aeG8tZ9pRhYrdRfDm1ovRw6WwHJ2VeTyyOtfUusjVJxJDzj049q4pR0Oqtax5DSwC2DzNw69GjXa2mMHuL27PeB+6baCBIJY+rGQAzmaCqTYWL6jiWZDfEYtzpaGedI2AXOFBGtFdotxiyEXxltCaY/tYMjNFNVV8EkFPqLG9AZcQ5R+bW/SfX/WqVenIhG2wjKlGz3gPA4WBOrauhOZPkkwqVzsck6C09oKtqJjBYrbAynLoBGrGdFbwFiWIK5/u/ayo5LYIarWUZM6f3pJIq+9rvrTV5GXlNwAxUGYRHqbpRL0JHRRV2HseBo3LqEdoDcWB7G7OLB6WW+JumkG2CNuY4nQwmUwbP9NIz2iaCggfAJeGS5rV+0U8qoV4JgYZn5kwpYrkX/2eI/swZ/BNcmcsdT/qwP1kclnFkw4E/c52toMdB0fo0aQcSebQ/1AZXhVtAAgaAGTVlMsXWR+69Vb4B1ORtRGSLixHS/Bur1hgmopqrlcJzCbbXSmM39Oul4pGUqULLmUh1iCDluE/Kin6BpWjpbzZlUPSZAWrb1Gm0G8IoeCoNMfTgBBWtUS/XbvFD4WRN+8iI87GIILvU8heRaw48u2ZEAT5Rc6LbhuoahXW1C7EbhAuU7YgGsXC6K3M1dWST98HlpOO4D4+6xECirzcY8AWhcAbwVHS8qqYTwV4C7RdgZttTC1AaSo0TAIEddEgquLmRsh6a3ocJoxGnLlWj16nUuyGMWlBTYNJ4iuZWpahkApwmnnfVpp1DTrm2ElznFqFbpwmZ4sviN9svAK1P2swVq0sHH3Dkx0TX0JMVlJvDey1gRZLUY+0pMFjwlKnC0nd+O3k/2wcSY1OyKZY+DBGJPgUiD+WlbXeZGa8GSQTV56yVGvkRyFZMD9lAR6TMm0slfhwwIFcyTPKi6PO8YGk5mV2JUqnKpU786NDvumAmZI7SA+0KrjDpLdyY/JFBItB5t8vfhjJRR4a02cs6pgXQ5rBC5QLWSIIGh6kpcuq94C7XuJgDnvWZBkQBjHYeHaZ4StX0d2xwFuCT5keG0hu8yOKgjqid/IN1DeGHWGdvqUjG+e22PxNMCzBl64XWAP45nwac2NftXQpgGYzBI4pfgCJdZoLMLMwpwNditOKsb8it+ioTO2dS9r6l+bZVC+J5jAlWTBOBdtqardJNnZrRLVfq/wysQvQTcC/M1EWuYYa7gi36PtZRtjtlxemXIkn+VP0Qd0NTB3JTX9LGSDoZFUuU6TbS1AFQSCeqtrY4am1gtVCXxX3WAzUIUi9ECyMUryJkmmLgMRbph4st0/cVsbg0xBihv7L//1Lz2Z3alNdu2VIEHrJf+0i00uIJwB+Py0Hx+BEeHIxHXG5L3RRUQU4g5bpwUtYxeyLu8lUD/phiVmIHB2K2p9zriFBawbV1JXdOZM3oI6OHuLfFa3eHnWXkRIufXi35xiqIRQoUcey9MvZ119gWbN/Egbi7mKAf+Gzal7lDXuX5VEpGpkG1OHp/qbGt0p1htcU6qO84LYpZ5VLEkpiZ5hyfFsdrBIEjEay1ra8H4LUE8mRpVzwA6Bwkqc9KXJRqDBynvRC9FukPw19DZXqS7HcXmtAlYrtTlGaL+tKhhfb2ES5jrUHipvoZvZL+uWXesYw8LzWIs18ka1IUA8HpjJ0+dJ4ucY16t5RymknHznHFTs8T7vndOGZ+RMabVKWmIbHF9rGj/Lr+uNkezg/JsN8AMWXKm3nb1J/GHhY1w5EBj6XiQWuYlOGI1nBiX6Wi4k5ez6lJ+dbwpBYRo+nlzw9G9gnDVVJ2/edzGKM28LTWppv6PM13iWhS/QG8a3pzXndNeTtW6P6Cm2aduXgwbN8UfdcBwaM1rX9uuo4RZt6B0lGXjMeBrkqiwpxizLd60ALeRk4VYidYnLIdDexMQqGhEjOFQL4F4Lpoa31GSFowxBtcQlZo5mMCrvtbuUz7Z2gD8oNHMFu6meWmOeE59bS5gQ5VfTp04r23FH1ylH0b1n+p/z5QDgTEF3mmwIn2muy94/gBwE3F3b8Z13B11+dJv+08ehrio6A4TatI0PWDq/vnkJ8BpIS0ml/eegluhrQUm6YtllymfAoQ6XtMMg4TWY0OVr1JBMNjByUtwWSdbQ0DigHX/+bcdKGymxXQLoONHtC+I8wpGpSHJJ+pArVTpwCtVwULr6JzXOgIWgmqgo3+OX/45uQXxqshNC4JFYzPRWD8WGWvs2TKsQXzM7UbCYnCZaKu14aLIgu+YXwaPSbr0hR5lle1jtwnPWyfQCaxRyFCCsj7SxkqeBSN/SgDZN/wplaqEyqr8wNTcNrlB0fWAlBPJ8qXGWy1bDilXT+5YlCHmr4swRvhmww1cUhIfwxXNhaRMPUiPXX6/E0fDaQxqR0zDooOV/fMQQcnTYTKusuKJB2sl+3NcUZzpGFyvWxz4s8HqcUkzlQ9HqwO/IMQfs3bI0K7WNZuKGTyyvjfe1/mI5EQTDl2+bZUgL8jXcv8PgB/LE6R+dx2uN4HLPdi+DHSgecTgrGuh5LCTuvZ3vZ8MqE9qeeeGtIvussbAdwKF01KKEmSWOwQsTrREl5N4MUo6VvkYtTf1HHT7VThb0owAZ29X/67XqCugCnVROorjJ535iRGfFRblwj+K/gOLzWYLNaOPlFQrF5wHMNOMOMs3zuHy80JwGOSXmapeU99wBQelyJxHpk3dpgpSowlKoljWDU66M0B0YpjelOJmzaE2QF1qq8fCXPguTpVyTRqhrSqtbSpyW4ONxWEa0G+ScZUfZL1v8+7Jiy9v+/19r5juodgg5uF3WX0aCeytgRRVGkBl71YdW3tvDwXGffeffDuv1r7+KnuURsWugReMYLtSBObPaNk0c2RNJk92cq9HTB3ExColMj/q+t4aRqx9hYkjjCJcWJMiINxaYUHn3FX7icq4XQOTjwSGh1spIdLa9tEPP4lHopG/ftF2S9qrL86t8OdNvlHYQ8EDlCtMh2kcRD8pzG2feB4DqnUnMnbI4H9OFBdWTe3C40g6vzfyhpcWG69LPyTmzLdQikPG7UbZ0bmYHxuyXZGeWz2QFFyxsqJdIUW1LkTbYXCVQymueSB0W12R7Pr/JRzwCPZL65PMX3tz+sZ4B3MZBP4VbrNccKEUAvjr/qcrCnbRXr+I7aSyilliJEyc3KXv3I5/MXw9lVLyS3jSAuIRX4gVV2ilAmfjCGOHVbg0b4Rwc0ULWp2NCfZ0vfb5dvZt64tvTz8yOu62pFjmKWdS1A8VJ2eHlwSuvJGUlRJTRf+12QlthYFpDhn3zTlpW878kxdoTA7M03m9vC0h8OgksQGnXDis61I39uVBytvxHmXVHYbzwtcqvvqGyCTUwU0Q+d9DW4ThhGjHHaNWIm6egoaH2fu6qL</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:46:09,679 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:46:09,679 - INFO [Shibboleth-Audit.SSO:?] - 20211017T064609Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_ep9ehh7xnsbvpjalkaukrwhh4ag6er06jy7y|https://iam.eum.otc.icsi.eumetsat.int|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_e8871e7622f04a77cb080d3df0e8f110|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx7hb+GDuYDK/XIA5YC+ShbkmlFwPXaUn8irtJ+P+0Dryif6YaE0Grazv9D3jL2CU9l5GsP/e9XAz0gk99h5olwAjtQL5Je0S//BAYleYRnM+Rat+UVNzU7HVXWLTb9mM7SzErl+3W|_27450a1fb89af59ed4f9dbd568e92be8|
2021-10-17 06:46:11,037 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:46:11,038 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_byc5erbwob5g7y87tg2mdho5budf9eg7uoel" IsPassive="false"
            IssueInstant="2021-10-17T06:46:10.364Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eum.otc.icsi.eumetsat.int</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_byc5erbwob5g7y87tg2mdho5budf9eg7uoel">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>XTWcFzkKrdhVreLpoPMEWGJQOEg=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>KUZ4+3hQBsRm2XKO2Uz4cay9OQrzkFCipX1xsyQ6q8R0C8hBLIEyFPmzTClazD5IE0vbQ4Zi7OaBLBnLFcKsD4UAtDJbN1suTeY31NBMfzvTIh9hBj6gXCYZsJOFzwAhbj4OYLWbpo7NDWuhPP9P5oK6P4hrvz48SruXaJYhYQnmUw1DPA8XFrIRQBZMirKPBcewWIuseNul2+fZnhJvE01yXDAvDIwg951f48EKqxI7hdTTRv/NZBdpujZvSWYOmraR6yF7bUezSpSXjItXZGBAv0WLfUl4JKxOhrSl41pjnsVE5j5JNpWT4dnHpGrFAFYPQgJhOa9WsNVOTW3PrA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:46:11,038 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:46:11,038 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:46:11,038 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:46:11,038 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:46:11,038 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:46:11,038 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:46:11,038 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:46:11,038 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:11,039 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:46:11,039 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_byc5erbwob5g7y87tg2mdho5budf9eg7uoel', issue instant '2021-10-17T06:46:10.364Z', entityID 'https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eum.otc.icsi.eumetsat.int' does not require AuthnRequests to be signed
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eum.otc.icsi.eumetsat.int, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eum.otc.icsi.eumetsat.int' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:46:11,040 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 18832203621667587607088021436286230684931968168257167872795230405254894215980850067536154909197830631021596563357169939025141288325792903445779402655913743610932954428709105184576245804679342024583286736032463367943204530450706526245046609407626399621183218840286753119152458925964376259244052441725228698672336877726814951605086057990054643083405775848564675707375615835217627789844087955313900665870871521060397374272764412191674530995951115898094251299426642547742873614018298714848246841146385338889437961538915294437507286875445216218692006599199269372958584594878711118692775154075888222346153725342565601745161
  public exponent: 65537
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_byc5erbwob5g7y87tg2mdho5budf9eg7uoel"
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _byc5erbwob5g7y87tg2mdho5budf9eg7uoel and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_byc5erbwob5g7y87tg2mdho5budf9eg7uoel"
2021-10-17 06:46:11,040 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _byc5erbwob5g7y87tg2mdho5budf9eg7uoel and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:46:11,041 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_byc5erbwob5g7y87tg2mdho5budf9eg7uoel"
2021-10-17 06:46:11,041 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:46:11,041 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:46:11,041 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:46:11,041 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:46:11,041 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:46:11,041 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:46:11,041 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:46:11,041 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:46:11,042 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:46:11,042 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:46:11,042 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:11,042 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:46:11,042 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:46:11,042 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:46:11,042 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:46:11,043 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:46:11,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:46:11,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:46:11,044 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:46:11.044Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:46:11,044 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:46:11,044 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:46:11,045 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:46:11,046 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:46:11,046 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:46:11,046 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@130990947::identifier=rick, context=org.apache.velocity.VelocityContext@62afe259]
2021-10-17 06:46:11,048 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@130990947::identifier=rick, context=org.apache.velocity.VelocityContext@62afe259]
2021-10-17 06:46:11,051 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:46:11,051 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:46:11,051 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:46:11,052 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:46:11,052 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:46:11,052 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:46:11,052 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:46:11,052 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 32f64f76cbf92f3af1e835c0ee84317fd4d16cfd678262f9650705bd92d7f7ee for principal rick
2021-10-17 06:46:11,052 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 32f64f76cbf92f3af1e835c0ee84317fd4d16cfd678262f9650705bd92d7f7ee
2021-10-17 06:46:11,053 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:46:11,055 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:46:11,056 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:46:11,057 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:46:11,058 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:46:11,058 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _70948674893c6913c36a7af41aaf1adf
2021-10-17 06:46:11,058 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _70948674893c6913c36a7af41aaf1adf to Response _836b54b43c26e4e3b84f16a32bcdce69
2021-10-17 06:46:11,059 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _70948674893c6913c36a7af41aaf1adf
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:46:11,060 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxKgj2kugC75u2fp7nsO8b3mWaiB0a4DkQNB/rqVhN/DySPT8Tvj1z7vTzy4l0e+S5RcBZ/68HoNyus667sHAq8qoXHiKN/vep7aVTurWf2tKDqf22dEnNyFEnrq6w5I12xwE5PB/i with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _byc5erbwob5g7y87tg2mdho5budf9eg7uoel
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:46:11,061 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _70948674893c6913c36a7af41aaf1adf
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _70948674893c6913c36a7af41aaf1adf did not already contain Conditions, one was added
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:51:11.056Z, to Assertion _70948674893c6913c36a7af41aaf1adf
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _70948674893c6913c36a7af41aaf1adf already contained Conditions, nothing was done
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _70948674893c6913c36a7af41aaf1adf already contained Conditions, nothing was done
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eum.otc.icsi.eumetsat.int as an Audience of the AudienceRestriction
2021-10-17 06:46:11,062 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _70948674893c6913c36a7af41aaf1adf
2021-10-17 06:46:11,063 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _70948674893c6913c36a7af41aaf1adf did not already contain Advice, one was added
2021-10-17 06:46:11,064 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eum.otc.icsi.eumetsat.int to existing session 32f64f76cbf92f3af1e835c0ee84317fd4d16cfd678262f9650705bd92d7f7ee
2021-10-17 06:46:11,064 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eum.otc.icsi.eumetsat.int in session 32f64f76cbf92f3af1e835c0ee84317fd4d16cfd678262f9650705bd92d7f7ee
2021-10-17 06:46:11,064 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:46:11,064 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eum.otc.icsi.eumetsat.int and key AAdzZWNyZXQxKgj2kugC75u2fp7nsO8b3mWaiB0a4DkQNB/rqVhN/DySPT8Tvj1z7vTzy4l0e+S5RcBZ/68HoNyus667sHAq8qoXHiKN/vep7aVTurWf2tKDqf22dEnNyFEnrq6w5I12xwE5PB/i
2021-10-17 06:46:11,064 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:46:11,065 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:46:11,069 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_70948674893c6913c36a7af41aaf1adf"
2021-10-17 06:46:11,069 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _70948674893c6913c36a7af41aaf1adf and Element was [saml2:Assertion: null]
2021-10-17 06:46:11,069 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_70948674893c6913c36a7af41aaf1adf"
2021-10-17 06:46:11,069 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _70948674893c6913c36a7af41aaf1adf and Element was [saml2:Assertion: null]
2021-10-17 06:46:11,073 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_836b54b43c26e4e3b84f16a32bcdce69"
    InResponseTo="_byc5erbwob5g7y87tg2mdho5budf9eg7uoel"
    IssueInstant="2021-10-17T06:46:11.056Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_70948674893c6913c36a7af41aaf1adf"
        IssueInstant="2021-10-17T06:46:11.056Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_70948674893c6913c36a7af41aaf1adf">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>PS0y5NpYDL3LhoJAy3p177EObjOyGNWAoPwMAwsM2VE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>eZUE7HM3x0/bQcKdoFS6GuMhYwNiZzDgzh9vBS8NBk2CkmaUl+izEDI/bM6qtCwCZYYVyTu9t8whwyk6AKBGMgYcSn+jACh8ziirT3MNohMvYLngXz7yuRtm5+LKy14vOwARK1Mhhj63Bil99IJxXwXBv3Dw0fs9G4kKY9kPp9ValhGENKMVkpju3UvxVvcKaj8eTFbvR2iEDPvwRgYzxzQ+zprFGx9aR0VauwBjBWF6nWUN16Sw/HEtEvOCEM6l3XtJ0CkNbTzV9t6FgAJ8RfML2ZTLzGWxOLLgZfyzIaZQIFx0WOAmYLTmFfkPwl2KZKmsyouST8IF8t4tHswweA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxKgj2kugC75u2fp7nsO8b3mWaiB0a4DkQNB/rqVhN/DySPT8Tvj1z7vTzy4l0e+S5RcBZ/68HoNyus667sHAq8qoXHiKN/vep7aVTurWf2tKDqf22dEnNyFEnrq6w5I12xwE5PB/i</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_byc5erbwob5g7y87tg2mdho5budf9eg7uoel"
                    NotOnOrAfter="2021-10-17T06:51:11.061Z" Recipient="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:46:11.056Z" NotOnOrAfter="2021-10-17T06:51:11.056Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eum.otc.icsi.eumetsat.int</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">wTI2aV95xpJyQXmEK2kr1ihwDloTRpMskql22cP4E78=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:46:11.051Z" SessionIndex="_ed1c3f1b3a3f7adc0c96521c02f292d1">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:46:11,077 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:46:11,077 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:46:11,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_836b54b43c26e4e3b84f16a32bcdce69"
2021-10-17 06:46:11,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _836b54b43c26e4e3b84f16a32bcdce69 and Element was [saml2p:Response: null]
2021-10-17 06:46:11,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_836b54b43c26e4e3b84f16a32bcdce69"
2021-10-17 06:46:11,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _836b54b43c26e4e3b84f16a32bcdce69 and Element was [saml2p:Response: null]
2021-10-17 06:46:11,081 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:46:11,082 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">wTI2aV95xpJyQXmEK2kr1ihwDloTRpMskql22cP4E78=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_836b54b43c26e4e3b84f16a32bcdce69"
            InResponseTo="_byc5erbwob5g7y87tg2mdho5budf9eg7uoel"
            IssueInstant="2021-10-17T06:46:11.056Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_836b54b43c26e4e3b84f16a32bcdce69">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>ZRMAFLf8DjGuQsi2AJ95vbREMjQEcC3IK25vWWY5XOA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>eL1YmlbEBnNzkGR3cAMpbItLp7jQmLhszywXNluz+2xs/LaFzwj7qpzK7aX9PJ1otPk8z8KWuYQzNk4Koz3YR5zgc1RuIvBtEfiN0/yi4k+i7pkDr4BcMziRqdjJk6wxcAw6Ofg4NYIQoIheNagGST8gVL1scA1L1PPD22lNUZFviZxE1G9SBzrRWgsz3z5ETNvnLbBk4Ah3ORE8lmOSB6atFbMjIqFQz5Il2xLduVz/9JRmfnrSD0rKDKa3af07mT1C48nuLEgvC5a8n/Yp9MSV2dB2i32RkbaRG6g7XvHBE2+xhrgz8zitk9S4nZJneXzp68QKfhtUGU+t7ojrRQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_5ebf137a2d12b022a106d4561933f1db"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_836780ace078a67dd42649345d546bb8"
                            Recipient="https://iam.eum.otc.icsi.eumetsat.int" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>CDAe2cy81px08Y/6LmbFyBtawfesoBUCkd6X3km8LsDnW94uOOP3m9ZfoaqGlLnqraIC3sUU3VaJ3Y7xH2HBLuml9WRiRtstKV5L941ie7A7ALuRUzngIXePfKaLEEkXTE5EYITarCOOkLjvgAzWz2k6NiAp+C0HFUQ89E/r7r9YsLnzfpbOewU8q+aMmNotxTLsZGbl5xG+jQX37TbkUjYq2HC/qGfkRj/nyiA8OU/puZGGHem8PD+9eU+cecKscrExp3ontvWMTZ9KOygJwVLd/nYI84Mb7wvAHkcViSDXPHzX3D2srjTwPwrZOjDX8oxQxSynu0AhZZ59t6QKNQ==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>aHC9yCniVCtrjckYx/Y5DtYGTrxn//TUAxSOWybKiYcSfe2cQ996knkzHbVfF6Z3YJ9y3ZBQJAry/TEdkZopyyPHKgCMoj2G2sbn1GFTz1vxEGbt7DLaq9YpewZaBzAHPh7pgCxwui6oZ0trKivs/YtxJbsGvNdBiDEUyQsho0pKy3jkHyeLd9ccPeEo4x7dU3EuN0fc+WUbSeDc1C6pjkl3hGjYeN8mO56LUplZUqiHOQPUB0Iur+A0qRZlJVYrJWbWC8pgzPbKvgZla6AI+pF0URzcCOgOrsLl/KsQZbxACDia70VsJZUArpSFyZTui701qymbvT5NbzQAamckoaH3Cc+yTB5rUIhB4YVCtOrPgMYyfDaLq8gFpeC6Aug1BctSJEyBtKj+MgvNGf+IXOk7qjhxEzKs8r9P30JL3ZTZT2izw+7A9sbRNZCcfEeBzrl2Wi5VMNAK6GMjSbI4gdLEVkbdSfgwJZgIn5RsZRYrUKDsI/5AO8P7IuJndu2CFwfTRa1f/8YRYCDriBeFOTZxBnxpN3XKu+f4n0+SRP8Hh1niditrnv95iWEvdjxUdeCaAATpnVKRhKqq5nOjHOGS0piB37d/Saud0HtHZJ92Zv8yBXI9shseuLPDKNS1Zs8Cie8bQj39TlsBaD0ALu9yBFEba7LyI0bYzfE8NcKlAkey76ZhHJjn5qHjNg6Qbbb6KlSRCKfejRgDU7Q1kOIjg7qilbvvBTpeUV7Xruk/629xA7TeUyUHVwGDcUuzslFMa76FLI4bzDOhw+M30Cuc6KwLHc4rhBi33fkv3dWMChe3LxZlTdLdsHaUe2yrRl4jv3IzdJhf+xkChnbY9/+rJZMN2dKRhe/C1t/39y2yYYlEmXbOQCnC35TCNFTJjqiR1k6J0zvQCebfVizwrCKTitoBQcVZ3YfbfrjCF+jUs6tf7dPdxYAo9DjJdA7PjLZA3xtqcrIhhQPaCUEg9kWmayYqtzmSO6XONxfCfJgqS6VSRSso15iik6sU+dPsL2EBnP9W4A6DOgus8FXnlsl1n9K+SrdA41tZhLtbow8IRPB0T/Ul+t05E8rDakfAP3QvD5qCqDMpxC+H5wRB7Gnwh3t+bP7f1dIadYME9wrPcDmUeZ8OvSke4wqOuJht+FAIWWZOuwHnWRFKSJctDJ8iMtrR7oRtxQsBReyHcIfqkm/NzEsHXXUWsYQip9HnP4exLIg+fHHk2gWdLGbmmU9hMT13Ubj525Yw6yyyfvEf6CDdLqGufjifDFscIX1wf6QB1Poar9QL51qM/iHnNxhIXO1sm4N/irV5AuK+yC7EBQGKJYq7xjwnjWh4nE5hbtIZ2Nh8jV2wdjgHXW0N/NOC/OjYpdLyyU8SfoiKTuQJJrkyVXqZFJTuFYPUHx6AKE1ZcEoh1phLxDQ3r2WgG/kfx4weGE2B+ddfDR+4ZCp/VptC/eqfXplzuQgQXGXOKNfNQAU+Z4qzEse9zmB5l2YoPc6l9poQKVCaym8gbN+8Ul5fXZR7L75/n3sD0HGQnZyiu3PZgnLItpU3/r5z2m/IKueJ9IuUVX7Xk64Tw/ozOsa+t1V+4EA9Qe2CncFSvl6PI0Jft7WiiHS4ogfUtwuKkcT/fzSKZk28SnNQLgIQh5SdIsYJPKp1iOjdMdbw6yEpJy2MXFb1J7Mg4wC5CtLi7mHlZ1YtsR+r4R4DMIlRtDwIo6u1IEXR0pyi/B5GAgH2PmAWU3z4h0LsffEYyhqOp3rhtigkGhkiXhqctg4dCGGz/Ozn0Y7jo3kxHsLtfY7QyLZx5TzomZCRii+fHjzsY6+83pwac0ZoyaQhcn41rKNq6SoTFd8wAdO1EVF5Td4tt/0Q2uIiD8Z36vqC5UvpOiTXP3sg1KtTVF5hNxxkrtaCalihhbJQrackJEZV9SXg+qg0HrYPEZ7rL0NqUbrqxIm8szHTeLo2Zc2B+b4U/nk+cm6KkjD7YLk1FiKwJluiigzWyWg4E0hHccXLsrJ63gJr32/fHkqmobqCvKIA6Y1cBFWdH79cpf3KpOSkHcuc0vTCRYBgjaxa13NAhjKfEsM4iOrYFSY/2pJIgdnQe4C/mwDqEDYKQp/PV3PFF/IEv0iOrO4Ye2DdqPdTQ4uWa6dqTPlGsRAanjfkTRAKGG3SiqyHC1ljEqH6l8SNzR5b/niWHE3Ca9BzI0u9mmMJY9/ep9Kwef0oiAwy2Lm9arBxaSb9qyXz5rFmKrAOxk1WwMgEotnAKAgdnEVl3YhuX+GkP7I6KuTpNzMJM8H+9NLwaunSiXJphK2OJ1Wb08mXCtYR8hZHDM8mAR5RSU16a/jfoDDMDxtjfT1IhW7x9pFHlB3J+OOWYiqAcK/EswJSagF+ruaa4nbzJxScv0ExNlhVCDOOon75kveLQQgtVOQZvK7MRZ4S9RqUocHBrq1U8BT6zyR1RFwShwpDIJxUp2hWlnIFK+HODdWzBY7XyRIdpZXXZh3RWeVIKnBknKmvLoQ9Dnxy9aM2FKIFmUr4+qzRryeUKPnVOoN+oTVvkVJgLNuY0sY2dbaQraAQnIKCYHOY9ebDj3+u5KgMB62ZAAcHfYwrA/OX8vZMEJhyQt2B5pvxCPOPfN3xZ8EB/IQHv7Pz8f4sTDcO6Gj559isjZVnG77zab/QYBvRIcbGh5GmBiIzhvBnvJx/ADm4oSAcnk7xpgupeG1Vt2SijQ7EshN/xhxPLZg0XsAn8n2oK/ZAdiJaUqVpk0dLSFG81+2QUZHJu1qXXfALu04DmNsROnsGRkw5S6Lni1Jo6zCJJgC3pKudVf2ywUjVMi77Y2kb3j7BJK27tO0ru2BmwOwQIAqFdktYvK6MFivYWQGdPrE2TUtiX7J/e/sMF9E54/iMJAokoxNLxJtdg87Xd4gRepJAXXWMCXaxFMsBUe84ENcSKsyW4yz5AfBponPqI/O4Ey7WyYxpid0GTWCxg18QUOAqbjzhr4j1YVTpOjCEA6WaJwIjs4cp3Hw/ianSBWbZyRCXmbvZOcSwifluDrG++8YM7XrIbnh9SzF4eBPQlNftLQzF2V4WKs4aUKgq95y2jxY2upAMOY8+S8kmihNaq68hHWZnAl9PpaOJXh8P8TdkikyJEad3nC0arGA1NCMmsrSjdcOyL65omwBYMdSrVsFBO0WjtRGthmzkF1u5lKCyPoasnrDgvqyejVafwhiB3cm+m9+WbeXx7DwbHEcJ5nPrT1cEt3wYbIJDbx3uFeDCJmnMLEBem6LSehehSYXGAhYB3gyd3w+vBFBljM0VWl5oDpjW4ufBth7t6QI2dNgRxh81q+khObMpskXwqiPQoZiJ+Tv10WB9d1MQXlShLW+MybFX/IPsEr/987Am0azIo3FbPjx9Bs59k4UOuixvxVcHxP0EyGX/nosrEiTeCnN3bNZtHrKpZ2V0ahAoi8wyYbgSDEqXQtHh+CPyHp8zPyFSVHSSyDt+xSDQErHeHGhZsXCDgD2mhI14oIcuoEXlNpbJavJKlLcno02JqdManHaViwgpwHSnqRW7Y8SHs9MDd59jjyL0Gy4S5nV3CRWkR3pTHllbMC5DAxWEOMX/4OBLl+2BdWYViPpF9ckQVMpA9BVv2OmlV+uWxuiK7W83Lk3MRJyXAeNSHzSNs33hi8/bihSFuJYX+8ab+Mk1YHFpxh36BA8WR4vTBFLxHrYdu2YRclHZskyTK9awQuQBgWqxzsSCm2+DjQKCqk7DskjxumQbWUiqkVqExIl9C+729P4Am+WzpAAnFWBb5YUSXM3AAvLMYoZm07JQm4CvmTFClOlyRbigMbhMHpBOrnHx5rxkNYzWvMO04b6Hwj7m8gggXoHk9f62/m1CSCnBmXf3KcKP+HJnPhBtiK7eK9YVL7QjRtDQTLVL5F+mUBhtssOWaM3tb9WxLpgfS1ZRBELoielt9oori3ZWMKbnm/NJhB4ExNRGYBCFx98JEprjpiW7xZoa5o0O1CBUCU7SEc/qatpbYPc5lvvr2Iwx1sfEkWCjnysMt8PygnBt3kBW8luk1Om10ET7fHh3xjuFW2OWdQnicZJPnDp/Il/knk1Pk7K0AF4S7RZhU/tUbvp9HQI2xvCrnFL3HfjYjdLzJXkMLuNgoFUd8Hxw6RTCgrezklt2Coifcq2oxIvqhaGGm7pneTqoVfXT2zBy6wJJXgoMqaj35vfOh6t6vfVxl6KlPZvy8ZWZhZOLAtIxAOZaClGCbSmMd7RA2N5Hqr6Os28y1E+BeI7U6Ubwi7EjyU7x4lhgB7/u1+thucirqVoC5THK3+TktOpZdWMyNzzXX9TZIAr3akZLOtDFbjYei3caEY3dEget6P5TBcvfYIaJUzMFWYkXWk3tCWo/AmhpWm4eBr3oNO7UbRQGO4zB8ZFVCqVR10/wuPH3ruIWj+NBpdBbvhu/RRm+IdbBDd9bXzZgjRW0weFjdye5hRN17KsDtj1qfHjHhGCImt1u2NidAG0EF+uCc296KhPFmlfwhvPo2TAocpkd9Zl4IvkATN4nSboV7VdvegzPcAtlp+iDjfzEfD0DHPbyJyqhKbRZIhBhFwOKi1UTXA8Hhr1Rw8hCx8yxpQEoNcse7RY8O/wsXEMonLe8Ba283X5assVSktb7Iv8wiDFR32VAFGq4RiFQsrHlZo3DnrmoK7yP12bJM6mUijTKEos1ZGbisoFrFGXHum1jth6ZuLIeAfHeqwBAaD1nczlBoO7tW7TLlzjBKBQgkkihMvtGiZ5hu000YQqsjuO8hDCw1TRsf0uqDnKLfMRziM/a34mFtupK4ID9Z/DhXHiMLpPBi8PjnHx+QlCQE+f+B85frqocj6UdReput6H6sSbbs6vVdAHSF9I5ZbAxvxVKd4lIrfOwAMPPaa2A3dHYoL4HrW12Pwmtb9P00MrtMbPYSt2n79Wh1mbx68Q7FhqVVkuZVsIzUIKiCi9+nCr4sJMRNiT0I3KQPH/OvK/Yme6zc4qYoGIQRp76nY7mAjjpKoUwPAVo0gvRB+1TwrX6HLGdNr8l6/8Pv8SHAiG9//QkruhzZ+HJxnLDyqKsREl4acpOi1L7CpW3dbIxI2xytmiLWI6Sw1xPNf6its5rtn5P58LWKlXSBMQW7qM+Yog4kxls3KgWmv8Z+IRc+kpV0gfl12RP8GEivNbPuIyopu6gOXD28nMZjOy9rgtIkDRe0AfVUo82Ihs/HxqeQYStQQJtPjOZp9X70It2y6eq5TA5X6+09N42sWc+YhQZY4+87N9Tk/bEJ0V0ikwklbQsngPMlNeE0sg5IL9pet9cfFbqS3wpI5XEwVuaXWPhdNp6PqmEeWrft90lCVdf1EVwdzqzwUj6SHYNodTchqx2SPwVU4s9/kcprktO7hhgFpIVydGNGl8aAh+QX570n0MbpZfS6u5XurRFhF+Dklh+r1DpqBQb16w527CmTc6sTkdpUceXy06XsuNd2D4JN7F2kVCNr7ox21XCnFIoj6c30d6IqpH0c9iJXRkuNiL3OTPbaVn4lA5MDqle69pAfrjGcWHBv7nzbtH3OXj0TjbRAiCkLumwJHR6UkQh1ITDchqFDyV8O7ShTyFaVZCIpIqvE4o+xfLR1Ym7ITVT4Xkrj3oqg2o23/f5acrb+NicaDR4B2suNlLvO7igH2yZDEHmVxMSjwiTq+xCjNGvOTinfzH5gdgXdj7HEvBuwuHe/dv8Tctr4o75kmWSTf8f8+kNOzEXJpaX9R35cGbMpwp8XN6Frhtc466FFMarqwDP/DBFWKB6DKpr5Jnk28g5u7BICl+3uZulLb+JZeJNqqGBJ6cMfhpe1/zyGPzuiP7MQCsZDBEy0AxnxltL7qAwVd/IS9CPdptJXbr9qQusVvK6No8GBVGFto81m8jkIjnmS5HifDk5vnyKZVOEm6hkqvmZXLVSbeb0fCgHxBvKiiwiXxcGgmuwNTZDDAmRqtoKHbIIlGeyw7/12f378uj7YUExLQgsLCKzFvmCuDzN7hcqLYpYoXiswBIHl5PVzE7k3eUCC8nsB+6PNO1Va3OJo7O2d1ip4Oej9w6o6mWgwH5SXChE+5W0TNMOR5EC+Z3gFJ8xMC2y9rRPYhypSih/TjZUSx81YsgwYRUobm8FIzLvIxWkMiQhbFXKepZ2Rdg2B/iLCdYPp2SaPcb/IVyRJXzC3Ui2Mn4Ug+FUW/Z5htpVC7iClL4xpufaSqG/0tiXdi+9Og22QiAt3UFpDB+MTUVDAXJfNi6q6Amtmq2S/d6NUF8MJuAD33iYzowMtKkHgGCJO4E5GF6+JaRKofYKev9JwWJjBR1zzhdYa+htMdL9AYwfA0axm9pgSoWZLCrvOjAN8nQSNpa6SKEvOTXKRuQIOiuH6Ka2mXagRNkwEdPwUYpWbodaTplWoRnJ3EwN3ahQ/VifsK7GGqQxfr5yvijaCOgrB84RytT5Ug1r5WyT32f0SjuOf//g5awmqyy+XJl/Fln+tSfEj/xHFkOrzry5YLydZp41k12K1ukXFg2eIYMS9zVn7OZouXN/e5/xWVLZyc/WuZKgZFBlbmFy7W1fDma0UqmIUtANWDiMDgubuhAnl9vYA8nDslMOAHmSt1aesUErFcM33skM03gxRfa6MY8xKTwB7VdtHgq/EaRYNVFEyFi/r4LFPXIyQBgEBncxTrSwthR4Y+FmBg1QSgIfUmWQCaJTVu0cB+zeAIih47BOL+D684BN2zJbeXVH5yTxhRZAfRsD98mfztfE0Oc7rsga/Sdp/zsPrPcWhE/tL+dZaZXWAldBFi6pPzYEvKGn+e3/vmkxCX+UKNLObOn5NMIyXegAVRD94jEbc50MVpM1a+tMHRz/gw4TEkei5+Rvi7vHD/fEaBGOTQ457K/9J142ojtEaDFOF0+7BKUuA+SoG2KTnknzfjoZ+80MYwQizrib8SEvUu1oiYrNv57itZ9zW2ZcoZZHjpys0N/wT9YID1NkmO3+cIvBoQ7m6GPG4vJgdE0ZL7/KLyaDjfyWhL4AERQI8ycdgBPx1DRJlb+6v/ggp3UgY+snLpWmboODgMOpcO8oMUXYR8UdONarB+dJ7lS835F5f5uCT29r/XpRrBzlklud5UERG3zVn2jbjlMAg9Vb7b3Zf5/XDMFrF+m9pAc7bO9b24jWTgXWwfXj7uA0jogyi4FWvdivSfOkV7bSEuoGVgXj/PqQzjafSwU/gE5JqYELm3EHPDm2LZPbGamxjOh1wYzti7ylP74x0Uvq0kxTKclkRYs6KfhyEavSyDth6njUw1T7wy7rwKlP3z6/HejFItnYZz+Y3M7YXfLKt/Zig2hYbM+APUI4exfdd03MadSt7dT5zHVohHFR4wbG7pL1d7fxO/5/oxdmv5o9iyvGAKDbxjI0tMXw4cRdq+E1Yr4frHOS+Uozb1mjuxOwV3gP/sQ5Ej0kG8tqUDehZhICzbpK2hps8cP20wf6gTuudj5GfQ76BpuOCa2Fw9S6tOUecytvYrmEVkZY7bkO+OM4S+QtOw8iMsJDNpZZ2FlK8QjAMXV+A9X1tZ/MJXsXiS88W4DegrwI8yO4y3JZ2gynkV6k80tLhtuYMdJRZ3CZ4kiyorvDsPDTbX3g1ixoyJRUMoMEBNlKfsNyDDlDz4Hk4Ge6CkHg9Xy3TP51pdj2sfF/jfAq4wzL4D4wd1h663nu3jv4frbz+623nrdFVpgU7Yz3Icq14vMTodXa6oNN2h1wzl90OwoV2O72PUEsdb+S4qWsZMUwFOsJXJFqL/h2eL6PB4XIaRJHKMS22fdQQOFbaVfB5y8y1bGb6bWuotM3IDhCJ1Q+X0aakSy+458fhnc5BOhvHWf9fPQkEnjed91XVtFTmtHcZD/rSnDVQIZlfDylrdCv5nHvsGUUd1/MRbwObVuPinuXAq8KWOH4sCAnwmjpFp8mShSjkQaP5hwZIOFjNwUxYsCiehisLg4VPYeEj3psldiw33ykiNipC4SBdFnwPLy0U76xhFKRPOMsg50GxACAJ77KPWBSFx0qFkfiV1sz88nbVevh9HNC3as+C6ujmXJ78gQX7PoYgoP8XSLgh5I5FygGQUqQ9IHvW3v6hswXpOOSgX70HkRlW78dFtcl0jEthhGAa+QO/j++g8FLqilvjq5Vb7Nilm/hjgMtfMSWxUEBTjuS5KjBYZ0JjYU9yIeiWIrE+lZ6yDdNqPQkoKk0H+ubyhy+J1xHt6GY+LKpPRwP6iwGYlhw2ePMmA7ujEtYFK4NlVbGGv4CE7CGWH/ibYGqWmjNk10Kh3VHiEqZskVKCdt5nlVHhyia/spCO/46RTTkRAPjAKtWubmdrI+7QKzXftVSlxYfxwtaP+kqVVpNLoMXe3XKUZtnRg+bNsFqc7C+5sRhT9XKCPGNyTlfKGOgGIqgL1NrCOp1nFP0sNBLLXP+NBgQNLBq+EP7amLVFhVgGr9f1dnIvqGU7QJzxih5ttC4OMsMd8u7eaGyKC8nVqSmFaQIPhbhhR2/QGfXl9tCsjICevYkCmkkNUN53S4J0EKCa2ocAGRJQ0HPt9NNJ/DZIytjmtHRwm+fMsrWN9tvjgdk5/Wy</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:46:11,083 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:46:11,083 - INFO [Shibboleth-Audit.SSO:?] - 20211017T064611Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_byc5erbwob5g7y87tg2mdho5budf9eg7uoel|https://iam.eum.otc.icsi.eumetsat.int|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_836b54b43c26e4e3b84f16a32bcdce69|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxKgj2kugC75u2fp7nsO8b3mWaiB0a4DkQNB/rqVhN/DySPT8Tvj1z7vTzy4l0e+S5RcBZ/68HoNyus667sHAq8qoXHiKN/vep7aVTurWf2tKDqf22dEnNyFEnrq6w5I12xwE5PB/i|_70948674893c6913c36a7af41aaf1adf|
2021-10-17 06:46:12,429 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:46:12,430 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:46:12,430 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eum.otc.icsi.eumetsat.int, acsURL=null, relayState=null, time=2021-10-17T06:46:12.430Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_6adcf55b-ee2e-4599-9a3c-369a4f554628"
    IssueInstant="2021-10-17T06:46:12.430Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eum.otc.icsi.eumetsat.int</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:46:12,430 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:46:12,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:46:12,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:46:12,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:46:12,430 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:46:12,430 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:46:12,431 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:46:12,431 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:46:12,431 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:12,431 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:46:12,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:46:12,431 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-10-17 06:46:12,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_6adcf55b-ee2e-4599-9a3c-369a4f554628', issue instant '2021-10-17T06:46:12.430Z', entityID 'https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:12,432 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eum.otc.icsi.eumetsat.int' does not require AuthnRequests to be signed
2021-10-17 06:46:12,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-10-17 06:46:12,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:46:12,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:46:12,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:46:12,432 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:46:12,432 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:46:12,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:46:12,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:46:12,432 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:46:12,433 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:46:12,433 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:46:12,433 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:46:12,433 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eum.otc.icsi.eumetsat.int
2021-10-17 06:46:12,433 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:46:12,433 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:46:12,433 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:46:12,433 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:46:12,452 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:46:12,453 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:46:12.453Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:46:12,453 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:46:12,453 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:46:12,453 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:46:12,454 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:46:12,454 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:46:12,454 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:46:12,454 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:46:12,454 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:46:12,454 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:46:12,454 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-10-17 06:46:12,638 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:12,638 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:46:12,638 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:46:13,005 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-10-17 06:46:13,005 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-10-17 06:46:13,005 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:46:13,005 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1203356353::identifier=rick, context=org.apache.velocity.VelocityContext@4582ac2]
2021-10-17 06:46:13,006 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1203356353::identifier=rick, context=org.apache.velocity.VelocityContext@4582ac2]
2021-10-17 06:46:13,008 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:46:13,008 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:46:13,008 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:46:13,008 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:46:13,009 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:46:13,009 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:46:13,009 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:46:13,009 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session c8b68e9f064c7c16fab06c02ec731af96d1c96f94036b93414b94e4220d6c352 for principal rick
2021-10-17 06:46:13,009 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:46:13,012 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@11910dcc'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:46:13,013 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T064613Z|https://iam.eum.otc.icsi.eumetsat.int|ClearAttributeReleaseConsent|rick|||
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:46:13,013 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:46:13,014 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:46:13,014 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:46:13,014 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:46:13,015 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-10-17 06:46:13,015 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-10-17 06:46:13,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:13,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:46:13,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-10-17 06:46:13,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-10-17 06:46:13,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:46:13,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-10-17 06:46:13,385 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-10-17 06:46:13,385 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-10-17 06:46:13,386 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T064613Z|https://iam.eum.otc.icsi.eumetsat.int|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eum.otc.icsi.eumetsat.int, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1665989173386}'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eum.otc.icsi.eumetsat.int'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eum.otc.icsi.eumetsat.int]' as '["rick:https://iam.eum.otc.icsi.eumetsat.int"]'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@11910dcc'
2021-10-17 06:46:13,386 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:46:13,386 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:46:13,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:46:13,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-10-17 06:46:13,387 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:46:13,388 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7d0664a6676e161a90c4b1586c2592c5
2021-10-17 06:46:13,388 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7d0664a6676e161a90c4b1586c2592c5 to Response _301f0f93a96215b44ee7577a8e940ca1
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7d0664a6676e161a90c4b1586c2592c5
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:46:13,388 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:46:13,389 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-10-17 06:46:13,389 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxMstznDgjwok4+4a4SHhH0/5MPx9Es4QmMqbFWBVy9eM2+NqAEMXn6GTBD/Aka9zGrMEKbW5Di7RLKLhAJsaNDo3w8kCtdblIqzJeIX4/mQIeQnrHvFYq9TXasbAVV9Dk5QI0kUJn with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7d0664a6676e161a90c4b1586c2592c5
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7d0664a6676e161a90c4b1586c2592c5 did not already contain Conditions, one was added
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:51:13.386Z, to Assertion _7d0664a6676e161a90c4b1586c2592c5
2021-10-17 06:46:13,389 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7d0664a6676e161a90c4b1586c2592c5 already contained Conditions, nothing was done
2021-10-17 06:46:13,390 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:46:13,390 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7d0664a6676e161a90c4b1586c2592c5 already contained Conditions, nothing was done
2021-10-17 06:46:13,390 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:46:13,390 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eum.otc.icsi.eumetsat.int as an Audience of the AudienceRestriction
2021-10-17 06:46:13,390 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7d0664a6676e161a90c4b1586c2592c5
2021-10-17 06:46:13,390 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eum.otc.icsi.eumetsat.int to existing session c8b68e9f064c7c16fab06c02ec731af96d1c96f94036b93414b94e4220d6c352
2021-10-17 06:46:13,390 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eum.otc.icsi.eumetsat.int in session c8b68e9f064c7c16fab06c02ec731af96d1c96f94036b93414b94e4220d6c352
2021-10-17 06:46:13,390 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:46:13,391 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eum.otc.icsi.eumetsat.int and key AAdzZWNyZXQxMstznDgjwok4+4a4SHhH0/5MPx9Es4QmMqbFWBVy9eM2+NqAEMXn6GTBD/Aka9zGrMEKbW5Di7RLKLhAJsaNDo3w8kCtdblIqzJeIX4/mQIeQnrHvFYq9TXasbAVV9Dk5QI0kUJn
2021-10-17 06:46:13,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:46:13,391 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:46:13,391 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7d0664a6676e161a90c4b1586c2592c5"
2021-10-17 06:46:13,391 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7d0664a6676e161a90c4b1586c2592c5 and Element was [saml2:Assertion: null]
2021-10-17 06:46:13,391 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7d0664a6676e161a90c4b1586c2592c5"
2021-10-17 06:46:13,391 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7d0664a6676e161a90c4b1586c2592c5 and Element was [saml2:Assertion: null]
2021-10-17 06:46:13,394 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_301f0f93a96215b44ee7577a8e940ca1"
    IssueInstant="2021-10-17T06:46:13.386Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7d0664a6676e161a90c4b1586c2592c5"
        IssueInstant="2021-10-17T06:46:13.386Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_7d0664a6676e161a90c4b1586c2592c5">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>WWlkfJhxL5pfFQbZsF+cPsv/MOjZb1VxkH3bnSjDJIU=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>p7tGZIhrsiwBVAldI3vfo/zd8dzN/Q2pShOwaQ/t/wlntmbnabimX0xZF6wBfTzxLaPldypgEG3uKYpHq2XLIho6HddQ+ITZRdQrexPFdKDZ+c5/RcNUUQbbd1ECLIhEya7W97wyrLT4LXeRm35wjURnubJgFsEzZHUMqMeRv3rFhA7EzmVbZIYvWhqNU7ZxEB8QNmw/ACI5mhlmAV3bRsxb+qwE0MCD1mjlK9CX/XuzM2cM1OPxHRfMpZuMoaOwCb4b+cL7RSSmcabS2T91J8acdhWRWUIoRGl25P3nFS3K+mM0gGUF0DikVOcS6SE/WEnMP0O+HY94nZ7KAF/kfw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxMstznDgjwok4+4a4SHhH0/5MPx9Es4QmMqbFWBVy9eM2+NqAEMXn6GTBD/Aka9zGrMEKbW5Di7RLKLhAJsaNDo3w8kCtdblIqzJeIX4/mQIeQnrHvFYq9TXasbAVV9Dk5QI0kUJn</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-10-17T06:51:13.389Z" Recipient="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:46:13.386Z" NotOnOrAfter="2021-10-17T06:51:13.386Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eum.otc.icsi.eumetsat.int</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:46:13.008Z" SessionIndex="_39d31d8a0743645a399a908f783147c9">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:46:13,395 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:46:13,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:46:13,396 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_301f0f93a96215b44ee7577a8e940ca1"
2021-10-17 06:46:13,396 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _301f0f93a96215b44ee7577a8e940ca1 and Element was [saml2p:Response: null]
2021-10-17 06:46:13,396 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_301f0f93a96215b44ee7577a8e940ca1"
2021-10-17 06:46:13,396 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _301f0f93a96215b44ee7577a8e940ca1 and Element was [saml2p:Response: null]
2021-10-17 06:46:13,398 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-10-17 06:46:13,398 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eum.otc.icsi.eumetsat.int&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-10-17 06:46:13,398 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-10-17 06:46:13,399 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_301f0f93a96215b44ee7577a8e940ca1"
    IssueInstant="2021-10-17T06:46:13.386Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_301f0f93a96215b44ee7577a8e940ca1">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>H2dqnDu2vt8al3ojs1/hvhXH3GzBMnUACN2JkWLhzUc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>pma8jIHIh2zWCyYJMkNtGlOS/gkwV41+ZxFcFTXWdy4lFteIy2SWEqUq+ZofGnV1ePDSsiH/ZLM7jC4ii+Iok5UqnCh6MIl8TjdRiHIM0jpOarzBSweyjt13FXEUNOqAEGaMVkiM9AXCasRb68TD81LSWEAdCZMvGm+0cFtJk4HHecfgrciyQpaMTFoq2aiEDV/dPvKfXOrPqwpUsUZtqMrjKSjr/nEQslyO/lVEkrvxy4eaOm3Xvo1JM/N5gznb16vV80hFmbu60R9aQECxWJNTzNmdlDLFQ30Tlrx4XpuWeHkwNzLZLAGzKDvrCRXy7xoXy5vQ52WbwhsiItjluQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_30adf80d13cbb52131ddead9f79ea35f"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_41c3c6d0a6a3790eb60c2f143733261f"
                    Recipient="https://iam.eum.otc.icsi.eumetsat.int" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Lf7Z0IhTA9Cz94gHHNn9bUj6QCMCl9TiAXCXB3oIBTAAKn9oPs0r7AQgjV3MtsA026SjnX1AjWY8VcHcnLTjt2vo46Ewv4TMZn7YGzVVJjSnGFwQ9Q76EaRUHCpmXRKYOgf4HbgA0D/AhNO3ie5+5TN+sgd+aYWYU86AJIG0Ji7uASuBZ1rRfigkVPn2ZsggmsYvV5sd/g/yBBXe7neo0h67p0CPNul6SIDL3GOp59WM00fnkqpsJaiS217Aq/2tY+KiTEaDjJTEjTLHWlmDNUD9nASY2oOmI/f3yVlTzfU97vxoVabcxh3X5nKOaq6kUPA6p/H1NWr7/XSRJycFxA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>+x86oPkDqLlsWcIz5FGblXEK6FW8D+dqvkiS0gfq0g+/ggQhcTp38X6Fe8rAViEkJiNdgLHlLQptOT/nkUHi2Ix/yzG8IYMctJcBoALw2Y2kEU32FsfCtjVUSMZJO9gL/zebpE5WGoXqOBj1A+qxfcN0RxVWKncjOf+DgHvD2mYqWnwlAllZcCDek1EW91OrpviGcgGAO/7bR/A+kKoyHscl8Eb532F4BDpOE3D+Z0DYCvvv/V2yMf43t1xje/FKBCDMmuOn7BLUx9KvKBYUeAvHHNDPmLDrr1WVt4oFMH46BolhFQGMI4PJKQ0/+LBuWuirdgmzrh9MPvZheA6iFvDROPaPIWNsUuXciOJ9oj8YFeE2YEIV6Zo4aRAW0nSD7j0dEgBJBYIhE3F+q25WcipCeYHZu+AULdUiVR+hCMBCtHJNt+mVTLxQvUom4pzsvnWbjUN651MwVDcRpaq5uT5rFemn93vzIdYHCwnqq98pYITwkM8KQaMpVn587DOVBIOM/TWhn/9PrZbnZwQ9SjxLKO8W6Ex3uuce3sSeUvPQLlDnGt5/BKG1mHRWWlAoBb4v0aMFS82V9WAUq4UkAjh3A3SVQridGKyTjWxLadWOGlrIhe+lbtnmRwc+CnGFLdj5obwTlt0lqVG4337R+xHu65pjZPGD178OxmUQmn33HxxkxFhLamnI7Bw8sotvxJ4bqskpMHofbE0x8BmcBgCbKcASrNbdSHa85P1UKNmRJ2ThapJpaRgcJp64ipmssfguPISwhyqKZ8tFrTogHBObVvDcdoOifDun9PXwOEWE4+BlJ6fqOQ4S+pjvyBYerp2kCNPRHd6yBKGHEQ3Bd82gj/VvLANfwM8zzP3xYvku3JdupnfF7cMGf1lJdoqiVIFWmYeseu3uWsTMfGSlmmamlP1LoHrITQmq8ZQZSvnmS0yCTslHl+dhZTCn/lXA3qU+866fOxD9LcnaznAHExuWY6FxRX2xlItBJ5wTIS4YZWjhD2ClmwU1DOjMLRtHn9hbp2wUHRzQvZtTo8TD4kl9szlhfM3wZ1SWs88Yfzyuqss6Pmr1KqCquiFV+QmtFIUf1bzjekOzpxSkMs5JIz+0m6D39jqdu4BNs++GUJif0bgP4thR8w5yKSqW90NXXiSIUlqg5N5SOmiJpIgPMWs51s1SyouDrGeh1JuQKQxboOZBb153el4wBnf7XPPK47A4Xl+Sez2WmWxRCywOEknZW1sTJyJ+rZXpcvK+1s7nV642lmXzOSfArOrVsZbUEO51S8uoyGvlIJEIpUHvBPQcA4hp13hrPSjPd/wZWBj6IoUNEsCgiCx+2Oeh/MYHLhN+5HQduGCC4LH/FCdiOO0gUMs9kh+um9q1oRc0YTh0acGgRgNIU211pozk5JhaBTemdvZS48uMWon8OhBviCNyLtIZiUyq1i7KIAiT5txvFzBkn7QijvLl72cy7UN7+3vXXyNo7Q1pq5wOeSvYidTGKHQKdWfR3E/J0lbjKbbMgMsnP+gI10JnZLknFz9oBX/7tpgVgZgSehTa6MZCUanToj+NqFyYDlrgoH5oUSskSk5+bZ34llz7gk8ONzXdZMWPMFN0zA2lxhn2qBL7wWHRSe9ukbh2RDPcLCJ6zUjtS0S+wmZc5NgbNDMQ0LrU+T+LS1F6/mCLGnuhTVlrrzz192gz6TbXsxkGzdsKoQ01dNb3bGy3locO7DjydK5CNkM7oUACyWhL0UY9Xm7k590tRNZS+ZuESYeLVtFE0VfFrPxeiUDdmD8+OKrYKa1GvsqD/y6GP4q8mVGTkjXSVkEeuGYXZOacC1zmUBpi3dAoQhi0rO+SL0CDfZBpnXTIcB6m1laodNGWc8r98OXl/0sgcWpAo0HPLDvP7NYsab6499ogc5UHFP4Hq4KZhKjPZz9Kmp+lhD/7Gdn7t+/87GXIcZO5BA8+F6whmAOzvnUqjHvBjXr6zeAUiG4mUz610jzCjutyax4zbfDm7/HcI76hffhwSJ8bqTfkPUJy/3mTu7xMgtLr3/WLRccOZHmZNcS/FRE6Ox/ra5CIgQUyFIHnNuNqY0J8aQUwAu8a4WX1kY+ai08xew+MmH2eGiJGovC4tlBl8fQ8fkIcRchoLMXbicROnhqMiMmTWXzOkpdmk4SS34ontjsc43bX9Wr1XjhzgHw5TxZcqshhx5pJChOnUtwIbT63WsrZfkDaCVIVMUVWSMRiPoNKoVO9Pl/UWmpNRipAwp4GgjmU+v5JWwTvOwjYBByzMjC5f6lQNTIxHCqeEjVaLz+V89BRXnrp3PTOQCz/ATsFrG4+JBzdlHAP3ccHTfipOWIVRbIefSjpNQOvGjmA+QQO+MclQ1Ntv5uWd4EsY/mtCPC9I6jQTUXNl5PtT+sCzj98QoHJ0qPwfdfPWDjeptfKTjXzaSMXqBI1q5DhBDG2ouvoZGXWvNeVW7ljdXVULVwYwG+qKQW812zF037WyeIVaZoOY8VsM7oNqqI3ieoZ2V4yUs7CB1fI/PLuvvEBOcMxeJRPKmW2bQPgOyV3FukuKtQh7qwA1pYq39YKlwZ+UG5Yk7KKOGk1Cg/Z3cWSbd+QskyRlIxUyBPmZE3oiagZwjL0TljGhXQ1N2hkIcGsmGadWlRs5Dlu+f14tSww1V57v+qOO5IKVIZVidPlpsHUf81oZk0QXHa2nQCvBGibxsx9oB1tq1CFDXHw5iZvRgX+bmIOrk83vrGnaFLtAo/dcfOC9soU8j5WEicSX3K47V71pRC/tMsAEtRIvH22zepTnf64LRyNrsXnwTn2pBMah8JLb++mSiE2HTuU0lMxCR0zZl/iX4FIB8ZZLlzZXFSVzjYZrWYBKJAk5L0mCGGqhlnepbx3SZEUl5Yk99ZNfj/BmldkZd0Tnt9eCvPy7lqBUES9X2EXJFZ0Qt3tvRCsoVuFqsdV+jBHgsF5tyQIHX1fJjBoad4FYil/UUJuSGXY6a6/kZt+ecBoNxLmVtm/TakoPzQPg24eWACaU6TMYiELmnIosz5zz4qaOiZB7DG+nkJ3CPoWFH5InuN0SYzjODe6NlBwpeiK5w8yeVvewnbDRTGBMLm1vdY31Ct4Zum3Q3LvsxWpMArmvuGlxzYBRmNX4wQ43XE/nr+Cuumrt2PmgFoO4oYijnepofX5XtoFd2gbvlW1Hq8w0H/nv5M/aaTacMXySYYuKAl0USVbJ2M0MXqAbC00N1YcvgSh7ZjNFytWwhGnUAadEEq5qt1Wuk3/6B4NOEJnq6sWT8EO+vN9yHB6/SZm00lcYbRvAGY47goHTxAH04sq3fZ92dhghYw13mm5oWfKVUk9UJBbWRTtd9eX5clWgmBmyePLID4hKL+E4jWmYrMy5TfMIdkL7ycBNNBstgezFbAseiIVOJomXrfJdRlfj+ivZW4X8sTjKRNEe3WG6H9u1KHgSbSAoTLU8IqQwVsbdGGO98zCDSANZ2X+7ZVYdWE63ieHGB5HEgS3qe4DfW2ES5od1k1F53Q/15RHaKLYPrro9MjuhzVZP9Ygx/VY62tu/mnE8ETzS5wyMnJGcox66J+Uzvdn0miUIF7DDAeT0N1wQvPRJdlx/TlQyxCgpEO2GI8i8Y+UC5MWDpntXP01pFvazgsB38C2TiZi5B5WV7bOKX1IlkVGvQhFcjOMy9L44A0qW8idGxEcabmOYN/ueYJ8U/aabb4iZ5ApHxYTZJoJKjfO1aatSsNGJjN4hELTN+A2P0ImuRZwmJJjyqqUr+tglWlAFRznd8jUywhitAtz0QA6vYJwb/wKZWLPQV9xZk0on3gDmfk2dpF4Qe1YOCF1U0QIjnIeGegfra9Zv5L0fWRuVlSgOwfgqiE+2WFbiQX34NUKHABbIjNHJNORle1EjTNPjjE9gEEq8yhTueT5zG+Lk+Jhg54PCU3F8vklhLI9TdY+i2y27+k+4Gl1taFoBFyxLsoMvHJd5GQANw/nhI99/Sutn9dioidvUwgHbFksNyVYaN5+ac7FwxImjY7Fd8r3v7OMK4ZyFrS8EtIR0Vie+jwUkGpYTXcC4AlVtG2bjImOT8c8jBVUb3oSEpx6GcDQzdtKzLYZ7hZug8PMjzvGiq/K0axixt2NegbWdXS2rTDNeGdyIxbjcI44WwpMmirBvbDfYBiSFrE9fKXLIPyhkDMD1h54MmrynnEMP0R+r0kquo+o+muzr07JqBA+k8bVW9yq5rpBDQkpfwHu6rJTzUwdLQee25XXx5tNlw8YHrfD88FcA2sHRdcMUTkVYWoNFAj2s/sSVmhvY0juE72eQAAQNRxxAXih5L6lbtkVgS9lI1aslJBF3213yuOilzqeH5S1/mQ9+udQ1ASmCJdw7IGugI/rydSw4ovZGt/UGWbYuSyxFMywwFr7lp8m3TGtM6FeaEDRmhrPM4z313nXKFYHd+/B3AwL1NgK/Q04eTHaQoXeexQYD5C7hCT1Lzt8kqgx4X0BzaJhjlOY/fUSYaNJScNcamOtpadkpjOLwxwMOs/vgJQajGhFh5Wb1CcmXAj6ceoZqCCnh6Ihtpqna21q6Ii4hlpxfFObO5GiOpQkpIK+tNxdTi1vTNcAsNghMk9Sy7T556DHzkGZTSHLoVO7jE6Fg6R99DXj8jLC0GgAS7AvtcudNdY7mI1asyj2l3o9oYG6YWkOBu22fiw7C8nClfcUIxtZp5WRhQuJi8o78OnV21fWiLuPKo0vn2R1z2l0n9EqxrDPudfH986j2xEKCxs0BY969lbjKLLUvekGtKauqRsR8mUTLYLtoQrhQqDTl1NYuQc4kj5BIFY8oEUDsG32/lEm/mnp9TTsr8Zm1p7WOTj9jyh70Uw79QRN43x5la4xcwfPkVPAAOGEK7r+GldLJlINLgXcWIsPAaDmWT1wNZ4qSfilvv0Zg6DDR3Dwb//3fGidjRi6pkdOlORgodau+j3uKeZzQCy3pPXhzRANjfxPQIen4DYW9kZuK4a19LcYtjbo6aETXOwTWxX+gERcTMrsvetYTFdHmRK9udmJ7Qz2xtd4atb9lq5ijbPlE87ojpnoUbEiR5fEciV/BJryNYD3fnBwrwcf7DK41IK1bbvANY9K1hqBy/6ZjQg4/qvWbG9x7ulMDG1OcVOy3Gw9W8sTsVVkOrnG69QLbAP65V8QLrUEYwA+z4bY9KVHU/45dQecH9DgBtCHIeuBNFfg5/o5Xn0OZ+uUF/4dLXcw3dwj6kypgOBCI1GMfYwuLlk9/2ZqBqO+ZbzZPy1vZ7S+qA7bppmEitpTs18cd52KgaFIC37bpdwIkJbE/dcEwsSRE3k0EqgyU9srLv+motpFbHUHDdSD7rlEUkhlg4PEma75BF0yqcRwM6EY34Y4jWGGbFe6gp42at43Kg/9a4KvemvdF7XFwsyEOlqOkSGLfxcWrKpJQKEnTka4XYZzdwgN9w48xQSnq7AHeeqwKjGTEw/BDjAVExR/8bKkLSb+od7c4TUue0cIEfeY6cZ6V6J1HsKIWWpwNZ79mtm+oNUYDUlVOpLhCpwg5C9ylM2ufZWsTMHDMruQPp26pJu1eLs+RdDzYENhid5Xx1l5M6AtO0Vkq2Ac6DlE46D6zBTJ7debSo689BYd7z0XEXbquov/Nm/HNhPd9dx/OLHCnI3Dn8tlv3k8Am5Ee50Mt5IS2WHBpGWfvBM4vSGvsTdELDgR3DkR1UixIht8v2KOb8boYTWRbarsEIuhIrEwO+NaSooLoKSwSpnhLKHRNe1dQoKGyhqg04nwRa1PerhDTLlg/ent15jcqA72zK9jDqe3wGq50cwFfyJUE62RFteo8/Y//HmzCrWg7wnvdcrkC0nhzXpChO8iX21rOnVmdq1hkYKj0A7HTA6q0btAdjDRl2bwEPT5dgbQvvQRm7Sj7AvEWzvSGFUiMVzvdy9uURYOYtNJyCM4QVTsPI9vOzhJKZpQf+oaXycHjjPOkJ43NFNXZ7hMp6nd9hBOCKAaMRNKGBM/Py5amxC1u68zPEOCVXJW6dyV/HG8+zGgvKS+539/xnYLTB9ksOTheXUCdShvW2tKY0jWrpuMe0Pq6EF2zySUH9rGmAg2+5khJcDAj8+DQnyGvPS91fHXWq88sI+2sIyNSxPJMJs+0wtseGEaSuG5CyaTjHCghxbYu/fy1RJLEDuaCGFzRwdElCFVFITg4oL1l28vmhg38YgUGpmP1gwxz4QDntcRcw7591hv6CJVjXrW3z0hlvnlZCTW0oFxgw0t6DlrnwFi74ocNRCjENXn+KXqxlbdUb/RRhdnK1pozkVeWghaRQK8gDOxz/ocRaSyIeHEkqk5sKwlcCcjyRSvckF/k6zSUHiVZl26h+wLlfbziX/+yM5ViCB9Tru9/geqVysqbJIgSoyGN1jWN+B6Hw7YSQf2CQwVVyKdxcw1MkeIUkpZZM5elN/AJgiaomh2rw9e0y5GGXxqoI9xLybj5DZOap3Bg5iSkefA90Ne6lyWYBF+XQMvGK20jfpMu6CO5A8kD8Hj7iH5bNTa7RrvV7BeWm9kh3eRBdQYVCHuigf4w6V7F9H9vte8ndp0750bL4W22EwX3ppszWxNE4BGC0yPn+mBUHCDQ3DoLaQnh1StQGYeEQ/LPcjuMofKQ4vEu6M3FGrAn59284Omu7A1RfV6Rns2pB18B0JkV1PQ4QGZe/jq8v+EX4vhQ9NCDdy7g0wVtUVQmegL3ImGB+gJ2/MosxM+7alEw9TpuYrtGNdVezgF/R9WwweNGdLeZrEHLvzIhmttZvb3uODN3jFojfLHFneDyze7bcVgqbl8fae8OSW7eeojGZDrNyFiuTZr+WV+aVsTlzOMRBAk6Occ6wRlFzW2kKEaRh16H7+l8GLLTAE2vGDzntfTDXoZiPMzzI14JHL3H3Xv47LEMjLTuXIiuEcWTEGJSjBd+9vXoOOVVQ1lYg3UaNu1DzHmxsJwiydqCUUa1yN+/4lHAqARZ3Y/8+Em1AmY3hKrVLyDRcRIjkMnoI3TS7MIF2u9be8Z+/kDtq/t48D0tS418mQbGfDrmTu3e6E9WrtdxJSuYoA2YohSJ7mtI8Nmqs74AWfel03mRCwqDf8BgQBekKoExcsr9A7iSLIiMj5xOXiJElpURHTDubvMGTe7wymrz8fx48v9ZSjk5r5Km+DO9YfpE+steI52IvmTkFBVRbGViFk6K+UQv99+p1jqG+vaWwnmDvMmNS7CiRKQZyoijm3MbX7Wk4Le3L7KY5HmnpCiGhL355o7yCMlrVKhI1qPHbkNqfn5KTVSBcWHKjScjF4k8boe9ttzlmkWGUMJP2TjkudEQRCZ6HIyBPBSbyTZn8jw2iOtr0Zt+2cYGaN2E0btMauOp2uOmvsij31BK8IerRxL9fgcPuT7VUekaEatJCrIX0dimmT8egXyJnQlDk5G9b1ziUncwA8nGS2b3U1aNQ6OGEvOmQ0bNzONX2WhwW6cAV1RhE79uS/3VYVvDrb/3azbuTG424MPsy9F+OJ9Rr2d/UJxzD66xtqyIfjtFxlfZRBAYci9UZsmPx1SgBglfovNkofdXElZ6k2cmzDUitOfk7JsghQUgyvXUD/jbFZmI62+bXCkpvJyUr3SW2nzfsbUgUOzGDR+AxT4fhuZg5aXEmpZRKzcqtjufcKgrMPN+kcHHyAwx4LPm/1JfPv9ids78Wlv3w5xEcEUoPW5P/58bOJq0nFv9B3N3l4qQtDLhAbmXECuPG1gfywCfd7DUTYZC7tFyoAEkj3SFnLXa4Tkmjh2VP0F3FqRIwkjRogbRrwIKUX3Izdv9cjQ5AiJgMs4BdLGHp+0wyXddzbeQF3sM3hB8mm9N2u9ZNS6ABcZG/UFDK/tzN/mcqlKtLoma8zbWiXU+sCUVPilCHFuC4777jjjFjedQoI6jmJKl8BYgDPn3rfFtwOlTHvcrOP3x7h7P2H0oweeRmJs4JwFPFBW4TEyQv/GCy5Kp66+L7C3iz4K/O9UCa32vckAp1NV2SKcIlbD5UrOn4MYs2D9ntQp3eeLJMFGFzi1bBgyBiB/JE3Ax77m16ZdQmcuv0cznhLJwv+nVOTEKeaq1TPQLuN3h2ADMqL1zSkpnRCnw9jIFD+gu90xStrbT1ZXRSIB16Lp4ZCRqXf+vMr373G+1Ji0NawOoDXVtILR14KF0x0xj+FuaalrRtT73GHUcw70kMFjtYjs2KsPjtMtpuaYV0IpdbogRRe1lA1htcQJPWsRKUpltTPzzKAdSzJgw0It+MEpAlPioCY3bIqn0GuwQw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-10-17 06:46:13,399 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:46:13,399 - INFO [Shibboleth-Audit.SSO:?] - 20211017T064613Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_6adcf55b-ee2e-4599-9a3c-369a4f554628|https://iam.eum.otc.icsi.eumetsat.int|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_301f0f93a96215b44ee7577a8e940ca1|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxMstznDgjwok4+4a4SHhH0/5MPx9Es4QmMqbFWBVy9eM2+NqAEMXn6GTBD/Aka9zGrMEKbW5Di7RLKLhAJsaNDo3w8kCtdblIqzJeIX4/mQIeQnrHvFYq9TXasbAVV9Dk5QI0kUJn|_7d0664a6676e161a90c4b1586c2592c5|
2021-10-17 06:47:11,184 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:47:11,184 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_7u887t88qrbyepeqc4g4vw1fmknzcald5h47" IsPassive="false"
            IssueInstant="2021-10-17T06:47:10.542Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_7u887t88qrbyepeqc4g4vw1fmknzcald5h47">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>nu/xN+wMpZUs2owNJ7MDl7EWK5Y=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>He4XTX3RSaO0QsAW08T1N+loVd/4JOlmm3pWyLNq+PE9q61x9gFzw9Ejxeqcbk1K4vY1iwbbOYqqmfLuXNQgf5Zaeit6ryVT6QGfcLowdkHWJCx6V65oXlR9wHwNNLktQEh0eSGSUnhXhSvXnXtKMU6py9zHXXAnzqSEStjF/8f42Box6j7Lsr2hpm3qpfFZ8XcFzXTw5WcC8SbybEiu7wE8jB8fWcgdswB6brN39JtvnOSmuZukAYGbW5mVZhTAqmIEpwLE9cgAAPPhDuNO4YL+4TCS/kuYfzapamLBlFw3XM9VfWw95osMKfVPm1QfT4PC1NkovKBOAfWfuNs52Q==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:47:11,190 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://iam-pub.eu-ch2.sc.otc.t-systems.com]
2021-10-17 06:47:11,190 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-10-17 06:47:11,190 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://iam-pub.eu-ch2.sc.otc.t-systems.com in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:47:11,190 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:47:11,190 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2021-10-17 06:47:11,191 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/ecp is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://iam-pub.eu-ch2.sc.otc.t-systems.com)
2021-10-17 06:47:11,191 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:47:11,191 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:47:11,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.config.logic.SOAPErrorPredicate:?] - No ECP profile configuration found, assuming error handled with SOAP fault
2021-10-17 06:47:11,192 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContextForError:?] - Profile Action InitializeOutboundMessageContextForError: Initialized outbound message context for error delivery
2021-10-17 06:47:11,196 - DEBUG [org.opensaml.saml.saml2.binding.impl.AddECPResponseHeaderHandler:?] - Message Handler:  No ACS location available in message context
2021-10-17 06:47:11,196 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:47:11,196 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <soap11:Fault>
            <faultcode>soap11:Server</faultcode>
            <faultstring>relying-party</faultstring>
        </soap11:Fault>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:47:11,196 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:47:11,196 - INFO [Shibboleth-Audit.SSO:?] - 20211017T064711Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_7u887t88qrbyepeqc4g4vw1fmknzcald5h47|https://iam-pub.eu-ch2.sc.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp||||||||
2021-10-17 06:47:11,943 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:47:11,943 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_7u887t88qrbyepeqc4g4vw1fmknzcald5h47" IsPassive="false"
            IssueInstant="2021-10-17T06:47:10.542Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_7u887t88qrbyepeqc4g4vw1fmknzcald5h47">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>nu/xN+wMpZUs2owNJ7MDl7EWK5Y=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>He4XTX3RSaO0QsAW08T1N+loVd/4JOlmm3pWyLNq+PE9q61x9gFzw9Ejxeqcbk1K4vY1iwbbOYqqmfLuXNQgf5Zaeit6ryVT6QGfcLowdkHWJCx6V65oXlR9wHwNNLktQEh0eSGSUnhXhSvXnXtKMU6py9zHXXAnzqSEStjF/8f42Box6j7Lsr2hpm3qpfFZ8XcFzXTw5WcC8SbybEiu7wE8jB8fWcgdswB6brN39JtvnOSmuZukAYGbW5mVZhTAqmIEpwLE9cgAAPPhDuNO4YL+4TCS/kuYfzapamLBlFw3XM9VfWw95osMKfVPm1QfT4PC1NkovKBOAfWfuNs52Q==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:47:11,943 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://iam-pub.eu-ch2.sc.otc.t-systems.com]
2021-10-17 06:47:11,943 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-10-17 06:47:11,943 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://iam-pub.eu-ch2.sc.otc.t-systems.com in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:47:11,944 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:47:11,944 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2021-10-17 06:47:11,944 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/ecp is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://iam-pub.eu-ch2.sc.otc.t-systems.com)
2021-10-17 06:47:11,945 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:47:11,945 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:47:11,945 - DEBUG [net.shibboleth.idp.saml.saml2.profile.config.logic.SOAPErrorPredicate:?] - No ECP profile configuration found, assuming error handled with SOAP fault
2021-10-17 06:47:11,945 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContextForError:?] - Profile Action InitializeOutboundMessageContextForError: Initialized outbound message context for error delivery
2021-10-17 06:47:11,946 - DEBUG [org.opensaml.saml.saml2.binding.impl.AddECPResponseHeaderHandler:?] - Message Handler:  No ACS location available in message context
2021-10-17 06:47:11,946 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:47:11,947 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <soap11:Fault>
            <faultcode>soap11:Server</faultcode>
            <faultstring>relying-party</faultstring>
        </soap11:Fault>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:47:11,947 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:47:11,947 - INFO [Shibboleth-Audit.SSO:?] - 20211017T064711Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_7u887t88qrbyepeqc4g4vw1fmknzcald5h47|https://iam-pub.eu-ch2.sc.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp||||||||
2021-10-17 06:47:13,152 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:47:13,152 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:47:13,152 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam-pub.eu-ch2.sc.otc.t-systems.com, acsURL=null, relayState=null, time=2021-10-17T06:47:13.152Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_b2769990-8717-4b28-9d69-3456cdbc012e"
    IssueInstant="2021-10-17T06:47:13.152Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:47:13,152 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:47:13,153 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://iam-pub.eu-ch2.sc.otc.t-systems.com]
2021-10-17 06:47:13,153 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-10-17 06:47:13,153 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://iam-pub.eu-ch2.sc.otc.t-systems.com in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:47:13,153 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:47:13,153 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2021-10-17 06:47:13,153 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://iam-pub.eu-ch2.sc.otc.t-systems.com)
2021-10-17 06:47:13,154 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:47:13,154 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:47:13,334 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:47:13,334 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:47:13,335 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam-pub.eu-ch2.sc.otc.t-systems.com, acsURL=null, relayState=null, time=2021-10-17T06:47:13.334Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_183b4567-57b9-490a-b4c0-49b2fefd51e7"
    IssueInstant="2021-10-17T06:47:13.334Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:47:13,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:47:13,335 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://iam-pub.eu-ch2.sc.otc.t-systems.com]
2021-10-17 06:47:13,336 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-10-17 06:47:13,336 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://iam-pub.eu-ch2.sc.otc.t-systems.com in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:47:13,336 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:47:13,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2021-10-17 06:47:13,336 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://iam-pub.eu-ch2.sc.otc.t-systems.com)
2021-10-17 06:47:13,336 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:47:13,337 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:47:13,516 - ERROR [org.springframework.webflow.execution.repository.NoSuchFlowExecutionException:?] - 
org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s2' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.
	at org.springframework.webflow.execution.repository.support.AbstractFlowExecutionRepository.getConversation(AbstractFlowExecutionRepository.java:172)
Caused by: org.springframework.webflow.conversation.NoSuchConversationException: No conversation could be found with id '1' -- perhaps this conversation has ended? 
	at org.springframework.webflow.conversation.impl.ConversationContainer.getConversation(ConversationContainer.java:126)
2021-10-17 06:47:13,516 - WARN [net.shibboleth.ext.spring.error.ExtendedMappingExceptionResolver:?] - Resolved [org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s2' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows.] to ModelAndView: reference to view with name 'error'; model is {exception=org.springframework.webflow.execution.repository.NoSuchFlowExecutionException: No flow execution could be found with key 'e1s2' -- perhaps this executing flow has ended or expired? This could happen if your users are relying on browser history (typically via the back button) that references ended flows., request=org.apache.catalina.connector.RequestFacade@498d8a3f, encoder=class net.shibboleth.utilities.java.support.codec.HTMLEncoder, springContext=Root WebApplicationContext: startup date [Mon Oct 11 13:53:44 UTC 2021]; root of context hierarchy}
2021-10-17 06:50:22,352 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:50:22,352 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_kbemjy8agb8784im5jg6k9k9nvulgbc404il" IsPassive="false"
            IssueInstant="2021-10-17T06:50:21.623Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_kbemjy8agb8784im5jg6k9k9nvulgbc404il">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>rAF27AovUY4HRdwYzI0YD5Kc5MI=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>BxZGYXcR12Elatqavx2FUOSt5vagbkB6lOod61qI+VhQU1RspJ7MGDXbLrWbEXXri9Jt88y6HwKlBhzYeXLaWx6Yoo1FbZlvXy3pAokdxqFSdN2ngFZxi4OEm0dudfjcjikfrdMd7s5ybGtmi++Dw888x69IC3kwGI7GjLtZlCA=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:50:22,359 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' from origin source
2021-10-17 06:50:22,359 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:50:22,359 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:50:22,359 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:50:22,359 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:50:22,359 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:50:22,359 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:50:22,359 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:50:22,359 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:22,360 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:50:22,360 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_kbemjy8agb8784im5jg6k9k9nvulgbc404il', issue instant '2021-10-17T06:50:21.623Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-defcs.poc.hybrid.otc-service.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-defcs.poc.hybrid.otc-service.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:50:22,360 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:50:22,360 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-10-17 06:50:22,360 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-10-17 06:50:22,360 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_kbemjy8agb8784im5jg6k9k9nvulgbc404il"
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _kbemjy8agb8784im5jg6k9k9nvulgbc404il and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_kbemjy8agb8784im5jg6k9k9nvulgbc404il"
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _kbemjy8agb8784im5jg6k9k9nvulgbc404il and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_kbemjy8agb8784im5jg6k9k9nvulgbc404il"
2021-10-17 06:50:22,361 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:50:22,361 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:50:22,361 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:50:22,361 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:50:22,362 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:50:22,362 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:50:22,362 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:50:22,362 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:50:22,363 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:50:22,363 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:50:22,363 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:50:22,363 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:50:22,363 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:50:22,363 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:22,363 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:50:22,363 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:50:22,363 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:50:22,363 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:50:22,367 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:50:22,367 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:50:22,367 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:50:22.368Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:50:22,368 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:50:22,369 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:50:22,369 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@78639783::identifier=rick, context=org.apache.velocity.VelocityContext@309ec61e]
2021-10-17 06:50:22,370 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@78639783::identifier=rick, context=org.apache.velocity.VelocityContext@309ec61e]
2021-10-17 06:50:22,370 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:50:22,370 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:50:22,371 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:50:22,371 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:50:22,371 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:50:22,371 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:50:22,371 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:50:22,371 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 19794bda1569784db52f1611603bd47b30abcf39e8537881d97d3d7e881e1f6b for principal rick
2021-10-17 06:50:22,371 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 19794bda1569784db52f1611603bd47b30abcf39e8537881d97d3d7e881e1f6b
2021-10-17 06:50:22,373 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:50:22,374 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:50:22,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:50:22,375 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:50:22,377 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _024e1c480e28a9825672519bad02e48c
2021-10-17 06:50:22,377 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _024e1c480e28a9825672519bad02e48c to Response _cc06b29aea25d7181f8798a18050b6bb
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _024e1c480e28a9825672519bad02e48c
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:50:22,377 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:50:22,378 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:50:22,378 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:22,378 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:22,378 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:22,378 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxd1TITkhx+lsUfb1/9Mw+7FXaPhVp8MsswQHEJD1lLFocqjsLzF8aIL/gT8sWQ/TWf1YM9towsmyVh1sdL8ZfBBx1OW3SrtL7uIZY5GKe6Aa1AmNi+ELQ53vQ9ihYTg7jokZQbpIAnaHfvRzCQJ5FXl82 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _kbemjy8agb8784im5jg6k9k9nvulgbc404il
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _024e1c480e28a9825672519bad02e48c
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _024e1c480e28a9825672519bad02e48c did not already contain Conditions, one was added
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:55:22.375Z, to Assertion _024e1c480e28a9825672519bad02e48c
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _024e1c480e28a9825672519bad02e48c already contained Conditions, nothing was done
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _024e1c480e28a9825672519bad02e48c already contained Conditions, nothing was done
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2021-10-17 06:50:22,379 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _024e1c480e28a9825672519bad02e48c
2021-10-17 06:50:22,380 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _024e1c480e28a9825672519bad02e48c did not already contain Advice, one was added
2021-10-17 06:50:22,380 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session 19794bda1569784db52f1611603bd47b30abcf39e8537881d97d3d7e881e1f6b
2021-10-17 06:50:22,380 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session 19794bda1569784db52f1611603bd47b30abcf39e8537881d97d3d7e881e1f6b
2021-10-17 06:50:22,380 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:50:22,381 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxd1TITkhx+lsUfb1/9Mw+7FXaPhVp8MsswQHEJD1lLFocqjsLzF8aIL/gT8sWQ/TWf1YM9towsmyVh1sdL8ZfBBx1OW3SrtL7uIZY5GKe6Aa1AmNi+ELQ53vQ9ihYTg7jokZQbpIAnaHfvRzCQJ5FXl82
2021-10-17 06:50:22,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:50:22,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:50:22,382 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_024e1c480e28a9825672519bad02e48c"
2021-10-17 06:50:22,382 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _024e1c480e28a9825672519bad02e48c and Element was [saml2:Assertion: null]
2021-10-17 06:50:22,382 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_024e1c480e28a9825672519bad02e48c"
2021-10-17 06:50:22,382 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _024e1c480e28a9825672519bad02e48c and Element was [saml2:Assertion: null]
2021-10-17 06:50:22,384 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_cc06b29aea25d7181f8798a18050b6bb"
    InResponseTo="_kbemjy8agb8784im5jg6k9k9nvulgbc404il"
    IssueInstant="2021-10-17T06:50:22.375Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_024e1c480e28a9825672519bad02e48c"
        IssueInstant="2021-10-17T06:50:22.375Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_024e1c480e28a9825672519bad02e48c">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>HqBooDZIGkCvztiNjaNtDVF2y97x682VBdvP+x8r0XI=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>a0owiPbEg01CBWCBhARf0Jt2cd6mIeDiNmrZmqYWKx2l0z0+OmEKh0sOrqTqULogRMmpF4lQmepAPecphQfjTaUenCX4TGIcS1y+txt/H3lTgTlhJZHwAmHRtVOb29eJyVP6dBM64WIOVWXKqyzWzTDuJb3GF8fcpU8VxgR6I3jEd2dGPJ5ql5nhZspMGkSgBW+TR9xj+ngXQRwtMhjwWsUvT/flIDNZnqHEhELTWziKlNoArI2uYzxybaSwPkacqDRY41zIhNXQ6R2ayV1X683JWWPG8mCLiauMAj+qBTQGxQmm+nY+b+b+xVIiMQrDGKLRtFYgiNb5KPU1v+/SUA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxd1TITkhx+lsUfb1/9Mw+7FXaPhVp8MsswQHEJD1lLFocqjsLzF8aIL/gT8sWQ/TWf1YM9towsmyVh1sdL8ZfBBx1OW3SrtL7uIZY5GKe6Aa1AmNi+ELQ53vQ9ihYTg7jokZQbpIAnaHfvRzCQJ5FXl82</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_kbemjy8agb8784im5jg6k9k9nvulgbc404il"
                    NotOnOrAfter="2021-10-17T06:55:22.379Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:50:22.375Z" NotOnOrAfter="2021-10-17T06:55:22.375Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">FBoJLtOoUw2btKHIBlWZIUfK4eY38qljlQ9xHlLfA6o=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:50:22.370Z" SessionIndex="_96b677d590b3f3fcdf7c0ce178b6531e">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:50:22,386 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:50:22,386 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:50:22,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cc06b29aea25d7181f8798a18050b6bb"
2021-10-17 06:50:22,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cc06b29aea25d7181f8798a18050b6bb and Element was [saml2p:Response: null]
2021-10-17 06:50:22,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cc06b29aea25d7181f8798a18050b6bb"
2021-10-17 06:50:22,386 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cc06b29aea25d7181f8798a18050b6bb and Element was [saml2p:Response: null]
2021-10-17 06:50:22,388 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:50:22,389 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">FBoJLtOoUw2btKHIBlWZIUfK4eY38qljlQ9xHlLfA6o=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_cc06b29aea25d7181f8798a18050b6bb"
            InResponseTo="_kbemjy8agb8784im5jg6k9k9nvulgbc404il"
            IssueInstant="2021-10-17T06:50:22.375Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_cc06b29aea25d7181f8798a18050b6bb">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>iuokG2slheMiG6sVuWjPTGbppzxmpjIugJKGmeSEedo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>KaannJYoSq/NX5ibTOVDZqZL+o06M3PTdZq0r86s9u4fDrJjbtKIeh17URsOxG6QX/uaOVaUsv0qdRoOGWJfTqzci/NT+5H2YKucslNWHgvNg6+hwiFoYyXF1osmjKuzfE3cTcQQqcQqjiE8s5+r7WSuF/xjibcsQrkHpBmJ/nhzj7U5t7UHZwhh6cGmCSL04w/+cN/NL2/K0G6rOXXq43FAQqMXAJ13Uy5ByLhXR8jPktY7hUsIHpGKRYMkw1e6P4UqQT+DKopjP8le8evKna3tBBJz/RJZd3YhtTtQK9FEYKe7NBR5jxbrEqiB+fcqARKEBYsP8uI7KFvTL2ctBg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_374bb3d25b7b9d746f68670c6795c6d6"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_4b33211c830eec4b32a594a95798e811"
                            Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>Um6A6tSoAMe0z4A/gXA/HDgRF1OobsLM0R2Drt5dpv32Y8PbdiXvWFx5WHMKg1hfunqXq1MvSmjbCEaNghCRKBA8wmgnee+q9/B4mQVRTz79ag26Z/qS2rLT8Q1p1e9qZC6fjPansOp0n1LzNk2ZQHSNcnionuOdMencnqEo514=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Vhdzh82F7i20vGUh/mYaa/rpYkoUSU9cvZ4V0F1Y1SvLMtnUirsTas23aFcd3LWQEfraFcAEvNCI192gZse/8+/P9x6fpBGiVBf9BWfjjJkMVyKE5wnYXESumj4xWwxogV0aAZWhR0y+aaxD4Wsy0eosEuiw/I1Ub+/1JQG1UsC3Jvan/0Gi2rZWr/EnvpJyPYSbhgnrJc9QB6p5XdIbYeAmhPjPcoVtrmvqB3wUrJAUFQ23FheLsp6uHGFJ+vM8dZAXjbGuHEk7bzElrdyBa7P/135KyWJlOU0bXot1JSQUGXMoDtws/ClRUzd9dtsF2lWqK38q1jVphlu9gCLlnuLIrc3/fC3ckUW98T3ergIbCY8lu+uoHTxNUTy5pxXbL56UCaHbyCVwBYqR3RzIJyjgjpxiMOmvobpureQZruF4STCTJ6zyugmtuTclltNgCEIkf2iWSWo6PxlE1QYUQ8IqtM1gJFAe3X5t8xVa5wsZCuqZKGCaz1IepkNdPGOdIYyH96dFiOerVslSxIdD3VPkgbSMWhgqxhB+dYuY336YLHXUTsEuZ3OeRZagUmop8qDxIbtQM+gSoit0ykwD5hotQwWBf+gJL7L8X55eGVD/6g7fqJb1aN5OpwpsIe+D4kjo+HoQ6+bXOvQr8R6s109TDm9cWN9yd6Nf1sB2G+HBobxnYqz1cnxiIgjEfaDru80af2NxCljTeV+Di59m8EEi6U+sJ23JXRMy67zdBLbMxlPWHdWDCwmx1Mz/puyMk+Vx4yHf/zKYMKmB+IW4JD0VswtatXJH7UVE0gOLniaMObuHsD0Che3/L4fYJX01L4v4K5vK0sa3anBsqxT4OoPsohdsnfPeQTG0XTm0xRXiL2GuFJapHiCelYZIbK3BKfywrwAf9RkzMDowBbqkUG6DI5GaB+AyHf2n6KdrnPwxPYlSSxE0ZMzzg+kFnAgAleUTtOduDVFSPaJ02kqKmCHQfey8i3rG8OIKcCPkP6MsBRhiGVg6KwGjQhfaG+kpE11Ht/2XBJrWlsy758unxxzhBhU0gTlPZp3bTRXooZvx3sxYHpLQ7bPdPIlVz95PP9D8IDn/mZBCEHDKEdRXpBKMJMK+OEt0wUlxNlt05P7J1EzKRpj0PfOX/NU2LJNbk0UUXaBiDg+8qii9UCvrzGfqV0fndh4+B+rxnKqJQ73SKCsGaw5JszlEMhn94/ulAEXd5MDqXG1IXteE6iFbsYglo92463lMglPt7eEaBhhO6i1p4RYyWuYwxbxcvd4qqgl3H0SSV2eQdpqWb8I0CNIv3J0Az+sXdO6rzALYFZr8qNvJ0AfOnEJxKuL4GFUMIBeILJQi3iI3z+7NAUgGhXORAPpb+1MXIy9WmikHu9AJPtA5LRdfEcrMfoQetLH5U/vJxq3+AJAaR2pIaw03nQSA1zuoGfEn6ySAt2YJXTX/mGU+gHZNRoUTi2iPu0nWjN1GYa7ydZgwJ3AK1ZZ3tKHtdjd2RWzcGD6wqiEecyzgmkD7xsWrnwIHe78YiEGyLh/h1CKMtQRAD1fQrEaJOD8qLBacpaw+tvveGPGLVh83NDRljm0/85Kwe7wytYME18UuSVRPA15v+TuhbAaoTpbANSA0bZJ9KnHs5vCqx93O4twnu3Q/gwIaEJtPct2k224J2dt9ehf73hSVNmM6Xm/MVcqMZIOMInhK5mB3IP9Cd7jrsFl2JQJXuhQRL+SdKg2ZwHpiglhZoVIRCHKRMKV6r1A4/a0jvE37AUk40Pb9fDUoPxjxyeSi5QlAOzs0zkTdLqdRcEKkosY6+0CioabZnjlTOkTdb8liv/5CuJCR/Rdj0o9KlMDkpcQFcHJY4f9xK19F8sLgvIi3ext2HyQRPO6V2ece2qz0tljwmTsq8tz/O1vkDgCQxftZe05X3L854qHTmKk2mNyh/DP1SfoFGUAWlzpt5jq6fYJKiO8We8VHaS086A8kbT/IND3qNQxD1X2tgOWuWfz6UWTrIW90e/jXRrf4Uv5Fbf2SnomE/t2mDfHUnbm6NoPXnzUrqCYZrENrVyaHNZOT2Fx5tNNUzZrDjIbEpgqsT/9m8tuF6WqoB7qeKjxeW0rY0z6JIzpmw10Iu739EWmggPlwBzmy+wQXBKGcQbAKhf8JVgJA5F1AmB24NUENju/Ks2PcCMqYZNYol/T2QKkuH8yKFttDDOQ222c2ZvOAdTuRnOJrETYW4otGBQ+nqZiExaC8LKRdn/kl+mFfdw+/bctxY6VtdoGtd59XPv5VNDC4c7M93dPp9m6Cp8YBri/HOrVEk1iEZhYhxl8F3i5EH/HjM/e8YGp02MF/YqgRhcR2p7NHXuY7IYb88OCsDZsc4CSqgEdfVC9MsiHJiRbqIvm1oQ59IzT8v08fb+nIGgdMvHabAJ7GH36hr9JjdK9A9hquh6nc4iCgJ+KuYRPbkJdXTT+YBICD09OdNHq0vY6gJvcZRDQsX+MuQgWq90oS6lC8YZpCmvjUS3aPNVXA4+eFLvel0AtThvFGcfYV+vTVT6U6ZuxHv2U+y9mL7Unmv1ldAp9HWmehzhLpuar9wV0ttw51pfAhfthHi3f+Wvw3N7i8Z5vJgN3t3E+eZl+2/DZjIn8MZF0gnfkRJ+qYPjQZhRF9QZGnUUDwLxcnHlOaOfl4tBFZBjZqoa5vuaioMIME831xtD0PHmcT7oMF9V8atIBLtfqPWwLg1xYGduHjFTQ5+2AJq4uwuzsVekYGEPth20FbLhn6irurmjVkXVLG3kIACpgAxtw74noGhtAwtBjM4X2YrQpo7RvKq2MUPQlZ1BTdivW82kswf2h5HxHZy2492qd8byoLQU4vKsT+ge3NDOgui2DL6SYLgkrj85M3kpS7vObA38TOo5ypDslq4gkCPGk5EN+jDogw+k0g3npZlf8pLTTsI0tCH1VyjZIGaVQRoCmcFgEkn+1Xs2855p2avz9jBlg6OcQwQ5IHKoULJi+fwV8gYZ0FuzPAflCitAGD9CgR8lKA3DmtgGN3ZZwUc52edwd1rrVCcANlSf9Sol3lSPUho8vkAUacyeIZsIl6bxYkiquT5DrozEwxrSssNVDmIMfO8Yy9jhWK5U6qwspppB7bXrAqBWtdW60sfhvoQs+cUBnxPT6nUiVXs2avdiXGYVgB5Af5a/6cVg0XN4+6EZbziPolQec0Hu5hEa++qyVvNOkE5eZgNdEgX6kRpaq3754w04cL8WTFZxklJWk/jxh5QAHk/gSopWx7F2kPifMut+cukWfs0Aoxim5zl7QWTqp6u7LX7izVRHQOU5ix9qDzUrBaablX1UkWFwUFA3Ai08AkKqkT2MumW+7biyUWPnPtN/w0aG7BCz8gplFFgJb5+ehOv9eOXBDLdfhWAT1MSxlRoEPt3lGmCEMS5A9h2qbepbzW8gXx0oDNGMrUWurNTqFRR4mmmaj9uIoZQBS6QcHMur8UycesIisRLQarNidlMfpZglnUyyIVVE9MB48dKNpE4glIw/gVa2c7i0jHbwUsP1HUGjpgSkAxksk1awwX2GbVQgkZUaa3hmN1uswGaqpJSovUcz6vEGXmDwrkyP9/CE9MjlM5UhcLvg+RkznHHbK662JFnlNIqXLJeXnZUeD7nWe5xz0dhImn5qRGc7eR7MsfcSdSNkPVQkyes2v4RHGlonSH9SrYEy/Y794QzG8RQRmO/Ksaz/x/di+BuMCcAwBK6ZrYgqWug8+jWhwXEoUlBO6n+KMTxcGBrrz5wIEE9IYnRJyQU9U1auLKxpohrloEqK5ZPUj5aejzWZ3bWsowFDBeM+DVHJhsUZgXRkz718iyKIdBuEk8W4CQKxdMxUMfQD4dCjjJDLbcPmc/rvcXuL+tORcA3CrUaUBspBuPGcGNATKoqhX0PkrFPpyzRV4iLEJa/D0C759tlPnf0S2X2WQBE0XQHZ6Qcy5DBQBuzcgM9qT+GfKTwd8U5og5tnsQHp7XCSR+OcU/Gac4ggS3chyUJEzHIKUqoRINCXUYR0BwrwKJOsyxy1zn61Klh2As7etjHkeRGqcoFkw9g9YY1O34JOgYBBcKNViSZAzqhbYMXGnkDzMLcVjapdQ0N4oZC/jFswHly/LQVwPf28Ear4b9wAg2VOv2HxTCXEf2g0hQyeITeDY0jAjZlmW0vMzCoZ/BNXhNqYNp6oUxY6Z4SQTRFXEtMuoqMtSJaRPmioI88MjImw+SuZKcmq+5YqjN0YcFnF72I2pj3o1+H63s8090+MfyoNTWN0hzQBcleB94q3tEKHr9QBTa1mmQa+rm1k+7ud2gsO1vsiqDVEGX0FAWXlP4CH5Zu96qBay7svpiaRsBH30gz8veN07x38h9EqwMLVqDunRBM8hAflTSGgmIIDI+BVF3pGe77vj59xamDZs+I5zlir6weM6Ra4UBNVNGyx85odo35qoY/n6w4ic6ACBcvy0p/s/hCR8ao+TBI7I7rn95a4vLy/hcYeG30oLfRQ9FhmdcgsEazPrW4fOzv17a59fdutnIBvzVtuHmfaQLI1o5DrFfpld7mzV0N6qQ3lzdvIdKBi+lmGmMOOAQwlrIDcN/VsfWK0lBmq0WpFmnzVV/jDewg4jP+8PXGsV6FPfYUwi2CCXNR/MIVgbTpBFJienURSAq5ZeJTueolTPqet4SbNqHd4wN4kU0BGYoUbUYYOMiVEmeCJEKEmqLrsBuzj7PV/zmJCIqwQuHE+Fu8CbG0klXoe+RSTNHyFkNbjplsAkSJwF+alOUc+DmZijGKOCADc1Yie87KfoLBQWHcaPThD1ljpn83tgrPScRagd2HBj3X9hO5/2apk0zf7fDVOX9XXz/QlMfAE4JEdbtwUdKCObFzaqcNxS9aCzppxOUL2bV3CHrrqwBQ+GFoiV4fbjrpMFfdG04ScDBtttzwHhuWwND1GRSnNZNRxPeMaZlu3L/xqBHE3IcxhLkeIq7ee3t32KbvMhXGWfRU7cjf6JhrI4l+qIHgabuF6W5dkkqW/QmMHSHEtLtFFPwMtaE/6DgDv2IehIhGaLptejGScVTCB8ZRFl/J7V7VxyU829EZDqtrSSIwMz9xOYKqz+uoypQ8vxsmZc7QDNEzmwPqnlTwSn6/4N64/7ucGi2Ine6cWrkd2Ohyoh2v9Y2ATMGxzlbVAIZbeOV+w0ufRARUbaaLhMilFXCN9lZqWfM06T9A7HXgmLplkAWZr/xt+LNTphq+midPwif4XWLSwz/dWtf/zlpdCK0XFu+XdNwKFv23Rqsf1Ahz1aPfEZsOx16hxTVvlF5m4Pn2L/CCP5Yt6y40quLuqc2ZYBYT/xn75BldGa+6VIvsNpgVoc6/betjgRMhWUlMn0RwjYkes6EyyCnwEn0vmee9DpCsDkPkze0B/KFcL/+lZU24LKtt760wbcfjkMQJRgj8592HvhKJSGksc6ttSecRwFF6mKaMEK0fkajShjJ9co3aNjIKRy/sTBV3XVfJe5vyoFT/eEIBq6jTh2VB24IqEqwXdkSfjUXlRZuWhGJKrEw4G2vl+9EwZcjRSmitoM7q6rce/j0psERohciPXqLhN3du5By/q2JVxcZ598wWZrJDsvWgA2uRp4/OcgRMp5L8UnMypTF7z7MI2KTfGRxG3kXXiDu0o42wREOSmRLcBENCGjGgJM746oGF4RipUFtlI3gDNGGZBf5NDQeNYBWy3kC47UOE7c5STiqCjv4TerearYP7Im0r2kWK/vu8hqLG/GsrRhsLbJVAuIN8uVmTdPykDpsJ57LUrAx60GWmQMwPFl1rkryBKWVGrBWxosVyj9eoOg5u2n+RbYTOTm9HHhEnuI7AIQWDttan8W1Mcf6U/Pw7Wqj6dAMuijsdQ0v5sbRHx/9hj8xBXw7dJr4I+G+yCd+UonShqpX9IhoWPmIzYuhkmhYL39/hH8kVRbyKmziQdx87ZILMFStjcC/UuRKk5h+p0fb47vZ/yeDO2wxNMSJg6dPXyyNKfhJQkO6C8Iz2TZkAnS6DbrvrOjae7pBrs6+xSA8FrHBU27cYijwHdCVuYiizuRmpQ1zKSR4mZKjLbH8kjleEX10HcW6KhOYc2EYKw+PJ6zRJJ05Qg0mJ5qHvWuO/R3OoL1UM7v/wRYJK5u3dfhwh1CUDwYjvbUJL9ulkF5SaqjAHhWR99+/KyEiqLXWTpxGjU0xRAgDc2riqOLu1hLpMjTSuUzpIiR4QmIBY65X57Y5UhiS/P4OwUH8WZ9fumhy0p6Y7sbI841pF5UXuTUdpShGpa/fiSQuArZZa9DthpsR0BFd9rnbW+lftvfL9KD+gA+JlNhRUSGEz4Hvz93ekYMlockXi/qAqzig3lPqrZoVIlcd9F2zShfvIO928I9UYIPjHk7PlyYolGfN/zYmI+RWwW3ICNbl+N5nmj65fVlZ9Y7YvUi7okt+saS1zMdNBDXQTixK8ie3NcaIm71UMkEygVGalUe8BIXycLfxYU5BC6Pl+G/9ABonjG41EL4DyvkC6nfubAbMMoU9xvZ1cz/jgkBltuNB0BOTgemUh+o7ZCLKkb8XjDfvud0Q+s6LvwoY5/EAjFXzuSwcAeCSQ2dT7c5skCZqD48nBYdxfGmfvtW0yMedAY4fjgOjtDpsarECG68UmX0cCEXx+f7f3DdVPDBZ5/NayGQXVH4ozPv61NCqq1U19YSGG4TAfXPx8flT0Qgpp0fTohTuN0n2BO8A9SxMNbXsta9b2pwLBpNBPzDdPX1o44EDbR7C5hSSfV9nXrEnQmKekaH32l3vHrC8ogxlLgKB1oIAiHtDWEcRF+4TeDZVVjldVgrtK1rANznK04k2Jy0tcWOTQ1P7tm4gcKbykIPoTsrTMoWYKKfxvi7sfkI0GVqd9ozy03DSXI7hw4baPLysf+Iz0deNnecWOKZ4DFAIIRIVlGxjYPxhylMpayicrhp/xEO7CSSuaXIXL/xX+wRM4ltnRQmGNXww8FD+RDlQiIgSn0xR6UJ8nkzkZ1aDDj1UOIkJCIqOxvcpg10IILmLFpY6U4n29kjHmG7/Lrf3XMhvjg3DEe4Bu4HAwSjUwPn0l4FrWq49Pgi9YRYBDrEZW6+LrR3JAk9NIK1w6MknDUh7Rc9b0LE5tphG2O2i2eaJnzQEoS+pbQXauQDNjaURPrmYNNMSeSh+tpkFW5CqwmQMPZPHdBx0V/+T+57f1d6XdFeLmroSYdNRw+DLovf2F/A6FghWzBwunqQe0YLbCS9gC5Msvt2P6sfodShL4v2t5skrgOlr5Us8H6PSFjB0rLFFcFkPVPYHzjWa+ouSfEcupbL2QfjIYGk/z63mKKbGNNWuKIrn0iycAhyKlzUPg1sYkiWq6HGbBSoLd+z2HuyToumulMXm3feFUUo8SpaktcnoaP5JeRBMch06VYzOQa+ynneRO0kgIKgTn9IrCu1lsdNmxYZ/VxR80JPzmSkLyXXSnNMLQvHpcR41d5uhhxtPP7lgIfUT6ZhJCcAFPWLX6lzwWOBETck5gKP32ncKpjSiwenRDRDyDXDqsI/OmPG5AkEuTZMSSgTKVXU0ZxSXINceo0nLuAH+5tlBsjgq1PZy7q7YZE3exNdk1BlJrQ++eGA0Vc9LT/hKXDopy2+CVcYyp9AJ/0X2z58rBxRotEB3FNoWf4aIifNb4vJxCwzC/Xr2Lp7+ZF8r0g9tpQ9D3Ql+I5Jr23TIq5tL5LbRxHhP9ChOilRcUGekai5zzJGOFLSw/uwEo94azAOOsSCAN7LiY6IKlngd6lTgtJ3l/ck/6i6XgXgzNaqx3tzW+FygrtD3UYFt4nznGW1NGSHPNgmrwqBciLJVXPXJGv57WUkt5SRa5rDqZfus1CUDViLS3Dcy0VdOhslyCtmneb2oknWVgw+pFhxSTf1nJFdbw48iRF12jDEg6eSpRZqdzdB09ZnIDs9iU96x8zPlV5RCB1jPl9TexJ8p3rFpuA3gJiwcmjfwsHN5ip4ITNLkdxZCFGCuxI2Zl3diIrk5cYNpHSn9YzoRaYrGL4J4ayJXshfg/Fr6VprxXNzzpAu2+F7MqzlCrwGCR0lK5GzIQ35+uhl0LnWmXYs7HDdfFNpD2/ePl2/p1USkHDBiw5KLrpK/i7yGZw9nMTXcf21AecWEA+M3RrflFoRO8KP9FL1zL0L0B+z0/bdPmpUlTgfc86kWBPnsOTs8wPF1pif9sNL3ZgKJiq2W5olkRJkbS0I0FXi1+/+C5S9hBa1TH3WQCjBwBej3ZL97a9XNigf0xIJVBmlLNqXfFa6SQLjzdtLt95lnZra6QHMF929chUMxJJYwgB8EnwVg2zkO5DA+4dvWINZbfnh/Mn2woytOgXwGuI2KyIFVvxGb4+RVsSaAl3nmF7B9H8stMB/DG9ZyW08HmBwcYwPWT4Ba9As3ee6acsDwf1zjErj7u6C7FN7Y4zx7uOTDd0XbVemq1ZdoiJinRITGEfMTz4fgwvUWoTIJb/PkLB4Jyd0bqdSzl6E6PASmUjQhtibEZT4qXnHJSgh5TRMyZd7MXkO2STT+aJG7YUC1rS3mqpoAVpvdS0Cj/jN97fHnURXBE7pbQSdR0iDCGtdcaATomzNQFQhpjq1Ebzg=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:50:22,389 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:50:22,389 - INFO [Shibboleth-Audit.SSO:?] - 20211017T065022Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_kbemjy8agb8784im5jg6k9k9nvulgbc404il|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_cc06b29aea25d7181f8798a18050b6bb|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxd1TITkhx+lsUfb1/9Mw+7FXaPhVp8MsswQHEJD1lLFocqjsLzF8aIL/gT8sWQ/TWf1YM9towsmyVh1sdL8ZfBBx1OW3SrtL7uIZY5GKe6Aa1AmNi+ELQ53vQ9ihYTg7jokZQbpIAnaHfvRzCQJ5FXl82|_024e1c480e28a9825672519bad02e48c|
2021-10-17 06:50:25,048 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:50:25,049 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_ureorscbmp9intunqoqq1eun6l0886dfc5ny" IsPassive="false"
            IssueInstant="2021-10-17T06:50:24.342Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_ureorscbmp9intunqoqq1eun6l0886dfc5ny">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>TkAQSvZrinwAbklWWGKfUQhGy+E=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>sq/rnow9GjpH5s40PAoOZ8n57KqNJrcQCJBB2VXor5YmxBcUHI/fSrp0UpLgdgpMpMO0DJamMYB5Kpw8ayf2XQoIQ0CPW4rGNmWbAm6Z0AUKfpg5QPX8guUsxeMUO4JE3jmpAH6eZf5EbIre61iBbvfIK9w/CPm+gCQV2CuI0RI=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:50:25,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:50:25,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:50:25,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:50:25,049 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:50:25,049 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:50:25,049 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:50:25,049 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:50:25,049 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:25,050 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:50:25,050 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:50:25,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:50:25,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:50:25,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:50:25,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:50:25,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ureorscbmp9intunqoqq1eun6l0886dfc5ny', issue instant '2021-10-17T06:50:24.342Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-defcs.poc.hybrid.otc-service.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-defcs.poc.hybrid.otc-service.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ureorscbmp9intunqoqq1eun6l0886dfc5ny"
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ureorscbmp9intunqoqq1eun6l0886dfc5ny and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ureorscbmp9intunqoqq1eun6l0886dfc5ny"
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ureorscbmp9intunqoqq1eun6l0886dfc5ny and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ureorscbmp9intunqoqq1eun6l0886dfc5ny"
2021-10-17 06:50:25,051 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:50:25,051 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:50:25,052 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:50:25,052 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:50:25,052 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:50:25,052 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:50:25,052 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:50:25,052 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:50:25,052 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:50:25,054 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:50:25,054 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:50:25,054 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:50:25,054 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:50:25,054 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:50:25,054 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:50:25,054 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:50:25,054 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:50:25,054 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:50:25,054 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:50:25,055 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:50:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:50:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:50:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:50:25,055 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:50:25,056 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:25,056 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:50:25,056 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:50:25,056 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:50:25,056 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:50:25,057 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:50:25,057 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:50:25,057 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:50:25,057 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:50:25.057Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:50:25,058 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:50:25,059 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:50:25,059 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1492070111::identifier=rick, context=org.apache.velocity.VelocityContext@532d21fd]
2021-10-17 06:50:25,059 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1492070111::identifier=rick, context=org.apache.velocity.VelocityContext@532d21fd]
2021-10-17 06:50:25,062 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b26887118e162528a387a387e6e16b39fdc44d8575e804cbcca0238d4c094b1b for principal rick
2021-10-17 06:50:25,062 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b26887118e162528a387a387e6e16b39fdc44d8575e804cbcca0238d4c094b1b
2021-10-17 06:50:25,063 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:50:25,063 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:50:25,064 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:50:25,064 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:50:25,065 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:50:25,066 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:50:25,066 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a59b4380280c93f7aa8a09127680c3fb
2021-10-17 06:50:25,066 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a59b4380280c93f7aa8a09127680c3fb to Response _87c784f39e15a5439d7d66dc5b6c102d
2021-10-17 06:50:25,066 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a59b4380280c93f7aa8a09127680c3fb
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:50:25,067 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:50:25,068 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxl9lZU1DIvJr5ZDV1oiWUNXnZwBbYD1EcmyvtXtDZZKtgdvV6rcayQO4Q+Ai+yNlp09Z2eDF2w2M+kDoSJV/aONkr9sy0MvV3xICdvudvlI9bcxlqn2q6SryIYfmN/eRhBLrz+NMd/i20YG1X4Jb/Xpv7 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _ureorscbmp9intunqoqq1eun6l0886dfc5ny
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a59b4380280c93f7aa8a09127680c3fb
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a59b4380280c93f7aa8a09127680c3fb did not already contain Conditions, one was added
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:55:25.064Z, to Assertion _a59b4380280c93f7aa8a09127680c3fb
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a59b4380280c93f7aa8a09127680c3fb already contained Conditions, nothing was done
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a59b4380280c93f7aa8a09127680c3fb already contained Conditions, nothing was done
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2021-10-17 06:50:25,069 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a59b4380280c93f7aa8a09127680c3fb
2021-10-17 06:50:25,070 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _a59b4380280c93f7aa8a09127680c3fb did not already contain Advice, one was added
2021-10-17 06:50:25,070 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session b26887118e162528a387a387e6e16b39fdc44d8575e804cbcca0238d4c094b1b
2021-10-17 06:50:25,070 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session b26887118e162528a387a387e6e16b39fdc44d8575e804cbcca0238d4c094b1b
2021-10-17 06:50:25,070 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:50:25,071 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxl9lZU1DIvJr5ZDV1oiWUNXnZwBbYD1EcmyvtXtDZZKtgdvV6rcayQO4Q+Ai+yNlp09Z2eDF2w2M+kDoSJV/aONkr9sy0MvV3xICdvudvlI9bcxlqn2q6SryIYfmN/eRhBLrz+NMd/i20YG1X4Jb/Xpv7
2021-10-17 06:50:25,071 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:50:25,071 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:50:25,072 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a59b4380280c93f7aa8a09127680c3fb"
2021-10-17 06:50:25,072 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a59b4380280c93f7aa8a09127680c3fb and Element was [saml2:Assertion: null]
2021-10-17 06:50:25,072 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a59b4380280c93f7aa8a09127680c3fb"
2021-10-17 06:50:25,072 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a59b4380280c93f7aa8a09127680c3fb and Element was [saml2:Assertion: null]
2021-10-17 06:50:25,075 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_87c784f39e15a5439d7d66dc5b6c102d"
    InResponseTo="_ureorscbmp9intunqoqq1eun6l0886dfc5ny"
    IssueInstant="2021-10-17T06:50:25.064Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a59b4380280c93f7aa8a09127680c3fb"
        IssueInstant="2021-10-17T06:50:25.064Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_a59b4380280c93f7aa8a09127680c3fb">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>N4ehs8wR1Se+un3RdouaERZjiwa1naB0mHuQ86RFQp0=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>TqEnSBEWZ+XLvb6yi9FFtRSR8qaY0aCyQvuq8UIv8NRF3cMQus1S/fkigv/kjRV7z0LzVDeSct4jPgBV6wo49cgGIIWnF+eOMhuMpveZ/DP1lsym4yQdJ3uo3GUKHnhAF1tqucEVVdK19sbY/bz6VcrlH1SFBZyw8OBvkbnfISfzV5XNg+LQCLPLm6QCzQsao9UN/9EvB4VNMIOf3GIJ8+f6VCRkaPvP7C75MOwvhiJXHZdUn7P9rHnh1RIGPQ2drH7/cl3Kxm80dgfwhr1VWLi58qLMhzcvQ93iyqbJfmvltMZVz2b2o4xcPrupecXd09d/5EMYCwm7uJ+dc4YV/g==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxl9lZU1DIvJr5ZDV1oiWUNXnZwBbYD1EcmyvtXtDZZKtgdvV6rcayQO4Q+Ai+yNlp09Z2eDF2w2M+kDoSJV/aONkr9sy0MvV3xICdvudvlI9bcxlqn2q6SryIYfmN/eRhBLrz+NMd/i20YG1X4Jb/Xpv7</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_ureorscbmp9intunqoqq1eun6l0886dfc5ny"
                    NotOnOrAfter="2021-10-17T06:55:25.069Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:50:25.064Z" NotOnOrAfter="2021-10-17T06:55:25.064Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">zAm5I8e0EspCtDrK1ar+OHbf/76u5eYogdQfBztQKIY=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:50:25.062Z" SessionIndex="_dd2bcceb99bb05f37c19be5d85c891eb">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:50:25,077 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:50:25,077 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:50:25,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_87c784f39e15a5439d7d66dc5b6c102d"
2021-10-17 06:50:25,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _87c784f39e15a5439d7d66dc5b6c102d and Element was [saml2p:Response: null]
2021-10-17 06:50:25,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_87c784f39e15a5439d7d66dc5b6c102d"
2021-10-17 06:50:25,077 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _87c784f39e15a5439d7d66dc5b6c102d and Element was [saml2p:Response: null]
2021-10-17 06:50:25,080 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:50:25,081 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">zAm5I8e0EspCtDrK1ar+OHbf/76u5eYogdQfBztQKIY=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_87c784f39e15a5439d7d66dc5b6c102d"
            InResponseTo="_ureorscbmp9intunqoqq1eun6l0886dfc5ny"
            IssueInstant="2021-10-17T06:50:25.064Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_87c784f39e15a5439d7d66dc5b6c102d">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>05p+GV3huKD4Qshr1cY6eZzRFBrmagoB4ilyZfdbOhY=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>D8cIFPvdHw/NowYisI/2zGvNoaTmrPln0/OVzDYuCVv/Xek71IOkN4WrJ5Aup0vxq9Gm+la9cWnC5yZ1mFlZL+ZxwyvLYUxk0+ui5zwWBwxZOybMAJs3uM6F5517IccIGDvp4jDL4LH2fUkI9fRWLW9XnDxseGMfcxkbweyv1sNFeqax0k0U0t7Fp5VxsIVAdgBqlSnBJfXMCLp+TCjacerhQMp2m70xfbnJlhZC6++VgYobKUgY5Hwc1+bCSNathOo2K6JWV20UGEiLYe4doOSeeIH1Aeo8VZMluFBcssZYqQNz31TWsFlxd3bnEdwzyn214TnAwkopq8kdYwZqKA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_af60b732092bb31bf11d43d27f80edd1"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_242424426e4f9c83ac3819a7dff49bb4"
                            Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>MWC+wSMpwirULScPS3hgBJbz3wkRlOfp62L1OKz+gihYsDO/+redq8yKK2PSKtHflHrh7UqD4hsl+sqpgAHoLNFCbOz/v2hiCA9qKTrmSJh5Fj8h/bEqY3SrZxmgjGwUf7fKsLX9nQy7KEdib9w17CvP/yRr+LcL41gtTwoUeDg=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>CNcbbjgV32ClLJj87kwmjyWumXvfRU2vZCyUgZj0MBZ3fIa/hRLxryCi64v4dYIlzc/f/C37X22c23WDZzOTXvGaSLRcfnBwsRtZaNncjAUf+iQdqh+rUx2xo2z96yd1a8DLBfzhPsB2vSNwZXTke0al8B+B4aXlLKBnDQEiOJ6yvvs6V0bcJbHPMTseER9aLURfCEdsDRjxiKJMateptHgIztK8qLinxXRm/Vr4C+0PNWRMeqWqeaeUbBhOZZbZ1/yIJTcX5Qr6sXHdndXwEgs3QRKWsOVKYk8nuiOSP7WJrj/kAIunce+wii9CAPF10ySJhMc5DBGMfaGKQHn9mYqlueNef2K646uSXseSxkmZJwz4eTMqSDyfFA+PUuRGyTnZr5o4sFDpI3ARVoGUUBiU4A91QqcBrRjsdrR9NVYgo/bAK2E6RDuRYaVjDlmQLlX5Fi/IN/Ik07mSOiBG1c2g2RLklDPH7O6DzqTfzvpNi5unh3vvqn1vNx8yutORY9cTigbV+i0sUL6UydOtFNO5WE0iu9pVfu4qQordVwIaIiCHYFEXHqXNAIuSqDJMgp1xqX4D44AGWy072RAw4W1keJ76IZmuXR/dR6LShaK4Q5HJFG4siiYcZ1R95z4Q++F/JgF63Z+6z/R9HqMENMdwhNAiqpFLVmxoWk3SlQTuhrMJkqs/XnemHfL/Ye65HLNrAZsifqtBx44kaEqsR5EbVl1DDZSzZHaZm7ClgvcEXErdOyEJiF/H/tNKraMxM8sJq7st1VKEm3MguheNek1kT+WkLjIXs31fcA4VA0HdafbiYCubYPpN09OxGtgi1vqSw6MoC23Hip2k9By+xLpdfLWNVUjP6zNciOlWKlx/mUL40yL7UtOmV9ABr1nC3QRHXftTyseJPCl28jR/gZeBe8OTI8jkgEMXwKkwTyY4dCUEIURz4FUZRVBsbc6o5eBnTMLEYjnFbDExJtEOhf/ubNReOM3K7H21Pleisv5xm64eoxVO8VsmLMkIhTuPISevmacgDSoJ6oGYG9fHaHovVSXaOBM7AKrttz9hXYa/bM2XE68JAle6qodZm7xrIllkSknJzOHCCJXVcjX3rJBLsbtaBgESuy8JYoqt9aQNgq4Uo5gPCdRyPowYKagUr7B76Lrw8fygQWV4j6uuNQwR+EhzZZv+453gwqHGasc7K57fEIV1On4uqIzJo0aw/bsK0dpQaPgCKQwyoumDmKCgptzjNfJj6cTSJ7K/jrPR41DjYyltyytx0TwyxeEJ3EUkx4yk2XmptcHfC+8dQVzGqnCERlwRUO/yf789UhOcn2x0vKeAOfaOniJzI03SRl7pnXZ3H5V9hLOzM/UC19vRiuZoEUM9MPZ43iG/iUTcSJaVeqyxh3bFtaMqhM1kPPSQNot5oV+F3uyJ/fmgIUc3P9Qgw5+Wbg1RQXYi2p2cPGCbP52jFf2lS3csHJzYdnmove5CWQeUuWMwOyFc1kw3F54jilxxTgD9ChrwSpRIRvbi0CUjhofdohUvbXxy0fikyyQmNifwM6vsdL5MyX58PK9NDVdRJlOObRR185x9UAbhfji+V+AJHlz5CYAz/S1UB0FulCy7fFebE7elIr7dcvgD/s22ULFZR77+8V8Dc1NWIz4gysTV3ZbgkbPsO5NNa4MEimd1QmETkOIp+QauPjwUUYdrPa/3EfLDAIKcyOvOWmDu3p11EHcDi3munSZ4XIFJcmmjL+YVzmECBT04+8sRxfaLVuIbi2KDOip6tSZb6Hcs4C6HKC6u9bA6Yn8BTXSwUOJH8TrG197USgrjDcjFKM86qjgMhw9eOZtuiuDS55dhf0c8KB498gCmkejPO/TMkRweyETGJ9WgNTJPHFr36tcffibk8rbhLa26YEqqTMTWqWYIJAM+gh8vtZvbMSjVZekZwZne9Zq/X+0zvzN80ve+l6I5c6BE/4l4nIB3SCSt0+UezIYmrYPA1QCgjVgTIN4L5IDdDcXn3zdESLkgc/Vb7hp7A51TvuWIWiQc03myugDFbcuyZlUiCh6w/BnX++qZvYtaVB+8JJExYCIAmCOLu9bh5jll/EU7ws1dTiM9WE5jiR/WowaViOfebTNcoWNp+Mi2LSY08S6CMHx6AS5uQ8bRqxBdFeREuAdawJ0Rk2DOzWMj4aTQ+nvL09yAeHtyPxdi5kXSv6UCl+QhOVzCu8EKV7lBgDFz7C5fn5RGWoNNU9UY5kpyX5uyV4XWtpzQjWiYME0k8ULEaqhuDwdJT54Bv4iCFqMMopw4uF6A//n1IZu5+FyW0Uu1wve11MsXX2kiqiPIfzRIdjFqCkPY/nS9psxzrhk2TD8RaipnrMQ/FyaAM+pjD+9imIcVpbsk6E9tBWpz1wQpYWegITLeaTErxjhZcOcz7Tng+6g/KGW0X9L4WZdG72erVJ6ySxg/IOVHH96JjT7jdg4t2yZ6tKVDm/CG2mL0uOb0FPr1VB9c/62c5+ug8yJiMTRjdC6VdFJ2CBF0/uU+fLwxVtGKUxPptJmTLcjJhXDYRHmRu1uljIKO7u+On8fhZoXgj1cBJ8G2HUkyqKX0NEkzx6z1bk7BbfrDsIJ3GdF8+XvV7BfjVdnN/ojec6w6HCskMSqRvMbrVB6cLHtsTYv3fEDxetNPd7fPEQNbraxalDGiSq5OKgFrVVUvixLWVX/oVf3tciYGTuOMfRDakSLrdmTS9CTLMQCciLO0YHZb4DTtz0iqL6TNCgEDyaOu2I7WJmBevM728hy6IwaJL0lS/W6JYL9zGhkCtZnC5dRlKB3zFkFcBx+/78AhujAlm61+45q1KUIgHcVu0hhxnIpNAMopKsd0A3wv8v2rIocpKm77Gb3kO/ZkxBctBfOZnhkTvQ+aZg+3fWYsN53Z+Bm0Ru9wo9vj3AkqhFtyYc/Pgl6dC4WRhIlY5fjfEGdxzgTCyVo9WWWTag0bBUtIH6WgpmB5y/5MRMJ3xTnXxQ3QVkkVfwAOhQoHil2ZsECFOkcuCG2+6BWwvxm+NLxvBr4m6iYqIMcTSD5wCKHVeT6m1yt5npkpMbOSbL4O20WrKPPSGxyT9mWlLEoJOJf7Grm2AVFiHFHYP2xEoalVle/HeXUPLqUfD/dPriAclhjCWQkhDKPjwOL9MEwaAxkdIqDR4SpQkrCWk8ApcBt2asx+LfURz3p+N/h9stZvCYfrGdLiPTbyZ3RaBsZNKLu9JEufmlOFmVhfMhuBP+veqrcLB/VqZSrOCwTo2nX9hGyrHqZ4MYxg7O/XFzuj1PiiYgnzslULhhhMkp5qSmYU4Y4vzca9YHArV/6iW0n2K3FGsx8zbv0Il8c2XXCiOd6KAp9b+ALohKpib3f2sPk3xj8o7stzEWxrJSKJ0wwzFqm26DxZPSoK/8SU4lNkMFWg7TXcpr7fTXptez2HE3QIALUdW+uHgtSIYUaYI6Mn6ZAZB9eQ66sNzxr9gzdg6rC8I/taBJu8axDzKnJvsN6sGl4P0hRhrlOXjnDwPtxN6tKfjBP8qhTks/bYemWb5JaiC+o2DlOiOaXZpnA1WjvGsJB8uIbJ5TMgYZc49VVTLe7uOC7gyv3/f6oGqcpQuwslUeIphqkZDYu5P5nLVgbHDh7QZ7pdvVHMRl1VfD3dO89RNzFVu/EaE1MQ1Dk7y5c4CYCFuxSR5QBv0DAomC3+kFIxqir5MskaiuF99YyYxu/UByV1W7MByRKVbi1Bk06MeZgT5uEN1gq2c9uhJ5JtfJuwCUZgyIa9H/U4xjEREAfKV+DgbIKbMY4nPwuzqwwcc78OGLH5GeZT8OWEAO5PtXf9rceOfjRojig8OUce1o/iYxfCsdiz+mpbC8SRsLe7v7CL3t4NuwZs4sxvAizDHImiKxqucdqRkARbL2OplMZUi/8ZqcR1TO1pFqlIewoBxtj9rIGJHkCmR6TzusLd45aZ8USzSKVZiSAPGpSMt/UnGbLnQOc66JzkdD8riILabtT045KmIXzjwtQ8x2D0F7F8XdJJuT7jX2f63HNFsZR2RHDPiVEqes04zJgBhkd7ftofwhzgrmQVon3Dosqe/3dACGbhmPslBWiFI444yzOzRqDSpTsgURsN2CxnsZ4sjMxprkYpcCPOkT4eZ9tCgbf124N7uH7R7+PhNrCjtBtOPjmS9j4cYLCGb0uYY8W1YjdrshH+RZfecR4pkKQVVeO207C7V0i+va5LV/eV94Pcns2A2/Wc5tYmvMSn8DSCBanwvQGAEdkG1W/deSMjg4ovYFz/N3iu8ZnRlaQHsRLq2Ee30viPui3lR+UiunbN91hGC5yRwWhi5dmKU6nAgXSaR0zR6kqYqZ5AxDoWZ1Xg01U6Mr4V0J7WyQNj/RNw9xkmHRCXifc1KgYyXJw39v7fDOqoIG6q7kkMjTOZ8aXRIjkm5FJuJWM80BiWaZRF/kS94aGATeNMXY3Q/yqrPkBDOZju/lnEelqwQpm9YygrClFyq6DA1tI6V9SQHxRfEfu/YUouIml30EfjPPJjEiz25ObusEmhoEh+39SInbVG8yM+O9W1bNdwgRft6NIV5TMDwmI5BEe47lxAqv4I+jZMhbL4XP6ulb8sEcKXB5ezCvKbjuCUJGtni/p+peJrhe1kqEPF6A+rTkh9XJjpD8/mj7RHOQzMSN5Q1KTeHsIqNgW8MNl34FMGGl81DfzwXOIWFS/8ghdIMrxTVb+hAntjzQaAwEQsXCa+JULYOce1uATiIC7Vm/wdkteSOJl2+0+t337xzWTYBZmvfgq3eiKqJHB+56QKKoiy8/I9Kt5ndbUQ5uJp6EE17Y2pKmNSEUPu5HOfEoCBuUOG1ekeqmY0RQL5DFu4mvz+RbASSUgWRMaNs8xjJYkdOn6rdu0Yh+PnWSopWiUO+flDGLM8KXkF40h3E+5u3Ec0CX2SxRitgxOdeJrVbj4VTawbIhFilFVJF1JMcv8YDN/m+/J79LxCYz/s9r4LFhJs8FJcYrVX4d2GwH8rwKetrcc0DzBm1nXxLDE8YFMiYmGw3j2HZj2B80WvapZtJlW2frsniujnefJulQV+3BOUzQjz/h+yfO3c+fXkYuX1opeJ/MoPk9kwq6Iew0bjIeyG9lwVAVQdJ50Drlnwtc+8HWaId1otjZfRXa57fp7lWP02maIXAjI2OQ5jk4HrsziwBsSzXTzX0O0rp6fjJOgWwVUoCOTwWkFT5iBHRDEpQZeDSWFvVIwLmBBcM5hqOKeWCUPV3NJmAp194EHA9i4yG3zCihRCdMwkE28yO8gKhrVziCNNYbn4TMpsQsB+1PPO0fbyiLGht+xQQ9iTwo+NPqI412g1KOLW9hY1FpkTEceCvV0fxqhAQsFhBhQvAHv/UNL7/5PWFvUfuLiimvyqYGWMidHNfXr/ya8DQijKl3VRKnK1ZBl/huUi9q66XpZSYw1Ii2ExPkSt4U6i3IN+y6MSpVF0DEoNnvcXh8Go0MCR18IHfljyKrsm70lKVLCMP6nMyBR05gYcuCc2bnFDeY8VS4gzKHErWdTkWEa/1zpRlmHrnm+35NpKNMm9XvoOW8UMldQArBl4dQmwgDtt1Es5oXs2ua8B0s5yP66mmx35r3mr7q7seqEok5Rsnq9Bxfl+/bbj4ZyKHnUkCBOY0p6nUGVKWXK+5j02lH95E/cpF5DT0MGiPFiXTjDgeZzwsMcEfmgNWrwfSnre406Ib2zmFiz5PKy3G+a3SUYTksf1YxQD14XMhq+HUEf1b8dUjQE7Jzf9E9iQaCg6FRIblStwiycJFa3bAQmbCExvhOwanwPjjgdDdmzyi6M5grkXiuzPhyf0nEJaeCHBjM+/EoK1TM02mK7z8qTpOr4Bi/maSLwkHnS76mewCOB4UuIFmj3nsGRT3kynR5+Vwf/52SDr3UffaAdgwgmAoafIQJKNrnNZdBeLLx2xqKOOiRStOFfGS5L1qxQwLmWNMp/o3/U+AZdANksMYhc666J1uXD+/KVd0q6+c6pzPSQTvFeExbgHU54zl+hQUJHprKt+MOtXDqcdPR6YR2NgruNF3I0+IfPzVtuYgOMHffcCp426WCIx8/2UvWhrxyXTlXE7kJTTXNMWDZl3gWpcBOfkDEwUpqRrBCNRSwVq5lvWbnyuApQg/9Jfa5+m1KgR6ONyggi6qMyMUVxa35hP5MZ9uIC6k3DcjBx/GoCMxHpM016+Ve96B7DfgQB+Zza1Mnz1IPeiHnfoaI5VM41bAIx8yOEO/BKvvACX2dVvn2QwyrjHFvE9Ik/CATzxP7552+GZsZGug8nbB/Lt4AiOAHs7ZQKK31zviVnk9rI2f5WW4BAfZ3UApJI/cgaNYFKZHR80dHrhynybvLQcZxs652VTNKLyrH5RqP/yE+DM9U6TrBXUOuDeh/OIXz1tH5Kb2SA72G5vjhuW9+mSt7StIXaTDByOiXqyR3LcXhasmH7k5bxc1AeraBK50kRg82zFTteQ8PTYGb0SzJheRGNIzk7DIwcyx/a0LYEyU+8j2xI28HT/SK6DV0y7gayInlVMQil2pXpwpH9mKt3L9yGkZkjTUhV8bKtWvrwB8BISJlOaHE1NMBZOddSRJ63J8FXBsfLmy89Ebx6VoT/mOIazBeSlT5lfVxnt2sF9Pg5lVg7h24/us3Zt2xOp6gvcRpIQ/7lctg/NRH/gwyDTgX6+Xk4HhIW0yMaWQKONqHNTbB/l6RpZ0HmOOO52tqOmaS7UNaFqdwhVQhcxE6W2LRVV8mxymalJUAt5IwXGUmzy0mG762g9uIy5cBMf0Hh1DHSRLcxFjb5vz28GBJxoF8prO1UbAP4+V3+4jWmUAY1mLeexZmkDqslrbR3sd/2whzUW+lO8c11e/HqNF6vqWuBfZtrvgN3AFG6sHYu23t7hf6FX6+Qc3m+SIe7y1cXDdHf936SomR5SB2yv/xLYikJHMTi4Z9bJk/XqiQqxD4XM636/lzgsQm4Azr6/ceL0Hj+u6xNoI68y3GttTF/Plgm3IWDolGfO82mgP+2tkNsd1Awims2ebCKUB2zMq+/WOn1aqNVGs6SQRQxTZOwOA3XiJ1nIYJLG6svYP7EKtDyY9hzveqla+K5m4JtHENJGNzcsY4+xFVW2Qr/tjI466L6kwIu2Tp7GhuYorB47n5DApNDbrvw9CeoiHV/7LgaeJuT8AKka+xjQA5r3rqTltobf3azwNG3F0JPscKx/P+wuTgOciy5CQvQN9cbTPxJ5ORw42Ey7yRytqcsnebddlkA4BSrMpYXoHgYXvXe7qc7Eevm4cbgqE13c72EHyURUM2pOAnMv9kMqxYOSAH1+DPE7uDMczt5kmIfMpo6CgbKjI5Lq7bCK9qEexFGCSayGtXPQOh73f01fS+q7XKVKmVrRWx1KJr7wyny+AlASq8usgRCztERltKvmaxOf5A9oatCk7V9UTbFqnlvN8qqCVYcVT6V0gEQD/Di3GQrqe9x4ENYtu1iB74OjQICTcxg4Dmcb4b5Naw+vefcW8MXZ/fJmd4mITIJXqSZPKKrLkZ5BOme6jye6SNXlpLj2SdL4LLuiNK1u0vDrLhfZOq32wxYeQ/x+OEyGVq5tXiUCLIJYax3AeBixrrkPvC4aM3BsIAzjfRhbd6i69P3L2xbTi2hcZJ4O4NUDLkOO+AUlThgOIkjlmU0hg8d2j4eoZ27OI2vrU/cSOhGz2tGnExhBq1jBlLPxdS+Xifz7V8ago1XFwKr9816UEZLpSDQCmV74O3g2Q9qkJiZUr1WTEaazUH7lwbg88QHfL4AAFQ2i3C9Ied/qi7CD30P3OdEau5GEAcPR7PL+RgftrS69bGa9PvRiNPuyV2kT49GnMBnNtMpqjwfUHhsNUNpSFReMDCBYbp5m1EIfxEe3tUhuIH/9NWELutERf38yRERh+kYCLJYhpuL7LsKloqvmoWBGa8U8Btn8tC2A46sHEoL11f4lQ5Sex3cXAyM4Uth1dgwxbMtC5JzxKOdITUr+3ai4HgNpiA/+NArAn4WlxqU7nc0sdf93YJTQs9legJpTmV3LaQxvRwrzR3HcOqaCnK/dQF7JA237Y9f2akcy3/YGMPJSktqfaThbfh7ZKTb/UZgsCJjifPDYMI+l/oagRHFppXGIIAxhG6gsE0HAiXDg2bT+4KRO2VW3LtLqx3PHYqxk5kKx+H3zkzSyADISFII9cxUFBHMIi0zjMQTg12yAmf8aLvzIQ49KN7WY2+/bTdkK8bkdeGJfCoEeF2Y8stAuKBAHuXsmx+/tNrNvrZ5DHk7agr/2u3O6OkvG3T17Ci9l0agJT7dV+Kp/kkTI0zQqdQT8CL9q2mpH3ZlYMRh9Qdnqc/UizifHCTC7jJooBovin8JhwfseMirGoRnTGKesCZc5sSs5sX7fUwn7P8RQs2LgRvzgAYbnlMbYrwl7v4mHDMb1zKklMUxks2nJUxDrIOi2tE5nT3k6Yod0J1tzJ8+6GEwT2Esip4OmZXskAHXSkWCjnUo4cV3pJHnZTqS+j9zF+ThQX/jwOE3VIg/gem+iiQGmC5VPhbpTHnnspxK2wdPtbSqlhC2Hv7dI6WlDdHvuMaZdAqsOkfxzm8j7xfYjhfOrFRQtj1grHCo=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:50:25,081 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:50:25,081 - INFO [Shibboleth-Audit.SSO:?] - 20211017T065025Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_ureorscbmp9intunqoqq1eun6l0886dfc5ny|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_87c784f39e15a5439d7d66dc5b6c102d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxl9lZU1DIvJr5ZDV1oiWUNXnZwBbYD1EcmyvtXtDZZKtgdvV6rcayQO4Q+Ai+yNlp09Z2eDF2w2M+kDoSJV/aONkr9sy0MvV3xICdvudvlI9bcxlqn2q6SryIYfmN/eRhBLrz+NMd/i20YG1X4Jb/Xpv7|_a59b4380280c93f7aa8a09127680c3fb|
2021-10-17 06:50:26,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:50:26,724 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:50:26,724 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-defcs.poc.hybrid.otc-service.com, acsURL=null, relayState=null, time=2021-10-17T06:50:26.724Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_1a401ec8-0078-4a1c-8b43-49c5559fe0fd"
    IssueInstant="2021-10-17T06:50:26.724Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:50:26,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:50:26,725 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:50:26,725 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:50:26,725 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:50:26,725 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:50:26,725 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:50:26,725 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:50:26,725 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:50:26,725 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:26,726 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1a401ec8-0078-4a1c-8b43-49c5559fe0fd', issue instant '2021-10-17T06:50:26.724Z', entityID 'https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-defcs.poc.hybrid.otc-service.com' does not require AuthnRequests to be signed
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:50:26,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:50:26,727 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:50:26,727 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:50:26,727 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:50:26,728 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:50:26,728 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:50:26,728 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:50:26,728 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:50:26,728 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:50:26,728 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-defcs.poc.hybrid.otc-service.com
2021-10-17 06:50:26,728 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-10-17 06:50:26,728 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:50:26,728 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:50:26,728 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:50:26,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:50:26,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:50:26.729Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:50:26,729 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:50:26,730 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-10-17 06:50:26,905 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:26,905 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:50:26,905 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:50:27,252 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-10-17 06:50:27,252 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-10-17 06:50:27,252 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:50:27,252 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2093276941::identifier=rick, context=org.apache.velocity.VelocityContext@5483d41d]
2021-10-17 06:50:27,253 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2093276941::identifier=rick, context=org.apache.velocity.VelocityContext@5483d41d]
2021-10-17 06:50:27,254 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:50:27,254 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:50:27,254 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:50:27,255 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:50:27,255 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:50:27,255 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:50:27,255 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:50:27,255 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 45afbbc50f7a7aecbd33b44aec9530d925d822d8690a144ee8540059063b54e7 for principal rick
2021-10-17 06:50:27,256 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:50:27,257 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@654614ec'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:50:27,258 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T065027Z|https://iam.eu-defcs.poc.hybrid.otc-service.com|ClearAttributeReleaseConsent|rick|||
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-10-17 06:50:27,258 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-10-17 06:50:27,259 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-10-17 06:50:27,432 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:27,432 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-10-17 06:50:27,432 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-10-17 06:50:27,432 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-10-17 06:50:27,432 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-10-17 06:50:27,432 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-10-17 06:50:27,609 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-10-17 06:50:27,609 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-10-17 06:50:27,610 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20211017T065027Z|https://iam.eu-defcs.poc.hybrid.otc-service.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-defcs.poc.hybrid.otc-service.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1665989427610}'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-defcs.poc.hybrid.otc-service.com'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-defcs.poc.hybrid.otc-service.com]' as '["rick:https://iam.eu-defcs.poc.hybrid.otc-service.com"]'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@654614ec'
2021-10-17 06:50:27,610 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-10-17 06:50:27,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:50:27,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:50:27,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-10-17 06:50:27,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-10-17 06:50:27,612 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:50:27,612 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2f6309f6acf83bf822e8025b7c901a41
2021-10-17 06:50:27,612 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2f6309f6acf83bf822e8025b7c901a41 to Response _1c5b94690c27a600a60b0571e8efd765
2021-10-17 06:50:27,612 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2f6309f6acf83bf822e8025b7c901a41
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:50:27,613 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:50:27,614 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-10-17 06:50:27,614 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxc5G253klkL7a0lLKzWHe4zoZkOLnwFGoryERAP+swFCsWAnQZA3yUynlYnxxR+YV7Zhn2sKm+ArGHn7Rta/6B/+B+qb7xbanyRVrkrQ14oryoVD3/RIl7BDlCCtPA6ChBkZd26RXBkfi2kfShNYKdV/K with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2f6309f6acf83bf822e8025b7c901a41
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2f6309f6acf83bf822e8025b7c901a41 did not already contain Conditions, one was added
2021-10-17 06:50:27,614 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:50:27,615 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T06:55:27.611Z, to Assertion _2f6309f6acf83bf822e8025b7c901a41
2021-10-17 06:50:27,615 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2f6309f6acf83bf822e8025b7c901a41 already contained Conditions, nothing was done
2021-10-17 06:50:27,615 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:50:27,615 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2f6309f6acf83bf822e8025b7c901a41 already contained Conditions, nothing was done
2021-10-17 06:50:27,615 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:50:27,615 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-defcs.poc.hybrid.otc-service.com as an Audience of the AudienceRestriction
2021-10-17 06:50:27,615 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2f6309f6acf83bf822e8025b7c901a41
2021-10-17 06:50:27,615 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-defcs.poc.hybrid.otc-service.com to existing session 45afbbc50f7a7aecbd33b44aec9530d925d822d8690a144ee8540059063b54e7
2021-10-17 06:50:27,615 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-defcs.poc.hybrid.otc-service.com in session 45afbbc50f7a7aecbd33b44aec9530d925d822d8690a144ee8540059063b54e7
2021-10-17 06:50:27,615 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:50:27,616 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-defcs.poc.hybrid.otc-service.com and key AAdzZWNyZXQxc5G253klkL7a0lLKzWHe4zoZkOLnwFGoryERAP+swFCsWAnQZA3yUynlYnxxR+YV7Zhn2sKm+ArGHn7Rta/6B/+B+qb7xbanyRVrkrQ14oryoVD3/RIl7BDlCCtPA6ChBkZd26RXBkfi2kfShNYKdV/K
2021-10-17 06:50:27,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:50:27,616 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:50:27,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2f6309f6acf83bf822e8025b7c901a41"
2021-10-17 06:50:27,616 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2f6309f6acf83bf822e8025b7c901a41 and Element was [saml2:Assertion: null]
2021-10-17 06:50:27,617 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2f6309f6acf83bf822e8025b7c901a41"
2021-10-17 06:50:27,617 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2f6309f6acf83bf822e8025b7c901a41 and Element was [saml2:Assertion: null]
2021-10-17 06:50:27,619 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1c5b94690c27a600a60b0571e8efd765"
    IssueInstant="2021-10-17T06:50:27.611Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2f6309f6acf83bf822e8025b7c901a41"
        IssueInstant="2021-10-17T06:50:27.611Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2f6309f6acf83bf822e8025b7c901a41">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>cc5eqg8eW/uzw/AvcJ7i1Yey73hUXquOL4sD+DMV5To=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>h74kzvhY6UW8Aqpx4xf274AJyd6pVCcyUhgCoXNdyAKxIaWkXMC2zDqnVPmP1Md7t+F2lC1TOt/7Ai8kWxXJe6acHq7f4rEi+WbY6KFoT7P+GpzRksOSuvByLrZfIpnT+50uXAQE2d/ZcXJ+3nzqGkqqNmviImumMBqVc5B77BNQwfcQyTkRup/gQnnmdVyp3q0u5dbYcsVHAv1rsGTKRY7++/yhhzi4pZkxKZAmyHHaZjzvTWjiPWSFWUyonhQt4n5AUq3uLDfmEuyianQEa0TJUHGT6NgBYXLWhRFyqV8M+6ZtjsNkSH9Ej/hYpJVPZ57N1nhqexPPIjSkz1ZmVg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxc5G253klkL7a0lLKzWHe4zoZkOLnwFGoryERAP+swFCsWAnQZA3yUynlYnxxR+YV7Zhn2sKm+ArGHn7Rta/6B/+B+qb7xbanyRVrkrQ14oryoVD3/RIl7BDlCCtPA6ChBkZd26RXBkfi2kfShNYKdV/K</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-10-17T06:55:27.614Z" Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:50:27.611Z" NotOnOrAfter="2021-10-17T06:55:27.611Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-defcs.poc.hybrid.otc-service.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:50:27.254Z" SessionIndex="_c808013b64a0a9432ee50b56164385e0">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:50:27,620 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:50:27,620 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-10-17 06:50:27,621 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1c5b94690c27a600a60b0571e8efd765"
2021-10-17 06:50:27,621 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1c5b94690c27a600a60b0571e8efd765 and Element was [saml2p:Response: null]
2021-10-17 06:50:27,621 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1c5b94690c27a600a60b0571e8efd765"
2021-10-17 06:50:27,621 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1c5b94690c27a600a60b0571e8efd765 and Element was [saml2p:Response: null]
2021-10-17 06:50:27,623 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-10-17 06:50:27,623 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-defcs.poc.hybrid.otc-service.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-10-17 06:50:27,623 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-10-17 06:50:27,624 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-defcs.poc.hybrid.otc-service.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_1c5b94690c27a600a60b0571e8efd765"
    IssueInstant="2021-10-17T06:50:27.611Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_1c5b94690c27a600a60b0571e8efd765">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>nTCq31eOug3lFPcb02Yd7fXFw423jNpLs7QOSHFADA4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>LyKwjVTHBcQMQDBfLnq261ANWm4aMctgqUWjMDyGhgKGkO99lHfOBiPYkTz9OM4TUtzd444TYr2DWWvDxynsYbDUeO5HuYRCH/CbwV1Yj+qV1Wg97JOCiRm3CYDH6v+N8Tn9HkDFl5z2/CX7QraDLlHAmgCWrs41ybSGfOjMdLr2hyk7ZsPDHRZ5LgAqeMzHi0HTACOhTydDW2H5Nbw3g93eI8OAuz4t7YVI8+ir6DCHF3hQ0ZXBAG1EJNzsWipWPkmb96W3UzdTw0AY/hUewYbwGLy9XHieycVPfpilBZ2+msEe36TlAp5PmeM9Fk4T2U3JFeSLu0EcsdaqzIaAcw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7e63c442df454eec2fc406685eb7c4b5"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_3bf7d1ccc846cb9e7b251c8c172175af"
                    Recipient="https://iam.eu-defcs.poc.hybrid.otc-service.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>pj+/d8YYiNqzJZiTrHGGxZIMaYJrHbJXJEnFWuffYgQqJiyn4bdYaYphiM7Y+FooMR2OUK08OMv7m6y7Nv2Jg/1Z0x2PfFTpaZCPWb3vpgElgVpirTCZWfW57wlky9vq7/vNkk9SSyHUSBSteIAGLPW5Q9oh5NAhJOpa9QVv4ks=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>B56HkceyotKa0FAqZyQb7MzpZsoOq3MQRImFwyYJ/XuZLP1jVngSMOhENqdLY61t05rjf+ayBK80QAJe5mWNmip75yfnQr9WFGduPMYhJ9uv1N0KJi2rHNtzQKFOl2IvW01AUvn+S253KkKUrm7rUlBB1dWBv7c43VStZwKJWRGsekSncAT9bsfBOdOeYgbaXqh3H97X+kh3JSDgmVsNWzxbMyYgjiVmhHdAAuF2zE5PcelJ7qPPvI+bCxZujg31Qgl6NhWQNX602+Y/78NdZSiKEdvZ63hNlRoNTIlyvQjaoPB8p5R7oW2Vj1tB9AE1c7k6+rj55y10USi/fwPQiz1rCsfK69y2DvN+GKmo5cj2Nsb+ZQJiXLqnWKrzPsCU4kCkIJ4mXhoN7q217JUGQyE9/XzOsMtWC3BuRxea8s4Wf+F3JaBjDwho6hWm9sAqhLj+waYh4FUbEPoulqv4pkwKiODbKkkShIPs4tZTAjbKZsJhEeMlQ5ICpVZQ/4qHWECDCPcN9aNYsS2ouKyR/TRzXfdEnkENfUNfVwjVr45MiNbY1WJo1zJ7QP/6xGxX3rwtoJX/NQEoESTCvRuUQYU0n6pHMTvnSuja0te5rGBQsWnQ8ipOiWK1rALL7D3sFNj4zPur1bfYs1sC/95i0avRBrd5Q+idwayShpB7KsHXCDLTVMB3nPGpt1SxzHiq/+2Y6vvupfMgcUxYED6xnD352uwuJqRmRomVjjULbr34IT5Ee2ZQMyS5+jTOdhFN/SmW8WZszGa15dXNj2bRwqxP2f/qdf68vfLnKT0trUYOZTYQZg1z0iGIjmJwARTLCaKmu4aPozYcps8+efDp0nG8ijDpsz/G9q01lARkyFy2DKLi5Eo0bacau7nd9Dz19oE6IkeMe5wRGtR8R/HRKnAIKSLepN+jwPz1y8cVed5x0aGBJiUDIbphRepB83gEac7pNK2D8W0+esxkz5vKw4MdDDJShzJHZPH1OU+zQ1O4X/BCPe+9c5LgMY3U3wYMdenfL88KqN3s9m4D0YTsmo5lBaUdkKv2EvwZhAPVKkzqtVRLP4FiN+VG404hTUNaNdmmDcYyB3xJvZ7bn6PL5jaJlhdxHNObaaa6DLDUopgBR1DXvGyPnF6N2k6LsKS5l5ue2Be8WbtpQ3+fhXS/EvvLa8Z3lo0auTyer9mbhvYMNz7yKPtJb9RawOqMFaEZfmClupoK/DDc/evoe2QpYX0ejCZpECulhelY2MdE/BpaGh2oiSQvTlWMjnU/nZhcLW6EvrnlSGm/3N96Az9HGr++7VtZtqAUIHY8rp2OeqNgXV7HtgwKg6snoIDD7qJEm7oBOX7eJZ1zezx0RQvb1Je/Q7gOVs2VOV0cAIwJNuBp7z6D0em4+sRAJVU1SdUXRiCaKt02grq1HjA4zWxSkJ74/WrLOXMj/HBfEJN70U73fS8Cu23ZlTA1L6JLuG0RxDlrorez766zs9mN5i2/zg0JKfW2TFNFq36tI8Yvcc+FIxap2dT+pf4WFiamQi5fRHexz0+1aajT6NOdOw4e3/1RPvoHfrnJi5bGQz/iHQApecgCGmUfLeLnq9zmViNZrzkLFwvBXhSaotg7e71QA03rKMLY+VYljkfLW9R9NobeQKnQgIDQNwomMDia2esNISUoQ1asJwk0Nds0cBIN/vik7B5i2Y0H451ku9iSOuH5ntAd7IfeQEQMTSEQwz4VY3rPLmZMh1fLuiYu0Wo0wlGKAIu7WXQhfncK+QLrPd+gLcdguybasAgJgv6SvBBODn/GOnms/F6ZfFUQzeo4E2foHUoywzddRn8iZSw9QOuiBV/h3qItRp2b45K+uk31YQpn+6MyhK3CNPsx3qnMyiwwe4FvM68CANX+DnXX+q2pAPND10NgF1Fm8AUzO/lsIkj6NRnNstY/VksuVe01SB/G8rUcRqSxIkzViRMjVKZPV95ShzYv4mhTOhLYcxzcLQKoSm3Y0XAB796i2UOZhi7eIvFO9HfjXHBULRDVtFjilax42p0n2LpdZlTAG8ey0PEjkv1TpjuVq3KhM4NPJmgRRKOqUUzgBnKyGTuHDPrLuM1eu0h6JxDzMq9rDtV80L1Rtpqnv8EFVL+EpV3F0kH+yj+MhgtHgjI+Tt02qmXh/7NoNi9eVO1j0//KrS8cg6RK5LQRHP8tUhh/aWfW6LLjJsKpBM411S75eyv6F2YUfBjOEg794eAaenutkW6Fed0r5goAQQwZeP7xiSZveB6Su7Aqxb3vj9zj/7/YcE+ed7Au6A6VH0P/cE7NuLYCylMzEnTsRsBiM44DGTkfgBcG13nKDClTBIfVX/0m7bH8F8RlKbfIDVdIQiBZMjV0ftqrjNiWEqlIKVpHhPiQSdsR8DTR/9uUe6bIEPidNcEaYLdV4cLqPZaT+jaDFOw5jUSJoPxoor5lVeN2Q2+dN4Hv5EjgdqJvrY3Q65IE5ObweNMibZdsFrokVUV6+MHrXVluRGO1cgzmUB5QWJqFE6odnrQ9t6xJAYIJUkdM4O6sq89+tBdhp7KAPTzPi+clccLMAFAGZAQ+q0ucgl787Szu+2qTjkYPbdyx58/XNQwD+5sTPEZB70bpRbjrJyCdb4PV5P9iq3CuJsH6KrqaqK/Sfqhzg16gAfdYd3X8AWCxhJ/GuNi/FxnC/rlKnfsD/05LXAhB9orkJe+lO6KaTe4GHeTqTSoXRUcpDKDVXDJkTQMHzjWMusYypwZZMJ2Pbkd3M44rmjKeLnUWF9mcAGUgS/pcUHdMiHI9ULHkme+TkDDHDt6Kwpd6OYpHaX4x323ME9I4mET8LtemDwrqBeSVPfRmMJvP2BQdpXE+kMWPt7TNlT/4JAdtlisjApQ2JGOsjQ5Rjezt1WOXnpZQ6+YUt5qDg6vclmrbOGy/81inUYQYwYx6ZYbaTR0kxOLbErUBbSjfTwNZsRHX1w0XLmicOW/NDHbOJfIO4h+BXroRrKmaroin5KjEJcA1K06oAp55Uxlg0zn8Tzdknep3Zbc1AQxFnFR9PZLlbIZfHsG3gvOnh53UGEuEMSn0eqFHp+flow//hw5nMkaNlBbjHkGcIBymBmqqgu77Up5YKq5mqf70xE1a3xF/b+H9aaRSFC2DUrGtLLPxqlGkGcfSrPucGRI/KZgDAnEIHV//94OsyH10q6BG3TWcYDSPqYdZ4PpyJSULuQYNOlERLvGf9Bzt56rA6q4SHdS4ScEEaKNLZSPFPjpbqpZQ+Aps4FB2H1ybWthrUIxJlrSNXI5vfq3FD6/nREmADvyo/hmICiugfddYqXPSlJdjyfmqEGDNLiTpA7tGPYmv3vGEFBIS+YKMI5NoYsVKy4B4NdKdCyuhukyPS/TafwVwHenw4W2ZRma9LYtZeqpiuYX2J+7oWGTIIAr6B9UhXramG9y8Yj1OqrqYVUrDTZZ3zqszQ5LWohZ00WaB71EMrI49Fps/gVz6o/sO0Hwgg9GYCRNZmm5yZCLlJdjEQj+luNFN7jvcbD7sii+o1JI/sS1Fv3zqagAA+f4Vh4+QORx3uzFL0v9mfEfHQmvVBHtjHsSRHPa2ORW23PjM/XdYV1LP7/+NGGwjV9tP/78DHP74ZaeOF1AyVsOKWyU3AWnT/t2e6SgWx27isun40JHVWx8MQAPwAa3hXUS3NOCg93LYCnkUbVqs0MAfLMuBNWbTq/CcYcstco+BmPywWiRiCQQMrh/63V3FiUyMXnPe1Jc9wQDjfk8XxHL7Pep2hQaG1FDagVk5M/uG0vdWmaEXdpqvS/RVxXzCQsMBB/7Z0FWjuI5genu3jDP0spFM7iega6/KMpFCpZ9Zkl4ZALFBG03jYmWeJPQglyYYPf6Mf7I1vIk1uu6zYoJHv/6iK60q6S4jSuuOyanVUiYWyacU/Zyy9017Rvo2I8zHd683jSusYAjCmLOXsr/WNft4WNoPpU36ezS7B57/P+YL6UOy7FUvO4QanR1i36ADaEXEv6mdXyy4VZAFEXHkb0W6lHY0PQMpdOM9jB+HLg6mQS2riCLFN0m8xAdz54yF8tlzv6202YH7FVvsTY1sgpSl/QMI5aAZ7zIQ9jJFLCJWIWLX1hHtiCWXgPv92HSagDw/ke2KgZ8D8+6DJ4wewZHlLlEq5oKZA8tSwJgmUfmIj5OEvoQcf+Xvh1t7/cMKIN4DB3O/BtXLeJBNnX/+tq302rUFAZocnlfpk9i+5vfaMBPNIO0Sahf6gNObmhyB02AuJxT0Rg1m59T+mxtMEtjxYmxFfzT9qiWw+t7SfHqyDEdtmfIDvGhgkbKxezohVMyg7aG+coYZzRBXurZYqD/oFueG71zqQsnsuB8m3P9P0fhElPYze3UHzVRsgx5ts0+H5S/bRaaQG4VkAik3wMKUogf5snt6TDRD2la9a1BmmBfUNgXK6OVxZmRrGomn0ACYqE5wt/HdEOCrk6qHwHFd0aBfcxOFLhRS6+g8MPNpaVAnnJr7WWeyeISlSECtYd9cMhmSpshFRq3aijLTv6bgWWzi1La8Qx4BmLxOhE+GccsMn/+bPJV2Qklqx5X6Qfsag3WT0cPsY9Iftey9NnsYm1TvL96CrPXPMRm9pIW2kDHRCeggQkhH71Lk3Rw1xjmLBHtjV0s/nrVTCKKVDQw1pmWU2Tx4UcmjzctpwaAvNy8p8OP0LeNrb41e2EXwL9Fj06Lerw6GLPRMI6oCEHj/iANI9/W05Lw3XJmCHtjylbqdbuKG5051EgtV+vN5kBl9RdO3Onf8xZSaGPjSTr7J4c6AyV4kI6/ftI9giz9LdLJeBoAP5Z22afZlZp3G56NBdxtamE3N2uVvobUqVKZI0/uZc7orscrMQfGyGp6toh4MgGI6BBMwWI6Oo3FN0vOOSVa2dvkXTnCYd3A/2nHYTALngbSxHLjqZbKKhQJ3tZepybAH9kahkrt34rDUWEYbO5XqgDs+E6vF76yxUFUWz9Ha0eauSpWPy3/P55w4q3+xOUI+YX8NZ9OgIOLMXKJF5zYXwXIpq64hq7GCYKsSPR/5BaaiXpfr9I2xxmrKMzTqZDu4H0qlDNkcS9MAGDwB8hD4b+eq3K8gKYFmlU/bpcvpuMeLi695Eb160VmWQXMz1PIDT1jgUDxN2LGnJeq0yLBIFt/eRIipYM+tDEAwekifVplorQFHI2q4QamPL6csARaQOe5buub3PHZAlXL6cdJp2Z5mfsGT+huSEXGhrrNK/Jy+hCyxUpAckoXuQ5UUu7Uc1mTi2DgDWeE9ujPULO2nrlOjz/FAu8doMNtjKMDod4EZe+H+AAtwB5rVQ7xIK2OLvqLN7Bp4uNetE44CKiE4XmIWP8k3IhArZgtjvGxilo0ZrciCyisopVHkBQl1MrvX7SEONbY/UuJq95qRO2dAhyt0kHNYTI7cLnjto/H/yuxklYwQVWvIbfb1ixDpDtwhe2L7nueRDT/ighFw0tXZGJvYRHdTc7z9g3UuR5LwZwyt3MwCTuFOIbavnPkO1xjdlj6tidJOLJm8mTS2m0sazyjxRi4J0CPlkhsKA9ePc+OlTtGaeFYcjAQ66sMfo+oDGQghawPLIykmUFt7aTGOMqbdIRAUBoaeSYNRDeebm+gwj5fOlSYe8krgnrYq2tYgsdBaMqQwNRctJ26xnbhS7VT/inFEqWTIwPbE+w2QyXJnw9crEgXr46ixZrdh5afDrmI8nMhFCQzo0rY/PadU/DCyu59VjBZgN3EsZvmRXeCI27aDjszBRNJs7t45Bvd4KplP76QO0hYCpupdRD0dzRemOlLHsvsdOuQJmAzUFJw63I9X93/hdFXPvdtU206logahvPeNUSNJFRz/8lPVeNw76nl6j45j56cUTG8M4qhU8jSkTd4opEq6NRXfGoZH9RJSs9cH+srEIALmlW3Hdk++8gAl60lSqcg0f4io1iFhCP5cTIdRV0kBtI9v5TvY4vB4fzQRqbcQymRqn0Bf7o6nuJg6QwR76MasUztCsRGvOQI+zWtJBezOavU+VOm5HyMD8p95P1T3JB4l+0RfMWq512zPpLt0vHW6QUUTnzERYV+Amsg2gZdc5uctID+yt/nJ7qfNIX4CzEltdTgrZ0vf+VybSOZ9BpNqzMi0emYyz/dSW2C7ZyOS39u2ApGfd2y8t2kpupCP7tbGDXo2SZCZZni91MpN5qFjea63m1MsAYeqFrzx13W0QkEBu4Y/QP95afjmDYnAjbMh5bHwxeDdDOWQlXdppqo+aoRA0OvXzmUQiCAc7WkeFZsMyTmNuQK7CAGeWHFS1v9NoNhUHdoP43Ay2OXQY0IhcI6JsSS6Q46aWgOv40mmytDxOJcQhAX7LJlrogSiZQVCeruikvBAHxrVrj9K6jDd1E/7UmU2FRC440xfux9MS5WrdszTfUlgoIKQkCI/3XCGZLl370FC+X8kZ1cusH8on64cYCKg50q+CcyKYIE98vziedPwF7X2zYzOLK4YPcXY5CPe5MEeMyBwen/NTxoH2DNbPUhEEisG0aNAL/q4rYxM2+FxHYiS2xGPY8To55W47zQ2AS77X+/KQym2Ym75NPh0GQB1KJaanAEjbIwOVIxD8Ti+Ij/YZwAddeKZTPAE2+kafBZw/+Y4W0F1Ls0AJOiFf7046ExpOEuCcfld7isi0ITlC3RlhIFuY4n1XgUEn+0phZaxPFfTTR8AMKOml70so5CZDInFujpSy0/CXmkSPUGqk3Gp0V9FL4y4Xtqo65GGDXHYT7s57vrtuKTT/1C/hlVlZwGb4dbkUudbF+EV/eDkrbEuF15JzFGXp0XDCrEZyH7yKxUBKhbvGqX4EYCZzu2fl4ltifTk2+a3W3XtCQfkbdrVDVg1DYbGhpzvYFAWKU01dIcD8ITumEEMcYw30RYMi5Hkx4jn4G3saG+MlFzAt/2fDF9wwEFYtGLntBQxcnKMNC1h/rWumvzZQGPasEP68kBzMCIR47ADYNZLQXAGxdRKVgiBEY9PQaYsA+8jPLFSZUIyn2FbDwr2Y4u1CjBwS1HbL+AOYZETcfNMhL3nl/CsNsV4rytgYOzI79n29F7BVr3qkFHTTpOvViLhShqxShb2oslsdJW+gIxegPTUUKM8rwhnLBRRIoaBwllnYdV2s9qCVo1wEmHeoH67/DirauKyjR9dQOkmfx+CDyATZOvBuArTNBwuBoHcsgrhGA+9AMv6BIMIStwXT8rKakNd7CtFQ/IGE3YZOkFgbZojnufY2PHFgZkVUkESuRLkn0hJydYjo402DEq/NXUJ9g6SGVwNUbun+qcaLelBmnMlu4yoUJq5u8iUmnLLSVqpoAhfaCTOPTpSv/UzXRnwhbJV4Pq4RJt7Iz5bgTrx/c2IYW+CS192xuWUoe5MyYawaQlcfdmy1alJ/fWbypAiZ4ghKYaEXgp9eDPq4mdGrpsV/bcrPZthEyvVIfWDPjS271Y8eRr2mWMYY6YBm01gaHEZjo/R3oKi3uGCGRmtIBAcUv1oGTJyuydzti23kqbKZVuTrLnQUZYMkC5Lrsh45pHHyZlNr2JFoANhuJ/JzR+I6FJxGHct4XbnFEazrQjFIZqsr0IT5EtMMXZMYNAwEtPU4Eq8dUzIRFMRx/x6nntHBegBChjHWYnM+pAlzatQUKtB2GQEAybD9v52mfvgNDigW3qrt0lG0NVZTaTjTHaBDvGd/9Hwu7m9TYKVo1Eer5esMYyWH+eXyMEr/EdGzPjHhaTj+XQX69H+cU+Aj2TSrSfJHCb4KHLtvt3RdWoTeFfAyiZYCQ5MyiWXU3I3OcjwzWPt7hDf2O9y8PKhGJwFarLvoAAyBw1wszV9IdJffoo4KxdSX87v4am27kNJ7r1Ue3N72kqhMFfVqUTprkLSyy8/Q3vgRAyNyEQ5EoEKl++wnh1xiJVowzxqCqSgDtHn42keIWuFPoLa3yDQ6T6q2uhxw6u9ASDsbTuYk7Y7RzzsHph5ZUU41mItxh2PqCVThtEU60NHNES3/YBFcM58RSdDNBekhaOL+jFe9DUQ3PGKle0Pl4IyZ9qXVbS6DbCcfO42TyU9N/P1gfBz780qPjLJ/pxyOH9EVpxjSWf6rVa++3ZIUkTzsGoh2BzXdViTZX/bH021khPDHd2Vpyi5sE/1HzTPLTAGe5ZMOz+wFSpbfCdjF4i/ro35kSZoERFRFHLtJ/F/jzN7WhukuV6919Zb8KzgExTl6mzw3t8/Gepp9aAFahS6ujmr2EWjriF7shqVWYYsy8Opk/fFlf9p5MMi43ADDhjuFfwYzbeaSw9ChmDHwrt/wzLbv71jQC/wOyy3EZ7ciLuQL3+Qi4sm6yQxQQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-10-17 06:50:27,625 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-10-17 06:50:27,625 - INFO [Shibboleth-Audit.SSO:?] - 20211017T065027Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_1a401ec8-0078-4a1c-8b43-49c5559fe0fd|https://iam.eu-defcs.poc.hybrid.otc-service.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1c5b94690c27a600a60b0571e8efd765|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxc5G253klkL7a0lLKzWHe4zoZkOLnwFGoryERAP+swFCsWAnQZA3yUynlYnxxR+YV7Zhn2sKm+ArGHn7Rta/6B/+B+qb7xbanyRVrkrQ14oryoVD3/RIl7BDlCCtPA6ChBkZd26RXBkfi2kfShNYKdV/K|_2f6309f6acf83bf822e8025b7c901a41|
2021-10-17 06:55:21,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:55:21,114 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: Shibboleth Authentication Request message did not contain the providerId query parameter.
	at net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder.getEntityId(BaseIdPInitiatedSSORequestMessageDecoder.java:128)
2021-10-17 06:55:21,115 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2021-10-17 06:55:21,115 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:56:17,237 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:56:17,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:56:17,238 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://localhost:44302/signin-saml, acsURL=null, relayState=null, time=2021-10-17T06:56:17.237Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_32a7c24a-b39a-4026-ac0f-d7ea633ba689"
    IssueInstant="2021-10-17T06:56:17.237Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:44302/signin-saml</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:56:17,238 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:56:17,248 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://localhost:44302/signin-saml]
2021-10-17 06:56:17,248 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-10-17 06:56:17,248 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://localhost:44302/signin-saml in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:56:17,250 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:56:17,250 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:44302/signin-saml
2021-10-17 06:56:17,250 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://localhost:44302/signin-saml)
2021-10-17 06:56:17,251 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:56:17,251 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:56:27,533 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:56:27,533 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:56:27,533 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://localhost:44302/, acsURL=null, relayState=null, time=2021-10-17T06:56:27.533Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_ce4b3a05-1aa5-4cf1-8fdd-3f3fb4928407"
    IssueInstant="2021-10-17T06:56:27.533Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:44302/</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:56:27,533 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:56:27,542 - WARN [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Metadata with ID 'https://localhost:44302/' currently live is expired or otherwise invalid
2021-10-17 06:56:27,542 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://localhost:44302/' from origin source
2021-10-17 06:56:27,542 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://localhost:44302/]
2021-10-17 06:56:27,542 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-10-17 06:56:27,542 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://localhost:44302/ in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:56:27,542 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:56:27,542 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:44302/
2021-10-17 06:56:27,543 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://localhost:44302/)
2021-10-17 06:56:27,543 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:56:27,543 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:56:47,184 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-10-17 06:56:47,184 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-10-17 06:56:47,184 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://localhost:44302/saml2-signin, acsURL=null, relayState=null, time=2021-10-17T06:56:47.184Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_44399660-d9f0-4ccf-bf12-72a6c6882dbb"
    IssueInstant="2021-10-17T06:56:47.184Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:44302/saml2-signin</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-10-17 06:56:47,184 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-10-17 06:56:47,191 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:?] - Metadata Resolver FilesystemMetadataResolver SAMLtest: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://localhost:44302/saml2-signin]
2021-10-17 06:56:47,191 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved no EntityDescriptors via underlying MetadataResolver, returning empty collection
2021-10-17 06:56:47,191 - INFO [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  No metadata returned for https://localhost:44302/saml2-signin in role {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor with protocol urn:oasis:names:tc:SAML:2.0:protocol
2021-10-17 06:56:47,192 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No metadata context found, nothing to do
2021-10-17 06:56:47,193 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:44302/saml2-signin
2021-10-17 06:56:47,193 - WARN [net.shibboleth.idp.profile.impl.SelectProfileConfiguration:?] - Profile Action SelectProfileConfiguration: Profile http://shibboleth.net/ns/profiles/saml2/sso/browser is not available for RP configuration shibboleth.UnverifiedRelyingParty (RPID https://localhost:44302/saml2-signin)
2021-10-17 06:56:47,194 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: InvalidProfileConfiguration
2021-10-17 06:56:47,194 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-10-17 06:57:26,379 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:57:26,380 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb" IsPassive="false"
            IssueInstant="2021-10-17T06:57:25.686Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otctest.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>oJAO/gt5hYI1kcxpRyiB2pKd3N0=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>H1rEtG+Lhls8XRANyRDW0r5R/RIOPFq/bxU0iQcd6tyLItrFtGrJQioK42EsewIqclzRAa3DCTIwny3W3Po2jOD7LerAchFIRrNB7lVYdiBHu9tEYOR8QjJcCZIzhj0J5tM10Rgi5bvY9bYzPy9J4/20FgaQcxEREj5fyy1xEEsU9VYDjSTmSFoNcccgFSEhkB5t5rxgv2vDQtOgblGNWU7ToPsS6wAFbG0UODx11XiHgXx5mAoLCnDC78LH7JAvL3/ZgeNe4FyjxCWBKWQJefAjIhS9UZPULc4ZoHcQTIqmrh7NHxFHMX/6447i9GBEy2wSQj6tw+2VQL1fBvLwBcUUrkBImLUbPB1ECSUJ/5EVx5ZwjDy3+h4R0aNOq0BZ0o0FV2jU0U+RkUGC73WflcriqlBgHihYSG2Xkm58Ztza1gev8n8LIzx2Ux9s0o0V/tKLkofW5abBhfJKfc27yvhDQDy+6eGDgxCKnWzoW7e9Ogec6ke2xsjzbssMCi43AeQj/sjz/V29FfBkxd5JANN0ToPwKwkhDkt3flPul2LwItM4eTgu1ujvq+bbPkbuH2fhq5mfy3SgrTwl0o2fiYSI/E2KAJq7T9dmV5+2eMzZtFpXGfgRvZ0q6KHu9d5zrcp0u/RV3f215reYCOvyLJJf6fWjYrX74+HJ8sG2qRc=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIF2TCCA8GgAwIBAgIEMALy4jANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVt
cyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lUIERpdmlzaW9uMSMwIQYDVQQDExphdXRo
Lm90Y3Rlc3QudC1zeXN0ZW1zLmNvbTAeFw0xNzEwMzAxMDI1MTNaFw0yNzEwMjgxMDI1MTNaMIGc
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFp
bjElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2
aXNpb24xIzAhBgNVBAMTGmF1dGgub3RjdGVzdC50LXN5c3RlbXMuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAiP/plDoyfhL71EusJ5OW2z9kPRLgtTrESIVJZX7lxAciSOTpHO5e
73wv0sufXOj3WK+rN044qQd7NyXPzr7+r1xaIqtWmmj5VWr8/GDQSu/cNQMBNzrzR3kaJOI0b/PI
bJjinRjAGGH6ubHN5IDZUGmTVwBBQrX6s1uhaidi4izUdJw3DjRsdQ+CvNrZH/ptUsjbZvsMXOHv
Hp4f9RItjQsQ6XJiVgI7Y3WlU7ydlJVLMvDF4HjF2aKLryabSXQH3T33DwERW70UTn8ibXP1fKCM
0m6orEffBMsqIUaaNiL2X6tU52Ohev7y590mnbGBv5r2JVKMCXldS23aXXbgpwWfqTRYMKlGCMPT
O2kf//GBHwU0+AdBYouRfIqX5hpX4aD8rH1b5N/UsW3YgptRJ2ifTcODcxi9dnKGPUXZ3EijOGP+
fAwpeNOkGfDLh1rPH/7DRsYhVnHXkVAcLVzoIyhIKw3owcsBSPG6dKjSn3Y6+InN5QkVrNJJeJuy
O1dixR5PzLJZ3xzYp84CsvivVbiYQUAA25yqVUAJeP+UVw2gZf0wKNMPWlcS7W6bAR9ccP1VEn4w
riA53ceeQGYncp3Waqq2XhpVUAAD4l4Z7J192rFCRJQ55MeaKDCpZqF624GhmKnhN5AB/3uu1VVN
VML1BHmpW1zOH8T81QNWp2UCAwEAAaMhMB8wHQYDVR0OBBYEFG9rJ9jCauVzkB86t3Ygp06vqptr
MA0GCSqGSIb3DQEBCwUAA4ICAQAndBou9ZppyXFwaW+dZ4MwIVqpXMzBDfecfoHtdvzJAHmXKO1g
/ZM5s+qOt/CFy90Qkj+S+4Od2x3ef8XzARzY/1W7nGkEOWYfs8+N5HLMI66m9mzVnN8WQx15Wfkg
75REb3bCL1KjespFKlYGi5p2lVfGvVxZ0mBs06sZilGlnT7aatWAwMWFn7yhktE8bpuTSGkSzfVj
LEVTATQw6Lvjc8EfnHEoj4rmaR4w+uVjxSfnfcIyL/Z3tht5wqYnuL5fooaZEP8XKInyBT5is/IA
VkTEozrYNooM7n8Fj7R7PD2p8ecw78nu62UEY3NQaoMyu3vr84Fg4yNv9G66Oi5PwXFAlVDMfms9
gawz5kqoiEEWupBytg08ok/1mseqzUCDRwG/DC/tG7Xf+PBVDNXHYuG1CiaRw5HGC1r0vnZgHPwp
ipvz2EigNJyJVI4LUjLn8bsWkB+YWRF/bQGtvOjA6KwNNHCmjm8OUVzYG4IRqHYs58fMCguOXdV6
RGwO4Wc/fqiKaeczgad4JKDB6BqVuo82+GWtl/1TQ6Kug5MbHiWZ50v9oxF/fBwwEYnTqu/5r6GQ
jbaXMBsEXcv7xiewSJOQkg7UUXhgEE8fDl8CL8k1bgLDr7Fs1ZrVaS8uBUCx52InKXrdFwMSa2bX
ys/8r8pohSInId/RNObb8bcD+Q==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otctest.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-10-17 06:57:26,386 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otctest.t-systems.com' from origin source
2021-10-17 06:57:26,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:57:26,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:57:26,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:57:26,386 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:57:26,386 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-10-17 06:57:26,386 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-10-17 06:57:26,386 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-10-17 06:57:26,387 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otctest.t-systems.com
2021-10-17 06:57:26,387 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:57:26,387 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:57:26,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-10-17 06:57:26,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:57:26,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-10-17 06:57:26,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb', issue instant '2021-10-17T06:57:25.686Z', entityID 'https://iam.eu-de.otctest.t-systems.com'
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otctest.t-systems.com' does not require AuthnRequests to be signed
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otctest.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otctest.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-10-17 06:57:26,388 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:57:26,388 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-10-17 06:57:26,388 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-10-17 06:57:26,388 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-10-17 06:57:26,388 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 558909841602715300853386431854256443582788191008825420675229761154683371758531971314168116589305799189542636640769238391788496151983865308912511899302135693073548611588716587861337563495871385604985361331701068928003959762896224193776379955968899997745116500971634996008058773081067392649583956488496520904383960474482950406873759803679074608903027366105911426638306915948276332938791715312029635185243678997045596357233924095288029129896693277017385386712444938742497620968863383210766704204611514541932410400196822984132046043121403024403284685084374310151354609578649256252424587289717881285068512824112696686851030244835582845824694723812822409283822050926334669269216118808292983784744157424372506712070880900544808423423944800415908126689702555365281418033366879992673487698840550668699161183649233395652798929497077523285038863927724189224577753885192595486614080320977593681256275737088929131087687948049111350769906242902003698697402638404033013917935980946640135769278536738613242267222159112907239446742140237473765218295502979562882475411534565836393655870785924761164526112155615310450228349783601285276809848076157830247476710442674795839837415004279427216801877250611158202095975120888227576878835465006286654844348261
  public exponent: 65537
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb"
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ca8b5gbu2r09derxmrg85cfyli8a5d86thsb and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb"
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ca8b5gbu2r09derxmrg85cfyli8a5d86thsb and Element was [saml2p:AuthnRequest: null]
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb"
2021-10-17 06:57:26,389 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otctest.t-systems.com
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-10-17 06:57:26,389 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-10-17 06:57:26,390 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-10-17 06:57:26,390 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-10-17 06:57:26,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-10-17 06:57:26,390 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:57:26,391 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-10-17 06:57:26,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-10-17 06:57:26,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-10-17 06:57:26,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-10-17 06:57:26,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-10-17 06:57:26,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otctest.t-systems.com
2021-10-17 06:57:26,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-10-17 06:57:26,391 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:57:26,391 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-10-17 06:57:26,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-10-17 06:57:26,395 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-10-17 06:57:26,395 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-10-17 06:57:26,395 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-10-17 06:57:26,396 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-10-17T06:57:26.396Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-10-17 06:57:26,396 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-10-17 06:57:26,396 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-10-17 06:57:26,396 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-10-17 06:57:26,396 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-10-17 06:57:26,397 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@62282097::identifier=rick, context=org.apache.velocity.VelocityContext@107ba6c3]
2021-10-17 06:57:26,398 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@62282097::identifier=rick, context=org.apache.velocity.VelocityContext@107ba6c3]
2021-10-17 06:57:26,399 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-10-17 06:57:26,399 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-10-17 06:57:26,399 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-10-17 06:57:26,399 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-10-17 06:57:26,399 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-10-17 06:57:26,399 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-10-17 06:57:26,400 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-10-17 06:57:26,400 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 662159b07136db789d40ced92dd246d9580f190658d78739b4b52af2d4bd98cc for principal rick
2021-10-17 06:57:26,400 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 662159b07136db789d40ced92dd246d9580f190658d78739b4b52af2d4bd98cc
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-10-17 06:57:26,401 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-10-17 06:57:26,402 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-10-17 06:57:26,403 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-10-17 06:57:26,404 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _40500921aafe95793ea0ac86ca88f3a7
2021-10-17 06:57:26,404 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _40500921aafe95793ea0ac86ca88f3a7 to Response _81b02bc5fbf6b5b081ccaf450dc880a8
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _40500921aafe95793ea0ac86ca88f3a7
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-10-17 06:57:26,404 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-10-17 06:57:26,405 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-10-17 06:57:26,405 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:57:26,405 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:57:26,405 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxGg1FAN0OxpLHp2t9A/8Jd9aELKHEzT1xqpoeVYexbi7BhldAJmFG9cm/Uwz6fRKnHR/ic7tA/OPBBMPvXibJZKTnEc7ljAFuu6MqeOr8rOA5b7yfgdCeee/XI4E+XsWvrh/ci7hQeedOlw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _ca8b5gbu2r09derxmrg85cfyli8a5d86thsb
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _40500921aafe95793ea0ac86ca88f3a7
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _40500921aafe95793ea0ac86ca88f3a7 did not already contain Conditions, one was added
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-10-17T07:02:26.402Z, to Assertion _40500921aafe95793ea0ac86ca88f3a7
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _40500921aafe95793ea0ac86ca88f3a7 already contained Conditions, nothing was done
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _40500921aafe95793ea0ac86ca88f3a7 already contained Conditions, nothing was done
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otctest.t-systems.com as an Audience of the AudienceRestriction
2021-10-17 06:57:26,406 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _40500921aafe95793ea0ac86ca88f3a7
2021-10-17 06:57:26,407 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _40500921aafe95793ea0ac86ca88f3a7 did not already contain Advice, one was added
2021-10-17 06:57:26,410 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otctest.t-systems.com to existing session 662159b07136db789d40ced92dd246d9580f190658d78739b4b52af2d4bd98cc
2021-10-17 06:57:26,410 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otctest.t-systems.com in session 662159b07136db789d40ced92dd246d9580f190658d78739b4b52af2d4bd98cc
2021-10-17 06:57:26,410 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-10-17 06:57:26,410 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otctest.t-systems.com and key AAdzZWNyZXQxGg1FAN0OxpLHp2t9A/8Jd9aELKHEzT1xqpoeVYexbi7BhldAJmFG9cm/Uwz6fRKnHR/ic7tA/OPBBMPvXibJZKTnEc7ljAFuu6MqeOr8rOA5b7yfgdCeee/XI4E+XsWvrh/ci7hQeedOlw==
2021-10-17 06:57:26,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-10-17 06:57:26,411 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-10-17 06:57:26,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_40500921aafe95793ea0ac86ca88f3a7"
2021-10-17 06:57:26,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _40500921aafe95793ea0ac86ca88f3a7 and Element was [saml2:Assertion: null]
2021-10-17 06:57:26,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_40500921aafe95793ea0ac86ca88f3a7"
2021-10-17 06:57:26,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _40500921aafe95793ea0ac86ca88f3a7 and Element was [saml2:Assertion: null]
2021-10-17 06:57:26,421 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_81b02bc5fbf6b5b081ccaf450dc880a8"
    InResponseTo="_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb"
    IssueInstant="2021-10-17T06:57:26.402Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_40500921aafe95793ea0ac86ca88f3a7"
        IssueInstant="2021-10-17T06:57:26.402Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_40500921aafe95793ea0ac86ca88f3a7">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>02lz60vfxAW8wA6OZc+MiFvsuZpZt4CxoTwp90qa28s=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>LS0k0aTMMOqn+4hYLGscRjqp8GZLjfMh6+K8cxm7Tv1J+OEKqQQHMYwJygsyuC+unkXi3T25LxP/JOSO8xr2Tu7Vao9DC7BVpczcogAxhUoVRUvkj1ASo999f/p3clrxCgPK8Vs+idlVlOF+QICU86K5zr6Rs4VB3QL4VxkMBF9YU8803RN15QIXeDDrFb85bywrrJQ3Te1hzDy96fvZ3IqXHHwhCkTmbXTLyVz/dr04Vs649yP5JvttxfG9a4q8WqO8OBeGiaTcunkbNuFmeKGzRfEPLFJOF6acX34ewAmkJcmNa3KrbntsFgqFwrkjKuf89TxtdBCKjnYhnyNIXA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otctest.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxGg1FAN0OxpLHp2t9A/8Jd9aELKHEzT1xqpoeVYexbi7BhldAJmFG9cm/Uwz6fRKnHR/ic7tA/OPBBMPvXibJZKTnEc7ljAFuu6MqeOr8rOA5b7yfgdCeee/XI4E+XsWvrh/ci7hQeedOlw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb"
                    NotOnOrAfter="2021-10-17T07:02:26.406Z" Recipient="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-10-17T06:57:26.402Z" NotOnOrAfter="2021-10-17T07:02:26.402Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otctest.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">G1HblKpcowUujSh+srjEjG+Jg8bfc368jmDeAEu4j/Y=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-10-17T06:57:26.399Z" SessionIndex="_841762d1cb1afb2151458c221fd79bba">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-10-17 06:57:26,423 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:57:26,423 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-10-17 06:57:26,423 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_81b02bc5fbf6b5b081ccaf450dc880a8"
2021-10-17 06:57:26,423 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _81b02bc5fbf6b5b081ccaf450dc880a8 and Element was [saml2p:Response: null]
2021-10-17 06:57:26,423 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_81b02bc5fbf6b5b081ccaf450dc880a8"
2021-10-17 06:57:26,423 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _81b02bc5fbf6b5b081ccaf450dc880a8 and Element was [saml2p:Response: null]
2021-10-17 06:57:26,428 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-10-17 06:57:26,430 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">G1HblKpcowUujSh+srjEjG+Jg8bfc368jmDeAEu4j/Y=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otctest.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_81b02bc5fbf6b5b081ccaf450dc880a8"
            InResponseTo="_ca8b5gbu2r09derxmrg85cfyli8a5d86thsb"
            IssueInstant="2021-10-17T06:57:26.402Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_81b02bc5fbf6b5b081ccaf450dc880a8">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>2+CD0QrNFzbUhBUwVrHrnjIude8drn4YB4k46AHVRqs=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>nHxKUwYbrpBeqNaWbGcVTTuTl237CqWzr1/7GW1TyBKLxGFzKXFVTtwvUz9UxyBULWzzx8qeiOf6Oaiyuoii5uxek30Tl5b6Gd+az1gqZ3IIOupRB3eUzZgsHy4WkGJOb9vxeyfBuBQ79YVf3bOv3DnlsMsZhrn7CaMMutcXI0L5X8pA4o2vSdgXQmyQHV5JUsgkTnedUnz+54Y2d0dDXXEriRRBTDCpUsn5yIuj19ujg0BZRZCj1CveTKoEXNTqFSPTZk5uRpRBzLpmzayKc9OVdfVvA1fPWw8e1+Lhsi3pu7pf1CLl1Q/4yotwd10tLJhWrKk5907SXWSkTcwnVw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_32958b0ad201309e855b6f5487149a72"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_9d88796d037dfb0d7982ed5987f811db"
                            Recipient="https://iam.eu-de.otctest.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIF2TCCA8GgAwIBAgIEMALy4jANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCREUxDzANBgNV
BAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVt
cyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lUIERpdmlzaW9uMSMwIQYDVQQDExphdXRo
Lm90Y3Rlc3QudC1zeXN0ZW1zLmNvbTAeFw0xNzEwMzAxMDI1MTNaFw0yNzEwMjgxMDI1MTNaMIGc
MQswCQYDVQQGEwJERTEPMA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFp
bjElMCMGA1UEChMcVC1TeXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2
aXNpb24xIzAhBgNVBAMTGmF1dGgub3RjdGVzdC50LXN5c3RlbXMuY29tMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAiP/plDoyfhL71EusJ5OW2z9kPRLgtTrESIVJZX7lxAciSOTpHO5e
73wv0sufXOj3WK+rN044qQd7NyXPzr7+r1xaIqtWmmj5VWr8/GDQSu/cNQMBNzrzR3kaJOI0b/PI
bJjinRjAGGH6ubHN5IDZUGmTVwBBQrX6s1uhaidi4izUdJw3DjRsdQ+CvNrZH/ptUsjbZvsMXOHv
Hp4f9RItjQsQ6XJiVgI7Y3WlU7ydlJVLMvDF4HjF2aKLryabSXQH3T33DwERW70UTn8ibXP1fKCM
0m6orEffBMsqIUaaNiL2X6tU52Ohev7y590mnbGBv5r2JVKMCXldS23aXXbgpwWfqTRYMKlGCMPT
O2kf//GBHwU0+AdBYouRfIqX5hpX4aD8rH1b5N/UsW3YgptRJ2ifTcODcxi9dnKGPUXZ3EijOGP+
fAwpeNOkGfDLh1rPH/7DRsYhVnHXkVAcLVzoIyhIKw3owcsBSPG6dKjSn3Y6+InN5QkVrNJJeJuy
O1dixR5PzLJZ3xzYp84CsvivVbiYQUAA25yqVUAJeP+UVw2gZf0wKNMPWlcS7W6bAR9ccP1VEn4w
riA53ceeQGYncp3Waqq2XhpVUAAD4l4Z7J192rFCRJQ55MeaKDCpZqF624GhmKnhN5AB/3uu1VVN
VML1BHmpW1zOH8T81QNWp2UCAwEAAaMhMB8wHQYDVR0OBBYEFG9rJ9jCauVzkB86t3Ygp06vqptr
MA0GCSqGSIb3DQEBCwUAA4ICAQAndBou9ZppyXFwaW+dZ4MwIVqpXMzBDfecfoHtdvzJAHmXKO1g
/ZM5s+qOt/CFy90Qkj+S+4Od2x3ef8XzARzY/1W7nGkEOWYfs8+N5HLMI66m9mzVnN8WQx15Wfkg
75REb3bCL1KjespFKlYGi5p2lVfGvVxZ0mBs06sZilGlnT7aatWAwMWFn7yhktE8bpuTSGkSzfVj
LEVTATQw6Lvjc8EfnHEoj4rmaR4w+uVjxSfnfcIyL/Z3tht5wqYnuL5fooaZEP8XKInyBT5is/IA
VkTEozrYNooM7n8Fj7R7PD2p8ecw78nu62UEY3NQaoMyu3vr84Fg4yNv9G66Oi5PwXFAlVDMfms9
gawz5kqoiEEWupBytg08ok/1mseqzUCDRwG/DC/tG7Xf+PBVDNXHYuG1CiaRw5HGC1r0vnZgHPwp
ipvz2EigNJyJVI4LUjLn8bsWkB+YWRF/bQGtvOjA6KwNNHCmjm8OUVzYG4IRqHYs58fMCguOXdV6
RGwO4Wc/fqiKaeczgad4JKDB6BqVuo82+GWtl/1TQ6Kug5MbHiWZ50v9oxF/fBwwEYnTqu/5r6GQ
jbaXMBsEXcv7xiewSJOQkg7UUXhgEE8fDl8CL8k1bgLDr7Fs1ZrVaS8uBUCx52InKXrdFwMSa2bX
ys/8r8pohSInId/RNObb8bcD+Q==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>aCUDsNHKUQcMVIpUpbJW8b7tcOAyc/VlNGfZYFCxS63W202/OTSPmf6bT5znhtGYp5x0Nt0v/OtxRyHg18akU0T1kqVGU0Rd8aaLWi1u9kUxGEee2dKhJxxoG18C+fWL4htbzv7SPvy7Pqhp4jT1F4Hwup99ym0c/MS3h5iQAl5ot7ZUOUsUPIQV2eQFQOJLyc9zogaZp4m4+HLMq/V08Hmn/RRG/O/B54oEhaN7na6n1rCLT4fdqLSA5QDsANt/LP23NQFjw/sQlOwBZ4s4106nw6iEpYhbDQwLMy0ZnWS6+0oDAxIEQc55+bcYQ+udsy35DilGLksJtiw0bUJ+wzT1wyGeGizQMcBJZN/uc+d02wFkdp2nh41kT39Eye3TI9+xOxZkzInh4lS80TLYYMYDYoQR5s/xaiqaPqxNLVfnm5+RA7R2fYxIYbptMaQo0ITC6hg1oYWBgI+Wjkw1DsWsHUhOkkCEl7cxmDyhZp9FP7u3xHBXHTIJVt0EppYEWyHbmz1Tw95AwBg8f5WpYO1nvygdRO+vL/nZcAauEPPmoFxIZrB6gA3CE0PL3ZcO31SqONzEkSIuDI++B0+eQRJECOyCjN00lE+ivGOseGbajX7fIoo7qWRQzlrwCQAu8YDI+n06sHwyXqdltZhIxj15vAMVa9cUytX0/Cru3rU=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData